Skip to content

feat: add web and TUI account machine parity#825

Merged
arul28 merged 5 commits into
mainfrom
ade/accounts-web-tui-63211238
Jul 15, 2026
Merged

feat: add web and TUI account machine parity#825
arul28 merged 5 commits into
mainfrom
ade/accounts-web-tui-63211238

Conversation

@arul28

@arul28 arul28 commented Jul 15, 2026

Copy link
Copy Markdown
Owner

Summary

  • add optional Clerk account sign-in and account machine directory states to the hosted web client without replacing PIN pairing
  • add ade machines list plus stable-id connect/hop flows and surface the shared daemon account session in ade code
  • keep account bearer auth relay-only, persist first-adoption paired credentials with pinned DPoP, and reuse existing pairing records without rotating their secret
  • share directory validation/contracts across desktop, web, and CLI, including exact-origin HTTPS enforcement

Verification

  • focused CLI/TUI tests: 300 passed
  • sync-host tests: 82 passed
  • account-directory Worker tests: 23 passed
  • hosted web/desktop bridge tests: 41 passed
  • ADE CLI, desktop, and Worker typechecks passed
  • ADE CLI build, Worker dry-run build, hosted web build, and full desktop build passed
  • git diff --check passed; no iOS diff

Setup

Deployment still requires the existing Clerk/account-directory configuration, an applied D1 migration, WEB_CLIENT_ORIGIN set to the exact hosted HTTPS origin, and trusted ADE_ACCOUNT_DIRECTORY_URL / web-client build settings.

Summary by CodeRabbit

  • New Features
    • Added account-backed machine discovery and pairing in the web client and CLI, including “account machines” browsing and connection status.
    • Enabled secure paired remote sessions alongside SSH, with tighter account-label display and “auth expired” handling.
  • Bug Fixes
    • Hardened directory access with strict origin validation and improved preflight behavior; fail-closed on hostile or mismatched requests.
    • Improved expired-auth flows, ambiguity handling, and secure relay endpoint selection.
  • Documentation
    • Expanded setup checklist and CLI documentation for account machine/session workflows.
  • Tests
    • Added coverage for CORS, pairing, and account-based connection success/failure paths.

Greptile Summary

This PR adds account-backed machine discovery and connection flows across the hosted web client, CLI/TUI, Worker, and paired runtime. The main changes are:

  • Optional Clerk account sign-in and account-machine browsing in the hosted web client.
  • ade machines list, connect, and hop flows that pair account machines before launching ADE Code.
  • Shared account-directory validation for trusted directory origins, relay endpoints, machine payloads, and selectors.
  • Account-authenticated pairing that keeps bearer auth relay-only, then persists normal DPoP-bound paired credentials.
  • TUI and desktop remote-runtime updates for paired account-created targets without replacing PIN, local, or SSH paths.

Confidence Score: 5/5

This PR appears safe to merge from the reviewed paths.

No issues were identified in the changed account-directory CORS handling, shared endpoint validation, CLI machine commands, account pairing credential adoption, or hosted web integration paths.

No files require special attention.

T-Rex T-Rex Logs

What T-Rex did

  • Captured the pre-sign-in MachinePicker state image to compare the PIN-paired machine presence before signing in.
  • Captured the post-sign-in MachinePicker UI state showing online/offline machines, signed-in identity, the paired machine, and the PIN pairing option.
  • Saved the server build/capture logs and harness scripts under the artifacts directory.

View all artifacts

T-Rex Ran code and verified through T-Rex

Important Files Changed

Filename Overview
apps/account-directory/src/directory.ts Adds exact-origin CORS handling for browser account-machine directory reads; no issues found.
apps/ade-cli/src/cli.ts Adds ade machines planning, execution, and account-machine output formatting; no issues found.
apps/ade-cli/src/services/account/accountMachineDirectoryService.ts Introduces CLI daemon account-machine listing and pairing with paired target persistence; no issues found.
apps/desktop/src/shared/accountDirectory.ts Adds shared directory payload validation, trusted URL parsing, endpoint filtering, and selector helpers; no issues found.
apps/desktop/src/main/services/remoteRuntime/syncPairedMachineStore.ts Adds account-authenticated paired credential adoption while preserving existing DPoP-pinned records; no issues found.
apps/desktop/src/renderer/webclient/account/client.ts Adds hosted web OAuth/PKCE account client and account-directory loading; no issues found.
apps/desktop/src/renderer/webclient/sync/client.ts Adds browser account-machine pairing through verified relay before saving paired credentials; no issues found.
apps/desktop/src/renderer/webclient/sync/connection.ts Adds account-authenticated sync connection handshake and identity/pairing validation; no issues found.
apps/desktop/src/renderer/webclient/shell/WebClientRoot.tsx Integrates account-machine selection into hosted web boot and connect flow; no issues found.
apps/desktop/src/renderer/webclient/shell/MachinePicker.tsx Adds account-machine picker UI with availability and offline states; no issues found.
apps/ade-cli/src/services/sync/syncHostService.ts Returns first-adoption account pairing credentials and preserves existing paired secrets; no issues found.
apps/ade-cli/src/tuiClient/remoteLauncher.ts Adds paired-target remote launch support and fail-closed behavior for account-created targets; no issues found.

Sequence Diagram

%%{init: {'theme': 'neutral'}}%%
sequenceDiagram
participant Web as Hosted web / CLI
participant Dir as Account directory Worker
participant Relay as Verified WSS relay
participant Host as ADE machine host
participant Store as Paired credential store

Web->>Dir: GET /account/machines (Bearer account token, exact allowed origin for browser)
Dir-->>Web: Validated machine records + relay endpoints
Web->>Relay: Account hello with DPoP over directory-verified WSS
Relay->>Host: Relay account-authenticated hello
Host->>Host: Verify Clerk owner and DPoP / existing pin
Host-->>Web: hello_ok + accountPairing on first adoption
Web->>Store: Persist normal paired DPoP credentials and endpoints
Web->>Host: Reconnect through paired runtime bridge
Loading
%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
sequenceDiagram
participant Web as Hosted web / CLI
participant Dir as Account directory Worker
participant Relay as Verified WSS relay
participant Host as ADE machine host
participant Store as Paired credential store

Web->>Dir: GET /account/machines (Bearer account token, exact allowed origin for browser)
Dir-->>Web: Validated machine records + relay endpoints
Web->>Relay: Account hello with DPoP over directory-verified WSS
Relay->>Host: Relay account-authenticated hello
Host->>Host: Verify Clerk owner and DPoP / existing pin
Host-->>Web: hello_ok + accountPairing on first adoption
Web->>Store: Persist normal paired DPoP credentials and endpoints
Web->>Host: Reconnect through paired runtime bridge
Loading

Reviews (3): Last reviewed commit: "ship: refresh account machine credential..." | Re-trigger Greptile

@vercel

vercel Bot commented Jul 15, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment
Project Deployment Actions Updated (UTC)
ade Ignored Ignored Preview Jul 15, 2026 1:45pm

@arul28 arul28 changed the title accounts-web-tui -> Primary feat: add web and TUI account machine parity Jul 15, 2026
@coderabbitai

coderabbitai Bot commented Jul 15, 2026

Copy link
Copy Markdown

Warning

Review limit reached

@arul28, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 47 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 798a1949-40bc-4c9a-8943-1d73d97331ea

📥 Commits

Reviewing files that changed from the base of the PR and between 6fd2dea and 71cbe52.

📒 Files selected for processing (4)
  • apps/ade-cli/src/services/account/accountMachineDirectoryService.test.ts
  • apps/ade-cli/src/services/account/accountMachineDirectoryService.ts
  • apps/desktop/src/renderer/webclient/shell/WebClientRoot.tsx
  • apps/desktop/src/renderer/webclient/sync/__tests__/sync.test.ts
📝 Walkthrough

Walkthrough

Adds secure account-machine discovery, OAuth-backed browser sessions, DPoP-bound pairing, paired remote runtime support, CLI machine commands, account-aware machine-selection UI, and strict directory CORS validation.

Changes

Account machine workflow

Layer / File(s) Summary
Directory trust, CORS, and shared contracts
apps/account-directory/..., apps/desktop/src/shared/accountDirectory.ts, apps/desktop/src/main/services/account/...
Validates directory data, trusted origins, bearer requests, relay routes, and machine selectors; adds CORS handling and shared directory fetching.
Account pairing and authenticated sync
apps/desktop/src/main/services/remoteRuntime/..., apps/ade-cli/src/services/sync/..., apps/desktop/src/renderer/webclient/sync/...
Pairs account machines through verified relays, mints or reuses DPoP-bound credentials, validates host identity, and persists paired environments.
Browser account session and machine selection
apps/desktop/src/renderer/webclient/account/..., apps/desktop/src/renderer/webclient/shell/...
Adds OAuth PKCE sessions, refresh and expiry handling, account-machine selection, pairing actions, and account-aware machine menus.
CLI machine commands and RPC wiring
apps/ade-cli/src/cli.ts, apps/ade-cli/src/services/account/..., apps/ade-cli/src/multiProjectRpcServer.ts, apps/desktop/src/main/services/adeActions/...
Adds machine listing and connection plans, formatting, RPC routing, target persistence, and CTO-only action gating.
Paired remote runtime launch
apps/ade-cli/src/tuiClient/...
Adds paired RPC sessions and socket bridging, paired/SSH launch selection, and account status rendering in the TUI.
Workflow documentation
apps/ade-cli/README.md, apps/account-directory/README.md
Documents account sessions, machine selectors, pairing commands, remote transports, and hosted-origin configuration.

Estimated code review effort: 5 (Critical) | ~120 minutes

Possibly related PRs

  • arul28/ADE#705: Related sync authentication and DPoP-aware paired-hello handling.
  • arul28/ADE#814: Provides the account-directory request handling extended here with CORS validation.
  • arul28/ADE#815: Related account-scoped RPC plumbing used by the machine actions.

Suggested labels: desktop, docs

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 12.70% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title is concise and accurately reflects the main change: adding account machine support across the web client and TUI.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch ade/accounts-web-tui-63211238

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@arul28

arul28 commented Jul 15, 2026

Copy link
Copy Markdown
Owner Author

@copilot review but do not make fixes

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 10

🧹 Nitpick comments (1)
apps/desktop/src/renderer/webclient/shell/WebShell.tsx (1)

131-161: 🩺 Stability & Availability | 🔵 Trivial | 💤 Low value

No busy/disabled state for in-flight account-machine pairing.

Clicking an account-machine row (onSelect(machine)) does not disable the row or show a spinner while the async pairing/connect completes; a user could double-click and trigger duplicate pairing attempts. This mirrors the same gap for the existing environment rows above (no connecting indicator there either), so it's a pre-existing pattern rather than a new regression — flagging for awareness rather than as a blocker. Whether the ultimate onSwitchAccountMachine handler (likely connectToAccountMachine in WebClientRoot.tsx, which does track connectingAccountMachineKey) surfaces this state elsewhere isn't visible in this diff.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@apps/desktop/src/renderer/webclient/shell/WebShell.tsx` around lines 131 -
161, The account-machine rows rendered by the machines map lack an in-flight
pairing state. Reuse the existing connectingAccountMachineKey state from the
account-machine connection flow to identify the selected machine, disable that
row while pairing is active, and display the established connecting indicator;
ensure onSelect cannot trigger duplicate attempts during that period.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@apps/ade-cli/src/services/sync/syncPairingStore.ts`:
- Around line 130-140: Update pairPeerViaAccount so accountVerified cannot grant
runtimeHostGranted based solely on the client-declared peer.deviceType. Require
an independent authenticated desktop-capability proof alongside the consumed
runtime host grant or verified same-owner attestation, while preserving mobile
allowlist behavior and one-time grant consumption.

In `@apps/ade-cli/src/tuiClient/__tests__/remoteBridge.test.ts`:
- Around line 49-50: Update the remote bridge test around the socket data
listener to accumulate Buffer chunks across multiple "data" events until the
complete newline-delimited JSON-RPC frame is received, then compare the
assembled UTF-8 payload with the expected response. Keep the existing response
assertion unchanged once the full frame has been collected.

In `@apps/ade-cli/src/tuiClient/remoteBridge.ts`:
- Around line 483-485: Update the bridge socket data handling around the
socket.on("data") callback to preserve UTF-8 characters split across TCP chunks.
Configure the socket encoding before forwarding data, or use a persistent
StringDecoder, and pass the decoded complete text to opened.write while
preserving the existing teardown behavior.

In `@apps/ade-cli/src/tuiClient/remoteLauncher.ts`:
- Around line 613-636: The try block in the remote-launch flow conflates
successful connection metadata writes with runtime initialization failures.
Update the code around initializeRemoteRpc, pairedStore.markEndpointSucceeded,
and registry.update so only connection/initialization errors enter the
compatibility handling; perform both metadata writes afterward as best-effort
operations that cannot close or invalidate the successfully initialized client.

In `@apps/desktop/src/main/services/account/accountBridge.trust.test.ts`:
- Line 146: Remove the duplicate calls declaration in the test scope, retaining
a single const calls variable with its existing type and initialization so the
TypeScript file compiles.

In `@apps/desktop/src/renderer/webclient/account/client.ts`:
- Around line 289-336: Update getAccessToken to deduplicate concurrent refreshes
using a shared in-flight refresh promise, so callers reuse one postToken request
and cannot overwrite a newer session with stale refresh results. Ensure the
promise is cleared after completion and that only confirmed invalid or
expired-session responses call expireSession; propagate transient
postToken/network failures without forcing logout.

In `@apps/desktop/src/renderer/webclient/sync/client.ts`:
- Around line 305-310: Update pairWithAccount to create a DPoP proof factory
rather than signing once before relay attempts. Move signDpopProof into the
per-candidate attempt flow so each endpoint receives a newly generated proof
with the current nonce, while preserving the existing key, device, and
access-token inputs.

In `@apps/desktop/src/renderer/webclient/sync/connection.ts`:
- Around line 228-243: Update pairWithAccount to persist the newly paired
account endpoints in this.endpoints before reconnection can be enabled, ensuring
finishConnected uses the current machine’s endpoints rather than an empty or
stale list. Apply the same endpoint assignment in the related flow around
finishConnected.

In `@apps/desktop/src/shared/accountDirectory.ts`:
- Around line 199-200: Update the account-directory response handling around
parseAccountMachinesPayload to read the response body as a stream with a strict
maximum byte limit before JSON parsing. Reject or return the existing failure
state when the limit is exceeded, then parse only the bounded body and preserve
the current successful machine parsing behavior.
- Around line 360-369: Update the stable-ID matching flow around byStableId and
stableMatch to throw an ambiguity error when byStableId contains multiple
entries, before executing the byName fallback. Preserve the existing unique
stable-ID return path and only perform name matching when no stable-ID matches
exist.

---

Nitpick comments:
In `@apps/desktop/src/renderer/webclient/shell/WebShell.tsx`:
- Around line 131-161: The account-machine rows rendered by the machines map
lack an in-flight pairing state. Reuse the existing connectingAccountMachineKey
state from the account-machine connection flow to identify the selected machine,
disable that row while pairing is active, and display the established connecting
indicator; ensure onSelect cannot trigger duplicate attempts during that period.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 9d68e02b-8ccc-4003-a466-2897458449ce

📥 Commits

Reviewing files that changed from the base of the PR and between 12a3aca and efae148.

⛔ Files ignored due to path filters (3)
  • docs/ARCHITECTURE.md is excluded by !docs/**
  • docs/features/ade-code/README.md is excluded by !docs/**
  • docs/features/web-client/README.md is excluded by !docs/**
📒 Files selected for processing (39)
  • apps/account-directory/README.md
  • apps/account-directory/src/directory.ts
  • apps/account-directory/test/directory.test.ts
  • apps/account-directory/wrangler.jsonc
  • apps/ade-cli/README.md
  • apps/ade-cli/src/cli.test.ts
  • apps/ade-cli/src/cli.ts
  • apps/ade-cli/src/multiProjectRpcServer.ts
  • apps/ade-cli/src/services/account/accountAttestationVerifier.test.ts
  • apps/ade-cli/src/services/account/accountMachineDirectoryService.test.ts
  • apps/ade-cli/src/services/account/accountMachineDirectoryService.ts
  • apps/ade-cli/src/services/sync/syncCloudRelayStore.ts
  • apps/ade-cli/src/services/sync/syncHostService.test.ts
  • apps/ade-cli/src/services/sync/syncHostService.ts
  • apps/ade-cli/src/services/sync/syncPairingStore.ts
  • apps/ade-cli/src/tuiClient/__tests__/HeaderFooter.test.tsx
  • apps/ade-cli/src/tuiClient/__tests__/remoteBridge.test.ts
  • apps/ade-cli/src/tuiClient/app.tsx
  • apps/ade-cli/src/tuiClient/components/Header.tsx
  • apps/ade-cli/src/tuiClient/connection.ts
  • apps/ade-cli/src/tuiClient/remoteBridge.ts
  • apps/ade-cli/src/tuiClient/remoteLauncher.ts
  • apps/desktop/src/main/services/account/accountBridge.trust.test.ts
  • apps/desktop/src/main/services/account/accountBridge.ts
  • apps/desktop/src/main/services/adeActions/registry.ts
  • apps/desktop/src/main/services/remoteRuntime/syncPairedMachineStore.test.ts
  • apps/desktop/src/main/services/remoteRuntime/syncPairedMachineStore.ts
  • apps/desktop/src/renderer/webclient/account/client.test.ts
  • apps/desktop/src/renderer/webclient/account/client.ts
  • apps/desktop/src/renderer/webclient/shell/MachinePicker.tsx
  • apps/desktop/src/renderer/webclient/shell/WebClientRoot.tsx
  • apps/desktop/src/renderer/webclient/shell/WebShell.tsx
  • apps/desktop/src/renderer/webclient/shell/__tests__/MachinePicker.test.tsx
  • apps/desktop/src/renderer/webclient/sync/__tests__/sync.test.ts
  • apps/desktop/src/renderer/webclient/sync/client.ts
  • apps/desktop/src/renderer/webclient/sync/connection.ts
  • apps/desktop/src/shared/accountDirectory.ts
  • apps/desktop/src/shared/types/account.ts
  • apps/desktop/src/shared/types/sync.ts

Comment thread apps/ade-cli/src/services/sync/syncPairingStore.ts
Comment thread apps/ade-cli/src/tuiClient/__tests__/remoteBridge.test.ts Outdated
Comment thread apps/ade-cli/src/tuiClient/remoteBridge.ts
Comment thread apps/ade-cli/src/tuiClient/remoteLauncher.ts
Comment thread apps/desktop/src/main/services/account/accountBridge.trust.test.ts
Comment thread apps/desktop/src/renderer/webclient/account/client.ts
Comment thread apps/desktop/src/renderer/webclient/sync/client.ts Outdated
Comment thread apps/desktop/src/renderer/webclient/sync/connection.ts
Comment thread apps/desktop/src/shared/accountDirectory.ts Outdated
Comment thread apps/desktop/src/shared/accountDirectory.ts
Comment thread apps/ade-cli/src/cli.ts
@arul28

arul28 commented Jul 15, 2026

Copy link
Copy Markdown
Owner Author

@codex review

@arul28

arul28 commented Jul 15, 2026

Copy link
Copy Markdown
Owner Author

Addressed the CodeRabbit in-flight pairing note in cd6195b: account-machine connects now have a synchronous duplicate guard, and the machine switcher disables and labels the active row as connecting.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: cd6195bb92

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread apps/ade-cli/src/cli.ts
Comment thread apps/desktop/src/main/services/remoteRuntime/syncPairedMachineStore.ts Outdated
@arul28

arul28 commented Jul 15, 2026

Copy link
Copy Markdown
Owner Author

@codex review

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 4037662cbe

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread apps/ade-cli/src/multiProjectRpcServer.ts
@arul28

arul28 commented Jul 15, 2026

Copy link
Copy Markdown
Owner Author

@codex review

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 6fd2dea3c8

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread apps/ade-cli/src/services/account/accountMachineDirectoryService.ts Outdated
Comment thread apps/desktop/src/renderer/webclient/shell/WebClientRoot.tsx Outdated
@arul28

arul28 commented Jul 15, 2026

Copy link
Copy Markdown
Owner Author

@codex review

@arul28
arul28 merged commit 4a4b777 into main Jul 15, 2026
12 checks passed

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 71cbe5245c

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment on lines +171 to +173
state: "auth_expired",
machines: [],
message: `Machine directory returned ${response.status}.`,
message: "Your ADE account session expired. Sign in again.",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P3 Badge Handle auth-expired machines in desktop UI

This new auth_expired result is returned specifically so the UI can offer re-authentication, but the existing desktop account MachinesGlance only handles ok, not_configured, and signed_out; it falls through to the generic "Can't reach the machine directory" path for this state. When a stored account session expires while the account page still considers the user signed in, users get outage guidance instead of the intended "sign in again" path, so the new state needs to be handled in the desktop consumers as part of this change.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant