Add configs to manage CPU architecture for Choreo CLI and skip keyring for auth management

[kaje94]

Purpose

$subject

Goals

Describe the solutions that this feature/fix will introduce to resolve the problems described above

Approach

Describe how you are implementing the solutions. Include an animated GIF or screenshot if the change affects the UI (email documentation@wso2.com to review all UI text). Include a link to a Markdown file or Google doc if the feature write-up is too long to paste here.

UI Component Development

Specify the reason if following are not followed.

• Added reusable UI components to the ui-toolkit. Follow the intructions when adding the componenent.
• Use ui-toolkit components wherever possible. Run npm run storybook from the root directory to view current components.
• Matches with the native VSCode look and feel.

Manage Icons

Specify the reason if following are not followed.

• Added Icons to the font-wso2-vscode. Follow the instructions.

User stories

Summary of user stories addressed by this change>

Release note

Brief description of the new feature or bug fix as it will appear in the release notes

Documentation

Link(s) to product documentation that addresses the changes of this PR. If no doc impact, enter “N/A” plus brief explanation of why there’s no doc impact

Training

Link to the PR for changes to the training content in https://github.com/wso2/WSO2-Training, if applicable

Certification

Type “Sent” when you have provided new/updated certification questions, plus four answers for each question (correct answer highlighted in bold), based on this change. Certification questions/answers should be sent to certification@wso2.com and NOT pasted in this PR. If there is no impact on certification exams, type “N/A” and explain why.

Marketing

Link to drafts of marketing content that will describe and promote this feature, including product page changes, technical articles, blog posts, videos, etc., if applicable

Automation tests

• Unit tests

  Code coverage information

• Integration tests

  Details about the test cases and coverage

Security checks

• Followed secure coding standards in http://wso2.com/technical-reports/wso2-secure-engineering-guidelines? yes/no
• Ran FindSecurityBugs plugin and verified report? yes/no
• Confirmed that this PR doesn't commit any keys, passwords, tokens, usernames, or other secrets? yes/no

Samples

Provide high-level details about the samples related to this feature

Related PRs

List any other related PRs

Migrations (if applicable)

Describe migration steps and platforms on which migration has been tested

Test environment

List all JDK versions, operating systems, databases, and browser/versions on which this feature/fix was tested

Learning

Describe the research phase and any blog posts, patterns, libraries, or add-ons you used to solve the problem.

Summary by CodeRabbit

• New Features

  • Added two new advanced configuration settings: RPC architecture selection (supporting x86-64 and ARM64) and keyring bypass option for enhanced platform customization.

• Chores

  • Updated version to 1.0.19.

[coderabbitai]

Walkthrough

This pull request bumps the extension version and introduces two new configuration options for controlling RPC architecture selection and keyring behavior. It refactors the CLI installation logic to use the extension's resources directory instead of global storage, renames the downloadCLI function to installCLI, and implements configuration-aware defaults for architecture and keyring settings.

Changes

Cohort / File(s)	Summary
Configuration & Versioning package.json	Version bumped to 1.0.19; added two new workspace-scoped configuration properties: RpcArchitecture (enum for amd64/arm64) and SkipKeyring (boolean flag).
CLI Installation & Activation src/choreo-rpc/activate.ts, src/choreo-rpc/cli-install.ts	Function downloadCLI renamed to installCLI; getChoreoBinPath refactored to compute paths from extension resources directory using OS/architecture; getArchitecture enhanced to read RpcArchitecture setting and apply configuration-driven overrides.
Keyring Configuration src/choreo-rpc/connection.ts	RPC server startup now reads SkipKeyring workspace setting to control the SKIP_KEYRING environment variable, with fallback to existing behavior (dev mode or process env).

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 A carrot-colored config brings delight,
Architecture choices, now within sight,
Keyring settings hop and play,
Refactored paths lead the way,
Version nineteen, a tasty bite! 🥕✨

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description is largely incomplete with only placeholder template sections and no substantive content filled in (Purpose shows '$subject', Goals/Approach/etc. are empty placeholders).	Complete the required sections: provide Purpose with issue links, Goals describing solutions, Approach explaining implementation details, and fill other relevant sections like Release notes and Documentation.
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Title check	✅ Passed	The PR title clearly and specifically describes the main changes: adding configurations to manage CPU architecture for Choreo CLI and skip keyring for authentication.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix-dev-container-cli

Important

Action Needed: IP Allowlist Update

If your organization protects your Git platform with IP whitelisting, please add the new CodeRabbit IP address to your allowlist:

• ✨ 136.113.208.247/32 (new)
• 34.170.211.100/32
• 35.222.179.152/32

Reviews will stop working after February 8, 2026 if the new IP is not added to your allowlist.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🤖 Fix all issues with AI agents

In `@workspaces/wso2-platform/wso2-platform-extension/package.json`:
- Around line 180-195: The "WSO2.WSO2-Platform.Advanced.SkipKeyring" setting
description is grammatically unclear; update the "description" string for the
configuration entry named WSO2.WSO2-Platform.Advanced.SkipKeyring so it clearly
explains its purpose (e.g., indicate it should be enabled when the user's system
does not support a keyring) and maintains same scope/type/default; locate the
JSON object for WSO2.WSO2-Platform.Advanced.SkipKeyring and replace the
description value with a concise, correct sentence.

In
`@workspaces/wso2-platform/wso2-platform-extension/src/choreo-rpc/cli-install.ts`:
- Around line 171-175: The getArchitecture function should validate the
user-configured value from
workspace.getConfiguration().get<string>("WSO2.WSO2-Platform.Advanced.RpcArchitecture")
against a small allowlist (e.g. valid values such as "x86_64" and "arm64" or
your project's canonical names); if the retrieved arch is present but not in the
allowlist, surface a clear early error (throw or show a user-facing error
message) or fall back to a documented default before proceeding so the installer
fails with a clear message; update getArchitecture to perform this check and use
the allowlist when deciding whether to return the configured value.

In
`@workspaces/wso2-platform/wso2-platform-extension/src/choreo-rpc/connection.ts`:
- Line 26: The code currently treats a user setting of skipKeyring the same as
unset, letting process.env.SKIP_KEYRING override an explicit false; update the
logic where you read the configuration (the
workspace.getConfiguration(...).get('skipKeyring') usage) so that you
distinguish undefined from false — only use process.env.SKIP_KEYRING when the
config value is strictly undefined, and preserve a boolean false when the user
explicitly sets it; apply this change to both places that reference
process.env.SKIP_KEYRING / the skipKeyring config in connection.ts.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Clarify the SkipKeyring setting description.
Current text is grammatically unclear and can confuse users.

✏️ Proposed text fix

-          "description": "Enable only your system does not support keyring.",
+          "description": "Enable only if your system does not support keyring.",

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	"WSO2.WSO2-Platform.Advanced.RpcArchitecture": {
	"type": "string",
	"enum": [
	"",
	"amd64",
	"arm64"
	],
	"default": "",
	"description": "The architecture of Choreo RPC server. Change only if you are running within a container with a different architecture than your host machine.",
	"scope": "window"
	},
	"WSO2.WSO2-Platform.Advanced.SkipKeyring": {
	"type": "boolean",
	"default": false,
	"description": "Enable only your system does not support keyring.",
	"scope": "window"
	"WSO2.WSO2-Platform.Advanced.RpcArchitecture": {
	"type": "string",
	"enum": [
	"",
	"amd64",
	"arm64"
	],
	"default": "",
	"description": "The architecture of Choreo RPC server. Change only if you are running within a container with a different architecture than your host machine.",
	"scope": "window"
	},
	"WSO2.WSO2-Platform.Advanced.SkipKeyring": {
	"type": "boolean",
	"default": false,
	"description": "Enable only if your system does not support keyring.",
	"scope": "window"

🤖 Prompt for AI Agents

In `@workspaces/wso2-platform/wso2-platform-extension/package.json` around lines
180 - 195, The "WSO2.WSO2-Platform.Advanced.SkipKeyring" setting description is
grammatically unclear; update the "description" string for the configuration
entry named WSO2.WSO2-Platform.Advanced.SkipKeyring so it clearly explains its
purpose (e.g., indicate it should be enabled when the user's system does not
support a keyring) and maintains same scope/type/default; locate the JSON object
for WSO2.WSO2-Platform.Advanced.SkipKeyring and replace the description value
with a concise, correct sentence.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Validate architecture overrides.
If a user manually sets an invalid value, the install will fail later with a less clear error. Consider validating allowed values early.

🛡️ Suggested validation

 function getArchitecture() {
 	const arch = workspace.getConfiguration().get<string>("WSO2.WSO2-Platform.Advanced.RpcArchitecture");
 	if (arch) {
+		const allowed = new Set(["amd64", "arm64", "arm"]);
+		if (!allowed.has(arch)) {
+			throw new Error(`Unsupported architecture override: ${arch}. Expected one of: ${[...allowed].join(", ")}`);
+		}
 		return arch;
 	}
 	const ARCH = os.arch();

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	function getArchitecture() {
	const arch = workspace.getConfiguration().get<string>("WSO2.WSO2-Platform.Advanced.RpcArchitecture");
	if (arch) {
	return arch;
	}
	function getArchitecture() {
	const arch = workspace.getConfiguration().get<string>("WSO2.WSO2-Platform.Advanced.RpcArchitecture");
	if (arch) {
	const allowed = new Set(["amd64", "arm64", "arm"]);
	if (!allowed.has(arch)) {
	throw new Error(`Unsupported architecture override: ${arch}. Expected one of: ${[...allowed].join(", ")}`);
	}
	return arch;
	}

🤖 Prompt for AI Agents

In
`@workspaces/wso2-platform/wso2-platform-extension/src/choreo-rpc/cli-install.ts`
around lines 171 - 175, The getArchitecture function should validate the
user-configured value from
workspace.getConfiguration().get<string>("WSO2.WSO2-Platform.Advanced.RpcArchitecture")
against a small allowlist (e.g. valid values such as "x86_64" and "arm64" or
your project's canonical names); if the retrieved arch is present but not in the
allowlist, surface a clear early error (throw or show a user-facing error
message) or fall back to a documented default before proceeding so the installer
fails with a clear message; update getArchitecture to perform this check and use
the allowlist when deciding whether to return the configured value.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Honor explicit false for SkipKeyring.
A user setting of false is currently treated the same as “unset,” allowing process.env.SKIP_KEYRING to override it. Consider distinguishing undefined vs false.

✅ Proposed fix

-		const skipKeyringConfig = workspace.getConfiguration().get<boolean>("WSO2.WSO2-Platform.Advanced.SkipKeyring");
+		const skipKeyringConfig = workspace.getConfiguration().get<boolean>("WSO2.WSO2-Platform.Advanced.SkipKeyring");
+		const skipKeyring =
+			skipKeyringConfig !== undefined
+				? skipKeyringConfig
+				: ext.isDevantCloudEditor
+					? true
+					: undefined;
 		this._serverProcess = spawn(executablePath, ["start-rpc-server"], {
 			env: {
 				...process.env,
-				SKIP_KEYRING: (skipKeyringConfig || ext.isDevantCloudEditor) ? "true" : (process.env.SKIP_KEYRING || ""),
+				SKIP_KEYRING: skipKeyring === undefined ? (process.env.SKIP_KEYRING || "") : (skipKeyring ? "true" : ""),
 				CHOREO_ENV: ext.choreoEnv,
 				CHOREO_REGION: region,
 			},
 		});

Also applies to: 47-52

🤖 Prompt for AI Agents

In
`@workspaces/wso2-platform/wso2-platform-extension/src/choreo-rpc/connection.ts`
at line 26, The code currently treats a user setting of skipKeyring the same as
unset, letting process.env.SKIP_KEYRING override an explicit false; update the
logic where you read the configuration (the
workspace.getConfiguration(...).get('skipKeyring') usage) so that you
distinguish undefined from false — only use process.env.SKIP_KEYRING when the
config value is strictly undefined, and preserve a boolean false when the user
explicitly sets it; apply this change to both places that reference
process.env.SKIP_KEYRING / the skipKeyring config in connection.ts.