feat(observe): surface revoked install tokens; doctor managed-observe section#278
Open
michiosw wants to merge 1 commit into
Open
feat(observe): surface revoked install tokens; doctor managed-observe section#278michiosw wants to merge 1 commit into
michiosw wants to merge 1 commit into
Conversation
Contributor
Author
|
Warning This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
This stack of pull requests is managed by Graphite. Learn more about stacking. |
michiosw
force-pushed
the
selfserve-auth-devx
branch
2 times, most recently
from
33c50e3 to
e50c9f0
Compare
michiosw
force-pushed
the
selfserve-setup-command
branch
2 times, most recently
from
760e845 to
d1f8aa7
Compare
michiosw
force-pushed
the
selfserve-auth-devx
branch
3 times, most recently
from
29d7991 to
912e0bd
Compare
michiosw
force-pushed
the
selfserve-setup-command
branch
from
d1f8aa7 to
3acdc06
Compare
Greptile SummaryThis PR improves managed-observe diagnostics and updates the hosted ledger wire format. The main changes are:
Confidence Score: 5/5This looks safe to merge.
Reviews (2): Last reviewed commit: "feat(observe): surface revoked install t..." | Re-trigger Greptile |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
michiosw
force-pushed
the
selfserve-auth-devx
branch
from
912e0bd to
ab1ffbb
Compare
michiosw
force-pushed
the
selfserve-setup-command
branch
from
3acdc06 to
4c34bc7
Compare
Contributor
Author
… section A revoked/rotated token previously spun silently under launchd. Now: - managedstream fires OnAuthFailure after 3 consecutive 401/403 flushes (re-fires periodically) and OnFlushSuccess on recovery - the daemon prints an actionable message to stderr (lands in the agent log) and drops a last-auth-error.json breadcrumb next to guard.db, cleared on the next successful flush - 'kontext doctor' gains a managed-observe section: config path + scope (system MDM / user setup / env), org, installation id, daemon socket probe, self-serve LaunchAgent presence (with a warning when an MDM install coexists), and the token-rejected breadcrumb Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
michiosw
force-pushed
the
selfserve-setup-command
branch
from
4c34bc7 to
706dd46
Compare
michiosw
force-pushed
the
selfserve-auth-devx
branch
from
ab1ffbb to
7a6ba53
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What & why
Revoked-token DevX +
kontext doctor, and the final wire-format change (ENG-442). Closes the loop so a self-serve operator whose key was revoked gets an actionable message instead of a silently-dead daemon. Builds on #277.managedstreamfiresOnAuthFailureafter 3 straight 401/403s (re-fires periodically), andOnFlushSuccessonly after an accepted post. The daemon turns that into a stderr line ("token rejected — runkontext setupwith a new token") and alast-auth-error.jsonbreadcrumb next to the guard DB; a later success clears it.kontext doctormanaged-observe section: config path + scope (system MDM / user / env), org, installation id, live token-resolve check through the daemon's read path, socket probe, LaunchAgent presence + MDM-coexistence warning, and the breadcrumb (kind-aware: auth vs startup).organization_id. The install token is the only org binding (server resolves it per request, see #574);managed.jsonkeeps the org id purely as a local label for doctor/setup output. StreamOptions/Payloaddrop the field and tests assert it is absent from the wire.How to review / test — pure Go
managedstream/stream_test.go: the 401 counter + refire,OnFlushSuccessonly on accepted post, and assertion thatorganization_idis absent from the posted payload.managedobserve/autherr_test.go+doctor_test.go: breadcrumb round-trip, corrupt-file tolerance, doctor section rendering.To see the live revoked-token behaviour, use the branch-built binary from #277 against the local stack, then revoke the key in the dashboard: within a few flushes the daemon logs the actionable message and the breadcrumb appears;
kontext doctorshows it; seeding a fresh key clears it on the next accepted flush. (No brew required.)Risk
The claim removal is forward-safe: old deployed agents keep sending
organization_idand the server keeps verifying it (#574); only new agents omit it. Rollout: the kontext API change (#574) must be deployed before a CLI release that omits the claim.Part of the ENG-442 kontext-cli stack: #276 -> #277 -> #278.