[Repo Assist] refactor(auth): move generateRandomAPIKey to internal/auth package

[github-actions]

🤖 This pull request was created by Repo Assist, an automated AI assistant.

Summary

Moves generateRandomAPIKey from internal/cmd/root.go to internal/auth/ as the exported GenerateRandomAPIKey function. API key generation is an authentication concern; the internal/auth package is the natural home.

Changes

• internal/auth/apikey.go — new file with GenerateRandomAPIKey() function
• internal/auth/apikey_test.go — test migrated from cmd/root_test.go
• internal/cmd/root.go — call site updated to auth.GenerateRandomAPIKey(); crypto/rand and encoding/hex imports removed
• internal/cmd/root_test.go — TestGenerateRandomAPIKey removed (now lives in auth package)

Motivation

• Aligns the function's location with its semantic purpose (authentication)
• Removes two low-level stdlib imports (crypto/rand, encoding/hex) from the CLI entry-point package
• Makes GenerateRandomAPIKey reusable by any package that imports internal/auth

Test Status

⚠️ Infrastructure limitation: The CI environment has Go 1.24.13 locally but go.mod requires Go 1.25.0, and the toolchain download is blocked by the network firewall. make agent-finished could not complete. The changes are syntactically verified by code review:

• Correct import paths, correct exported name, existing test logic preserved verbatim
• No functional changes to the gateway's behaviour

Tests will run normally in the GitHub Actions CI environment where Go 1.25.0 is available.

Generated by Repo Assist · ◷

To install this agentic workflow, run

gh aw add githubnext/agentics/workflows/repo-assist.md@851905c06e905bf362a9f6cc54f912e3df747d55

[Copilot]

Pull request overview

This PR refactors API key generation by moving generateRandomAPIKey out of the CLI entrypoint (internal/cmd) into the authentication layer (internal/auth) as an exported helper, making the functionality reusable across the codebase.

Changes:

• Introduces auth.GenerateRandomAPIKey() in a new internal/auth/apikey.go.
• Updates the CLI startup path to call auth.GenerateRandomAPIKey() when no API key is configured.
• Migrates the API key generation unit test from internal/cmd/root_test.go into internal/auth/apikey_test.go.

Show a summary per file

File	Description
internal/cmd/root.go	Switches API key generation call site to auth.GenerateRandomAPIKey() and removes low-level crypto/encoding imports.
internal/cmd/root_test.go	Removes the old generateRandomAPIKey test after migration.
internal/auth/apikey.go	Adds exported API key generator implementation to the auth package.
internal/auth/apikey_test.go	Adds unit test for auth.GenerateRandomAPIKey() in the auth package.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 4/4 changed files
• Comments generated: 2

[Copilot]

GenerateRandomAPIKey wraps the rand.Read error with "failed to generate random API key", and the caller in run() wraps again with the same message. If this error ever surfaces, it will read redundantly ("failed...: failed..."). Prefer returning the raw rand.Read error from GenerateRandomAPIKey (or using a more specific/sentinel error) and let callers add context once.

[Copilot]

Minor naming: bytes is a very generic identifier and can be confused with the standard bytes package in Go codebases. Consider renaming it to something specific like keyBytes or buf to make the intent clearer.

Suggested change

	bytes := make([]byte, 32)
	if _, err := rand.Read(bytes); err != nil {
	return "", fmt.Errorf("failed to generate random API key: %w", err)
	}
	return hex.EncodeToString(bytes), nil
	keyBytes := make([]byte, 32)
	if _, err := rand.Read(keyBytes); err != nil {
	return "", fmt.Errorf("failed to generate random API key: %w", err)
	}
	return hex.EncodeToString(keyBytes), nil