Skip to content

fix(cloud): steward session follow-ups — one host map, retryable cookie sync, exp-less tokens clearable, 401-guard tests#11067

Merged
lalalune merged 2 commits into
developfrom
fix/steward-session-review-fixes
Jul 2, 2026
Merged

fix(cloud): steward session follow-ups — one host map, retryable cookie sync, exp-less tokens clearable, 401-guard tests#11067
lalalune merged 2 commits into
developfrom
fix/steward-session-review-fixes

Conversation

@standujar

Copy link
Copy Markdown
Collaborator

What

Follow-up to #11016 (merged), addressing the review findings on it:

  1. One host→API map instead of three. ELIZA_CLOUD_DIRECT_API_BY_HOST is now exported from steward-url.ts and imported by StewardProviderShared and public-pages steward-session (which had its own ELIZA_CLOUD_AUTH_BASES copy). Drift between these hand-synced copies was exactly the staging sign-in-loop bug — staging existed in two of them but not the third. Adding a future env host is now a one-line, one-file change. The packages/cloud/shared copy stays: ui can't depend on the server bundle (documented boundary port).

  2. The session-sync keep-path retries. When a 401 hits a still-valid token, the handler now resets the sync dedupe marker, so the next trigger (visibility/storage/re-render) re-attempts the HttpOnly cookie POST once the endpoint heals — previously that token would ride out its whole lifetime with no cookie ever established.

  3. Exp-less tokens are clearable. tokenIsExpired now treats a missing exp claim as expired. Since the 401 handlers keep any non-expired token, an exp-less token (foreign/malformed — Steward always mints exp) would otherwise be uncloseable: no 401 could clear it and it never ages out.

  4. The load-bearing 401 behavior is tested. New StewardProviderRuntime.test.tsx exercises the real AuthTokenSync against a stubbed fetch (only the @stwd SDK boundary is mocked): a valid token survives session+refresh 401s AND the cookie sync retries on the next trigger; expired and exp-less tokens still clear. Plus direct unit tests for the new tokenIsExpired semantics. Includes an in-memory Storage shim because Node ≥22's bare localStorage global is non-functional under vitest and shadows jsdom's (the same environmental issue that fails CloudRouterShell.test.tsx locally on develop).

Test

  • bunx vitest run packages/ui/src/cloud/shell/ packages/ui/src/cloud/public-pages/pages/auth/email-callback-page.test.tsx → my 4 suites pass (16 tests); CloudRouterShell.test.tsx fails identically on clean develop (pre-existing Node 25 localStorage env issue, untouched here)
  • bun run --cwd packages/ui typecheck → clean
  • biome clean

…-less tokens clearable, test the 401 guards

Addresses the /review findings on this branch:
- ELIZA_CLOUD_DIRECT_API_BY_HOST is now exported from steward-url.ts and
  imported by StewardProviderShared + public-pages steward-session — one map
  instead of three hand-synced copies in packages/ui. Map drift between
  those copies was exactly the bug this PR fixes.
- The session-sync keep-path resets the dedupe marker so the cookie POST
  retries on the next trigger once the endpoint heals, instead of never
  re-attempting for that token's lifetime.
- tokenIsExpired now treats a missing exp claim as expired: the 401 handlers
  keep any non-expired token, so an exp-less token would otherwise be
  uncloseable (no 401 could clear it and it never ages out).
- New StewardProviderRuntime.test.tsx covers the load-bearing 401 behavior:
  valid token survives session+refresh 401s (and the sync retries), expired
  and exp-less tokens still clear. Includes an in-memory Storage shim for
  Node >=22's broken bare localStorage global under vitest.

@greptile-apps greptile-apps Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Your trial has ended. Reactivate Greptile to resume code reviews.

@coderabbitai

coderabbitai Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Important

Review skipped

Auto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: a6c49c12-5db0-46f0-ba26-7424e20f0aa4

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/steward-session-review-fixes

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@greptile-apps greptile-apps Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Your trial has ended. Reactivate Greptile to resume code reviews.

@lalalune lalalune left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review + independent verification:

  • Host-map dedup verified: the surviving ELIZA_CLOUD_DIRECT_API_BY_HOST in steward-url.ts is a complete superset of both deleted copies (all four hosts incl. the staging→api-staging mapping whose absence caused the sign-in loop); both former call sites now import it. The documented cloud/shared boundary copy staying is correct — ui can't depend on the server bundle.
  • tokenIsExpired flip audited across all callers: exp-less ⇒ expired is safe at every use — :85 skips cookie-sync (conservative), :128 keep-path (the fix target: exp-less no longer unkillable), :196 clear-path. Steward always mints exp, so no legit token changes behavior.
  • Keep-path retry: resetting lastSyncedToken on the kept-401 path is the minimal correct way to let the next visibility/storage trigger re-attempt the HttpOnly cookie POST.
  • Ran the suites locally (Windows): 3 files, 11/11 pass (Runtime 401-handling incl. the retry-on-next-trigger assertion, Shared unit tests, email-callback regression).

Nice follow-through on the #11016 review findings. Merging.

@lalalune lalalune merged commit a58b529 into develop Jul 2, 2026
31 of 61 checks passed
@lalalune lalalune deleted the fix/steward-session-review-fixes branch July 2, 2026 00:06
@claude

claude Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Claude encountered an error —— View job


I'll analyze this and get back to you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants