feat(cli): add --allowed-host option for dev server

[farhan523]

Checklist

• I've thoroughly read the latest contribution guidelines.
• I've rebased my branch onto main before creating this PR.
• I've added tests to cover my changes (if applicable).
• I've verified pnpm typecheck and pnpm test.
• I've added changesets.
• My change requires documentation updates.
• I've updated the documentation accordingly.

Summary

Resolves #1650.

Adds a repeatable --allowed-host option to likec4 start (aliases serve / dev) which threads through to Vite's server.allowedHosts.

Today, vite-dev.ts hardcodes allowedHosts: true with a // TODO: temprorary enable access to any host comment from #1649. This PR keeps true as the default (so existing behaviour is preserved and the change is strictly additive), and gives users a CLI surface to scope access down when they want it.

likec4 start --allowed-host foo.local --allowed-host bar.example.com

Implementation

• New allowedHost option in packages/likec4/src/cli/options.ts (array: true, string: true, requiresArg: true).
• Wired through serve/index.ts → serve.ts handler → viteDev.
• In vite-dev.ts, replaces the hardcoded allowedHosts: true with allowedHosts && allowedHosts.length > 0 ? allowedHosts : true. The obsolete // TODO: temprorary… comment is removed since users now have a way to address this themselves.
• Added two propagation tests to serve.spec.ts (with the hostnames + without — default branch).
• Added --allowed-host row to the serve options table in apps/docs/src/content/docs/tooling/cli.mdx.

Out of scope

This PR does not change the default. The maintainer note in #1650 says "we should enable only strictly defined" — that's a behaviour change that probably deserves its own PR (and possibly a deprecation cycle), separate from adding the CLI surface. Happy to follow up if you'd like the default flipped here.

Test plan

pnpm test --no-coverage --no-typecheck packages/likec4/src/cli/serve/serve.spec.ts
# Tests  6 passed (6)

pnpm --filter likec4 typecheck   # clean
pnpm lint:errors-only             # 0 errors
pnpm fmt                          # applied

New propagation tests:

• serve handler propagates allowedHosts array to viteDev
• serve handler leaves allowedHosts undefined when not provided (preserves the "allow all" default)

[changeset-bot]

🦋 Changeset detected

Latest commit: 14d64f2

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 22 packages

Name	Type
likec4	Patch
@likec4/docs-astro	Patch
likec4-vscode	Patch
@likec4/playground	Patch
@likec4/style-preset	Patch
@likec4/styles	Patch
@likec4/config	Patch
@likec4/core	Patch
@likec4/diagram	Patch
@likec4/generators	Patch
@likec4/language-server	Patch
@likec4/language-services	Patch
@likec4/layouts	Patch
@likec4/leanix-bridge	Patch
@likec4/spa	Patch
@likec4/log	Patch
@likec4/lsp	Patch
@likec4/mcp	Patch
@likec4/react	Patch
@likec4/tsconfig	Patch
@likec4/vite-plugin	Patch
@likec4/vscode-preview	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 397bb83d-b0de-43e3-a06b-4f81cba135a2

📥 Commits

Reviewing files that changed from the base of the PR and between 53091b2 and 14d64f2.

📒 Files selected for processing (1)

• packages/likec4/src/cli/index.ts

✅ Files skipped from review due to trivial changes (1)

• packages/likec4/src/cli/index.ts

---

📝 Walkthrough

Walkthrough

Adds a repeatable --allowed-host CLI option to likec4 start/serve that maps to Vite's server.allowedHosts; wires the flag through yargs → serve command → handler → viteDev, updates tests, docs, and disables greedy-arrays parsing.

Changes

CLI Allowed-Host Option

Layer / File(s)	Summary
CLI option definition packages/likec4/src/cli/options.ts	Defines allowedHost as a repeatable yargs option for string hostnames, mapped to Vite's server.allowedHosts.
Serve command integration packages/likec4/src/cli/serve/index.ts	Imports and registers the --allowed-host flag, then passes the parsed argument to the handler invocation.
Handler and Vite integration packages/likec4/src/cli/serve/serve.ts, packages/likec4/src/vite/vite-dev.ts	Updates HandlerParams to include optional allowedHosts, destructures it in the handler, forwards it to viteDev, and sets server.allowedHosts to the provided array or falls back to true.
Handler tests packages/likec4/src/cli/serve/serve.spec.ts	Adds tests verifying allowedHosts is forwarded to viteDev when provided and undefined is passed when omitted.
Documentation .changeset/cli-allowed-host-option.md, apps/docs/src/content/docs/tooling/cli.mdx	Adds a changeset and updates CLI docs with the --allowed-host option and default behavior.
Yargs parser configuration packages/likec4/src/cli/index.ts	Disables .parserConfiguration({ 'greedy-arrays': false }) to avoid greedy array parsing for repeatable options.

Sequence Diagram

sequenceDiagram
  participant CLI as CLI args
  participant Serve as serve command
  participant Handler as handler()
  participant ViteDev as viteDev()
  participant Vite as Vite config

  CLI->>Serve: --allowed-host example.com --allowed-host api.example.com
  Serve->>Handler: { allowedHosts: ['example.com','api.example.com'] }
  Handler->>ViteDev: allowedHosts: ['example.com','api.example.com']
  ViteDev->>Vite: server.allowedHosts = ['example.com','api.example.com']

  CLI->>Serve: (no --allowed-host)
  Serve->>Handler: { allowedHosts: undefined }
  Handler->>ViteDev: allowedHosts: undefined
  ViteDev->>Vite: server.allowedHosts = true

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested reviewers

• davydkov

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 66.67% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely describes the main feature: adding a --allowed-host option to the dev server CLI command.
Description check	✅ Passed	The PR description fully covers the required checklist items, provides clear context, implementation details, test coverage, and acknowledges scope boundaries.
Linked Issues check	✅ Passed	All coding requirements from #1650 are met: the CLI option --allowed-host is implemented, allows repeatable values, threads to Vite's server.allowedHosts, and preserves existing default behavior.
Out of Scope Changes check	✅ Passed	All changes directly support the PR objective. The yargs parser configuration change prevents CLI parsing issues with repeated flags, which is necessary for the feature to work correctly.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

ESLint skipped: no ESLint configuration detected in root package.json. To enable, add eslint to devDependencies.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@packages/likec4/src/cli/options.ts`:
- Around line 96-101: The allowedHost option is defined with array: true
(allowedHost) so yargs-parser's greedy-arrays can unintentionally capture the
trailing positional path; disable greedy arrays by adding parserConfiguration({
'greedy-arrays': false }) to the main yargs chain (the object that builds
options and calls parseAsync()) before calling parseAsync() so positional [path]
is not consumed as another allowedHost value.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: e20b4405-b06b-42dc-b68c-6d6f274249ed

📥 Commits

Reviewing files that changed from the base of the PR and between 590864d and 53091b2.

📒 Files selected for processing (7)

• .changeset/cli-allowed-host-option.md
• apps/docs/src/content/docs/tooling/cli.mdx
• packages/likec4/src/cli/options.ts
• packages/likec4/src/cli/serve/index.ts
• packages/likec4/src/cli/serve/serve.spec.ts
• packages/likec4/src/cli/serve/serve.ts
• packages/likec4/src/vite/vite-dev.ts

[davydkov]

@farhan523 Thanks for the PR! I agree with your "Out of scope" reasoning — let's keep allowedHosts: true as the default for now.

Changing it to "strictly defined" is a behaviour change that would break existing setups, so it's better keep it (for 1.x)

The additive approach here is exactly right: users who need to scope hosts down have a clean CLI surface, everyone else keeps working as-is.