Add generate key command

[thomtrp]

Will be useful to auto log users on app creation

[greptile-apps]

Greptile Summary

This PR adds a new CLI command workspace:generate-api-key that generates API keys for workspaces programmatically. The command accepts workspace ID, optional name, and expiration parameters, creating an admin-role API key and outputting the resulting credential to stdout.

Key changes:

• Created GenerateApiKeyCommand with proper NestJS command structure using nest-commander
• Integrated the command into both ApiKeyModule and DatabaseCommandModule for dependency injection
• Command validates workspace existence and admin role before creating the API key
• Outputs credential in a parseable format for automation scripts

Implementation details:

• Uses existing ApiKeyService methods for key creation and credential generation
• Defaults to 100-year expiration for non-expiring keys
• Includes proper error handling with logger messages for missing workspace/role scenarios
• Follows the codebase's command pattern with @Option decorators and validation

Confidence Score: 4/5

• Safe to merge with minor considerations for error handling improvements
• The implementation is well-structured and follows the codebase patterns. It properly validates inputs, checks for workspace and role existence, and handles errors gracefully. The command uses existing service methods which have been tested. The only minor concern is the redundant null check for tokenResult after successful API key creation - the method signature allows undefined return but in this context it shouldn't happen after validation passes.
• No files require special attention - all changes follow established patterns

Important Files Changed

Filename	Overview
packages/twenty-server/src/engine/core-modules/api-key/commands/generate-api-key.command.ts	New command to generate API keys for workspaces. Well-structured with proper error handling and validation, though the token generation check may be redundant
packages/twenty-server/src/engine/core-modules/api-key/api-key.module.ts	Added GenerateApiKeyCommand to module providers and exports for proper dependency injection
packages/twenty-server/src/database/commands/database-command.module.ts	Imported and registered GenerateApiKeyCommand in the database command module

_{Last reviewed commit: 9713ee3}

[greptile-apps]

_{3 files reviewed, no comments}

_{Edit Code Review Agent Settings | Greptile}

[cubic-dev-ai]

1 issue found across 3 files

Prompt for AI agents (all issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="packages/twenty-server/src/engine/core-modules/api-key/commands/generate-api-key.command.ts">

<violation number="1" location="packages/twenty-server/src/engine/core-modules/api-key/commands/generate-api-key.command.ts:60">
P3: The `--expires-in` description claims omitting the flag creates a non-expiring key, but the command always sets `expiresAt` (defaulting to ~100 years) and the API key validation enforces expiration. Update the description or implement true non-expiring behavior to avoid misleading users.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[charlesBochet]

only allow this in environment=dev (like application-sync resolver)

[Weiko]

LGTM

[Weiko]

nit: can use universalIdentifier

[Weiko]

console.log?

[twenty-eng-sync]

Hey @thomtrp! After you've done the QA of your Pull Request, you can mark it as done here. Thank you!