Skip to content

Tighten daemon route auth identity handoff#1471

Merged
Jurij89 merged 10 commits into
codex/node-ui-auth-bootstrap-sessionfrom
codex/dashboard-auth-route-identity-followup
Jul 6, 2026
Merged

Tighten daemon route auth identity handoff#1471
Jurij89 merged 10 commits into
codex/node-ui-auth-bootstrap-sessionfrom
codex/dashboard-auth-route-identity-followup

Conversation

@Jurij89

@Jurij89 Jurij89 commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Follow up on the late PR Close dashboard auth boundary follow-up #1465 route-identity review comments by making the guard-returned auth context the explicit handoff into daemon route dispatch and SSE association.
  • Split the daemon-owned route context from the public plugin-facing RequestContext: internal route handlers now receive a required requestIdentity, while plugin compatibility keeps the public field optional.
  • Move the dashboard route identity harness back through handleRequest for /api/agent/identity and /api/context-graph/:id/sign-join, so the tests fail if production dispatcher wiring drops the accepted dashboard principal.

Related

Files changed

File What
packages/cli/src/daemon/lifecycle.ts Pass authResult.requestAuthContext into SSE resolution and route dispatch.
packages/cli/src/daemon/handle-request.ts Derive route identity from the explicit auth context and build an internal required-identity route context.
packages/cli/src/daemon/route-request-identity.ts Accept an explicit auth context while keeping request-symbol fallback for compatibility callers.
packages/cli/src/daemon/dashboard-sse-session.ts Resolve dashboard SSE sessions from the explicit auth context, with legacy fallback preserved.
packages/cli/src/daemon/routes/* Type daemon-owned route handlers against InternalRequestContext; use requestIdentity directly in the agent identity and sign-join helpers.
packages/cli/test/dashboard-session-test-harness.ts Route dashboard identity tests through handleRequest for the two production endpoints under review.

Test plan

  • cd packages/cli && pnpm exec vitest run test/auth.test.ts test/dashboard-login.test.ts test/dashboard-session-auth-source.test.ts test/dashboard-session-cookie.test.ts test/dashboard-session-store.test.ts test/dashboard-session.test.ts test/route-request-identity-dashboard.test.ts --config vitest.unit.config.ts
  • cd packages/cli && pnpm exec tsc --noEmit --pretty false
  • git diff --check

@Jurij89 Jurij89 marked this pull request as ready for review July 6, 2026 02:41
Comment thread packages/cli/src/daemon/routes/context.ts Outdated
Comment thread packages/cli/src/daemon/route-request-identity.ts Outdated
Comment thread packages/cli/test/dashboard-session-test-harness.ts Outdated
Comment thread packages/cli/src/daemon/lifecycle.ts
Comment thread packages/cli/src/daemon/handle-request.ts Outdated
Comment thread packages/cli/src/daemon/handle-request.ts Outdated
Comment thread packages/cli/src/daemon/plugin-api.ts Outdated
Comment thread packages/cli/test/daemon/routes/plugins.test.ts Outdated
Comment thread packages/cli/test/agent-encryption-key-routes.test.ts
Comment thread packages/cli/src/daemon/plugin-api-compatibility.typecheck.ts Outdated
Comment thread packages/cli/src/daemon/lifecycle.ts Outdated
Comment thread packages/cli/test/type/plugin-api-compatibility.typecheck.ts
@Jurij89 Jurij89 merged commit a171eb1 into codex/node-ui-auth-bootstrap-session Jul 6, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants