fix(web): login auto-logout race + magic-link disabled fallback + hub /healthz alias#188
Merged
Merged
Conversation
…k; hub /healthz alias Three prod-access fixes (user locked out of app.remo-code.com): 1. useProfile auto-logout race (PRIMARY — "can't login"): the `loading` flag was never reset to true when `token` transitions null→set on sign-in, so it stayed at the stale `false` left by the no-token branch. For one render after a successful legacy password login, App.tsx's dead-credential cleanup effect saw `!profileLoading && !profile && token` and immediately fired signOut() — logging the user straight back out. HAR confirmed: POST /api/auth/login 200 + GET /api/profile 200 + POST /api/auth/logout all at the same timestamp. Fix: setLoading(true) at the start of fetchProfile. 2. Magic-link disabled UX: under TITANIUM_BYPASS the request-link endpoint 503s `titanium_disabled`, but the UI swallowed it and showed "check your inbox" for an email that never sends. requestMagicLink now throws `magic_link_disabled` on that specific (config-wide, non-enumerating) state and Login.tsx routes the user to the password form. The only working auth path under bypass. 3. /healthz liveness alias: the Coolify probe hits /healthz; the hub only served /health and bearer-gated /healthz/deep. Added a plain /healthz alias. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
finedesignz
added a commit
that referenced
this pull request
May 30, 2026
Fix A — slash menu: register the bot's command list with Telegram via setMyCommands at bridge startup so typing `/` shows the command popup. BOT_COMMANDS in commands.ts is the single source of truth for the menu + /help (list/session/status/doctor/help — only the real handled commands). Idempotent, fire-and-forget, gated on botToken. Fix B — repo navigator: the callback_query session-picker path was structurally intact at #188 (proven by new integration tests) — its real- world "broken" symptom was the missing slash menu (Fix A) making /list undiscoverable. Hardened: webhook picker re-render now uses PAGE_SIZE instead of a hardcoded 20, and set_session/paginate/unknown callbacks are now covered by integration tests that lock the contract. Fix C — inline approval prompts: when a Telegram-driven session hits a tool permission prompt it no longer blocks silently. ws/agent.ts emits a permission_request:pending event (new isolated bus, mirrors assistant- events); the bridge surfaces it inline with Approve/Deny buttons to users whose default session matches. Taps route through the existing callback_query path → handlePermissionCallback forwards a permission_response frame on the agent socket (same frame the web client sends). Pending prompts are tracked in an in-memory registry keyed by request_id (callback_data is too small for session+request UUIDs) which also enforces per-user authorization. No new dispatch path — this is a control-frame reply to a runner-initiated prompt, so the cost-cap pipeline is untouched. Tests: telegram-approvals (registry + codec), telegram-bridge (slash menu + permission surfacing), telegram-webhook (callback set_session/paginate + approve/deny/stale/foreign/offline). check-baseline GREEN (947 pass, 0 fail). docs/telegram-bridge.md updated in lockstep. Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
finedesignz
added a commit
that referenced
this pull request
May 30, 2026
…advanced) (#190) App.tsx routes purely off window.location.hash. The legacy password flow calls signIn() to set auth state but — unlike magic-link, which redirects via /auth/callback → / — never changes the hash. So route stays 'login' and App's `route === 'login'` gate (added in #188 to harden against stale tokens) re-renders <Login> forever despite valid token + cookie + profile. Symptom: clicking Sign in does nothing. Fix: signIn() navigates to #/ when on the login route. Magic-link and deep links unaffected (guarded on hash). Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
User locked out of https://app.remo-code.com — "can't login". A HAR capture showed
POST /api/auth/login200 →GET /api/profile200 →POST /api/auth/logout200, all at the same timestamp: a successful login immediately followed by an auto-logout.Fixes
useProfile'sloadingflag was never reset totrueon thetokennull→set transition at sign-in. It stayed at the stalefalsefrom the no-token branch, so for one renderApp.tsx's dead-credential cleanup effect saw!profileLoading && !profile && tokenand firedsignOut(). Regression from the fix(web): blank screen after login/auth expiry → show Login #180–182 auth hardening; only bites the legacy password path (the only working path under Titanium bypass). Fix:setLoading(true)at the start offetchProfile.TITANIUM_BYPASSthe request-link endpoint 503stitanium_disabled; the UI swallowed it and showed a fake "check your inbox".requestMagicLinknow throwsmagic_link_disabledon that config-wide (non-enumerating) state andLogin.tsxroutes to the password form./healthzalias. Coolify probe hits/healthz; hub only served/health+ bearer-gated/healthz/deep. Added a plain liveness alias.Verification
tsc -b && vite buildclean./healthz200, then re-run the login HAR flow and confirm no auto-logout.🤖 Generated with Claude Code