feat(console): application onboarding UI (submit/approve/apply/secret) [v1.9.0]#17
Conversation
… one-time secret (v1.9.0) The Applications screen was read-only; the whole onboarding write-path was CLI/curl-only. Adds a "Register / update app" wizard: paste a laravel-iam.manifest.v2 JSON → submit → (approve if the change is sensitive) → apply → shows client_id + the one-time client_secret with copy buttons and a "shown once" warning (consumes package v1.9.0 which now returns them). Surfaces validation errors and the approval gate. Green: SPA build (tsc) + oxlint, php artisan test 19/19, pint, Playwright golden-path (now onboards a new app end to end: manifest → approve → apply → sees cli_<key> + the secret). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: ed03badf37
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| void navigator.clipboard?.writeText(value) | ||
| toast.success('Copied.') |
There was a problem hiding this comment.
Handle failed secret copy attempts
When the Clipboard API is unavailable or writeText rejects (for example on a non-secure console URL or denied clipboard permission), this still shows “Copied” even though nothing was written. In the client_secret path the value is shown only once and the UI says rotation is not available yet, so an operator can close the modal believing the secret was saved and strand the newly onboarded app; await the promise and show an error on failure instead.
Useful? React with 👍 / 👎.
Applications screen gains a Register/update wizard: manifest submit → approve → apply → shows client_id + one-time client_secret (copy). Consumes v1.9.0. Green: build+lint, 19 tests, E2E (onboards an app end to end).