Normalize API key display formatting

[IlyaasK]

Summary

Normalizes API-key human-output formatting by mapping generated SDK responses into a small display model before rendering tables.

What changed

• Adds an internal apiKeyDisplay model for API-key human output.
• Routes create/list/get human rendering through newAPIKeyDisplay / newCreatedAPIKeyDisplay.
• Keeps generated SDK JSON.*.Valid() presence checks inside the display mapper instead of scattering them through table rendering.
• Preserves JSON output paths exactly; --output json still prints the raw SDK response.
• Adds focused tests for project-scoped display values and nullable/fallback display behavior.

Why

The API-key CLI originally rendered directly from generated SDK models. That worked, but it leaked SDK presence metadata into render helpers. This keeps the command behavior unchanged while making the human-output boundary clearer: SDK object in, plain display strings out.

Verification

Automated checks:

• env GOCACHE=/private/tmp/kernel-cli-go-cache go test ./pkg/util
• env GOCACHE=/private/tmp/kernel-cli-go-cache go test ./cmd -run 'TestAPIKey|TestProjects(List|Get|Limits)|TestBrowsers(Create_WithInvalidViewport|ParseUploadFileMappingRejectsBadMapping|ComputerPressKeyRequiresKeys)'
• make test
• make build

Localhost smoke against http://localhost:3001:

• auth status succeeded.
• app list --output json succeeded.
• api-keys list --output json succeeded.
• Org-wide API-key lifecycle passed: create, get, update, list, delete, then post-delete not-found confirmation.
• Project-scoped API-key lifecycle passed against an existing local project: create with --project-id, get, update, delete, then post-delete not-found confirmation.
• projects list, projects get --output json, and projects limits get --output json succeeded.
• Browser lifecycle passed: create, get, delete, then --include-deleted confirmation.

Production smoke against https://api.onkernel.com:

• auth status succeeded.
• app list --output json succeeded.
• projects list --output json succeeded.
• projects get --output json succeeded against an existing production project.
• projects limits get --output json succeeded against that project.
• api-keys list --output json succeeded.
• Org-wide API-key lifecycle passed with a short-lived disposable key: create, get, update, list, delete, then post-delete not-found confirmation.
• Project-scoped API-key lifecycle passed with a short-lived disposable key: create with --project-id, get, update, delete, then post-delete not-found confirmation.
• Browser lifecycle passed with a short-lived session: create, get, delete, then --include-deleted confirmation.

Endpoint-misconfiguration smoke:

• Verified KERNEL_BASE_URL=https://dashboard.onkernel.com now reports a contextual API-base error instead of leaking an SDK HTML/JSON decode error.

Autoreview:

• python3 /Users/ilyaas/.codex/skills/autoreview/scripts/autoreview --mode branch --base origin/main
• result: autoreview clean: no accepted/actionable findings reported

---

Note

Medium Risk
Large cross-command behavior change (errors now propagate instead of silent success) could affect scripts and exit codes; changes are mostly UX with no core auth logic rewrites.

Overview
This PR broadens CLI polish beyond API keys: it standardizes how commands validate flags, surface failures, and render human output.

API keys now map SDK models through an internal apiKeyDisplay layer so list/create/get tables use consistent scope, project, expiry, and creator strings (including SDK JSON.*.Valid() fallbacks). JSON paths are unchanged.

Shared pkg/util helpers centralize messages for required flags/args, mutually exclusive options, invalid enums, and not-found cases (with suggested list commands). CleanedUpSdkError adds guidance when the API returns HTML (e.g. dashboard base URL). JSON helpers treat nil pages/slices as [], and AddSkipConfirmFlag replaces duplicated -y wiring.

Across cmd/* (apps, browsers, deploy, auth, credentials, extensions, invoke, profiles, projects, proxies, status, etc.), many paths that previously printed with pterm and returned nil now return actionable errors; list/history JSON uses the new pagination helpers; delete commands share skip-confirm; and tests assert the new copy.

^{Reviewed by Cursor Bugbot for commit 2f60cd7. Bugbot is set up for automated code reviews on this repo. Configure here.}

[firetiger-agent]

Monitoring Plan: CLI API Key Display Refactor

What this PR does: Refactors internal CLI rendering code for the api-keys commands to consolidate formatting into a shared display struct — housekeeping with no user-visible output change.

Intended effect:

• kernel api-keys list/get/create output: no production telemetry signal exists for CLI command output; confirmed by test suite pass (two new unit tests covering populated and absent optional fields) and absence of user-reported regressions post-release.

Risks:

• Swapped display field — if a field mapping (e.g., ID vs Name) was accidentally transposed in the new struct, alert if any user reports scrambled column output from kernel api-keys list or kernel api-keys get.
• Optional-field fallback regression — CreatedBy, ExpiresAt, Project could render as empty strings instead of "-" / "Never"; alert if TestAPIKeyDisplayFallsBackForAbsentOptionalFields fails in CI or users report blank fields.
• Build breakage — renamed unexported helpers (apiKeyProject, apiKeyScope, etc.) could cause compile errors; alert if CLI release build fails.

Status updates will be posted automatically on this PR as monitoring progresses.

View monitor