feat: promote dev foundation and launch prep to main#1
Conversation
Gate host relay tickets behind Autumn feature checks, and tighten Fly deployment with explicit relay config, smoke verification, and updated operational runbook details.
Introduce persistent onboarding progress in Convex and wire a guarded web onboarding route so authenticated users complete first-run checklist steps before normal app flow.
Keep host HUD behavior on by default and add WRAPPER_HUD controls so users can disable title and notification updates when they prefer a quieter terminal.
Introduce fast/full CI lanes, automated multi-platform CLI release assets, and reusable workflow-driven updates for wrapper.rb in the shared heycupola/homebrew-tap repository.
Reorganize docs navigation around onboarding and operations, add troubleshooting and release-channel guidance, and document the mobile-phase boundary while app development is deferred.
Adopt a Relic-inspired section wrapper pattern and redesign the landing page as horizontal snap-scrolling panels, while polishing onboarding completion UX and progress feedback.
Introduce release dry-run archive verification, add relay incident/rollback runbook guidance, and cover health plus unauthenticated websocket rejection with relay smoke e2e tests.
Document the backend/auth/relay contract for future mobile clients and include the page in Mintlify navigation so implementation assumptions stay explicit before mobile build starts.
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
There was a problem hiding this comment.
Your free trial has ended. If you'd like to continue receiving code reviews, you can add a payment method here.
|
@cursoragent do your job |
|
Please finish setting up background agents. Go to Cursor |
|
@cursoragent do your job |
|
Done. I pushed two commits to
Validation passed locally:
Remote GitHub Actions are green on the latest push; only Cursor Bugbot was still in progress when checked. Working tree is clean. Note: Bun was missing from this Cloud Agent image, so I installed Bun 1.3.5 and ran   |
Co-authored-by: Can Vardar <me@icanvardar.com>
Co-authored-by: Can Vardar <me@icanvardar.com>
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
…ss-findings # Conflicts: # apps/relay/src/index.ts # packages/backend/convex/auth.ts
fix: resolve security and correctness findings
fix: cli and relay correctness/security bugs
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes using high effort and found 4 potential issues.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit abd3faf. Configure here.
| if (!closed) { | ||
| log.warn("relay host disconnected", { sessionId: opts.sessionId }); | ||
| } | ||
| }); |
There was a problem hiding this comment.
Relay drop leaves stale bridge
Medium Severity
The relay WebSocket's close event handler doesn't call the internal close() function when the socket closes unexpectedly. This leaves PTY listeners active, sending output to a dead socket and preventing remote re-attachment.
Reviewed by Cursor Bugbot for commit abd3faf. Configure here.
| const message = normalizeAttachAuthorizationError(error); | ||
| process.stderr.write(`[wrapper] attach authorization failed: ${message}\n`); | ||
| return false; | ||
| } |
There was a problem hiding this comment.
Local attach needs backend record
Medium Severity
If session:open fails while the host keeps running, wrapper attach still calls session:authorizeAttach for local WebSocket attach and fails with “session not found,” even though the session is live in the local registry and listening on 127.0.0.1.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit abd3faf. Configure here.
| if (backend.status === "missing_auth") { | ||
| process.stderr.write("[wrapper] backend auth required. Run `wrapper auth login` first.\n"); | ||
| return false; | ||
| } |
There was a problem hiding this comment.
Convex URL blocks local attach
Medium Severity
With WRAPPER_CONVEX_URL set but no saved login, shell-host runs and registers sessions, yet wrapper attach refuses local attach and tells the user to log in—even for same-machine 127.0.0.1 sessions that never touch the relay.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit abd3faf. Configure here.
|
|
||
| const client = new ConvexHttpClient(convexUrl); | ||
| client.setAuth(stored.sessionToken); | ||
| return { status: "ready", client, convexUrl }; |
There was a problem hiding this comment.
Env URL overrides stored token
Medium Severity
resolveAuthedConvexClient builds the Convex client from WRAPPER_CONVEX_URL/CONVEX_URL when set, but still applies the saved session token from a potentially different deployment URL. Auth and attach calls can fail or hit the wrong backend after an env change without re-login.
Reviewed by Cursor Bugbot for commit abd3faf. Configure here.
2 participants
Summary
Note
High Risk
Large greenfield surface area spanning shell rc patching, session relay/auth, and production deploy/release automation; regressions could affect user shells, remote access, or shipping broken binaries.
Overview
This PR replaces the Turborepo starter with the Wrapper product monorepo and lands the end-to-end foundation described in the PR title: CLI, backend hooks, relay integration points, and launch-prep automation.
CLI runtime (
apps/cli) adds the full host/viewer loop: rc install/uninstall, guarded shell-host (PTY, local WebSocket broker, session registry), attach with registry picker plus Convex-backed authorization for local attach and relay tickets for remote attach, device auth login/whoami/logout, prefix shortcuts for share/unshare, relay host bridge, HUD/feedback helpers, and Bun tests including a host→WS→shell e2e path.Tooling & onboarding switches the repo to oxlint + oxfmt (with shared configs), adds workspace
.env.example, rewrites the root README, registersapps/mobileas a git submodule, and movesapps/docsfrom Next.js to Mintlify (architecture, onboarding, mobile contract MDX).CI & release adds a two-lane CI (lint/format/types, then tests, web/Cloudflare builds, optional Convex deploy dry-run, relay smoke), Fly deploy for
apps/relay, CLI release (multi-archbun build --compile, GitHub release + checksums), Homebrew tap formula updates, and a release dry-run workflow for PR validation.Reviewed by Cursor Bugbot for commit abd3faf. Bugbot is set up for automated code reviews on this repo. Configure here.