Skip to content

Fix dl5 pairing and CF Access cookie flow#102

Merged
adamfgr merged 9 commits into
mainfrom
wizzo/dl5-cf-cookie-landing
Jul 7, 2026
Merged

Fix dl5 pairing and CF Access cookie flow#102
adamfgr merged 9 commits into
mainfrom
wizzo/dl5-cf-cookie-landing

Conversation

@wizzoapp

@wizzoapp wizzoapp Bot commented Jul 7, 2026

Copy link
Copy Markdown

Summary

  • Fix dl5 first-load auth by keeping known server-backed Cloudflare Pages hosts out of hosted-static mode, so dl5 reaches /api/auth/session and can show the pairing prompt.
  • Land and harden the parked Cloudflare Access cookie WIP from PR Fix desktop CF Access cookie pairing #93: desktop cookie/header installation now carries CF Access cookies into pairing, suspends stale Access transport during reauth, and rolls back header rules on install failure.
  • Add browser-session websocket ticket authorization for primary browser sessions and a real-browser dl5 proof script that records private artifacts.

Root Cause

isHostedStaticApp() treated every *.pages.dev origin as hosted-static when no backend URL was compiled into the bundle. On https://dl5-5uq.pages.dev, that bypassed resolveInitialServerAuthGateState(), so a fresh unpaired browser rendered the hosted static empty-state instead of the server-backed pairing prompt. The current deployed build also registers a service worker, but the live baseline showed the app never called /api/auth/session; the route gate made the wrong first-load decision before auth.

Proof So Far

Current deployed dl5 baseline from a fresh Chromium context through CF Access service-token cookie:

{
  "href": "https://dl5-5uq.pages.dev/",
  "hasPairingInput": false,
  "projectRows": 0,
  "swController": true,
  "bodyText": "Code ALPHA Search Ctrl+K Scheduled PROJECTS No projects yet Settings T3 Code (Alpha) Connect an environment to get started Add a reachable backend manually to start working from this browser. Add environment Toggle Sidebar"
}

Screenshot: /tmp/dl5-regression-baseline/dl5-current-1783416001851.png

The post-merge proof script is included at e2e/dl5-real-browser-proof.mjs; after deployment it should prove unpaired prompt, pairing with a minted token, and already-paired app load/projects.

Validation

  • vp test apps/web/src/hostedPairing.test.ts
  • vp test packages/client-runtime/src/authorization/layer.test.ts packages/client-runtime/src/connection/resolver.test.ts packages/client-runtime/src/connection/onboarding.test.ts apps/desktop/src/ipc/methods/cloudflareAccess.test.ts
  • vp run typecheck
  • vp check (passes; existing unrelated mobile lint warnings remain)
  • scripts/factory/precommit-gate.sh --prepare (PASS: static checks + clean Codex gpt-5.5 autoreview)
  • commit hook factory gate PASS for e18e7e280

Supersedes #93.

@wizzoapp wizzoapp Bot marked this pull request as ready for review July 7, 2026 09:41

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: e18e7e2806

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Comment thread apps/web/src/hostedPairing.ts Outdated
Comment thread apps/desktop/src/ipc/methods/cloudflareAccess.ts Outdated
@wizzoapp wizzoapp Bot marked this pull request as draft July 7, 2026 10:15
@wizzoapp wizzoapp Bot marked this pull request as ready for review July 7, 2026 10:15

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 7bbdf232c3

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Comment thread apps/web/src/hostedPairing.ts Outdated
Comment thread apps/desktop/src/ipc/methods/cloudflareAccess.ts Outdated
@wizzoapp wizzoapp Bot marked this pull request as draft July 7, 2026 10:48
@wizzoapp wizzoapp Bot marked this pull request as ready for review July 7, 2026 10:48

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 2f0be53beb

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Comment thread apps/desktop/src/ipc/methods/cloudflareAccess.ts Outdated
Comment thread packages/client-runtime/src/authorization/remote.ts
@wizzoapp wizzoapp Bot marked this pull request as draft July 7, 2026 13:04
@wizzoapp wizzoapp Bot marked this pull request as ready for review July 7, 2026 13:04

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: b334f3bbff

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Comment thread packages/client-runtime/src/authorization/service.ts Outdated
Comment thread apps/server/src/auth/http.ts
Comment thread apps/server/src/httpCors.ts

@adamfgr adamfgr left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Auto-approved by wizzo-approve: all policy conditions verified against HEAD 1d254fb.

@adamfgr adamfgr added this pull request to the merge queue Jul 7, 2026
Merged via the queue into main with commit d82d385 Jul 7, 2026
16 checks passed
@adamfgr adamfgr deleted the wizzo/dl5-cf-cookie-landing branch July 7, 2026 14:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant