Skip to content

feat(account): ship production machine publishing and paired ADE Code remote#827

Merged
arul28 merged 3 commits into
mainfrom
ade/fix-ade-code-remote-transport-b25b33d0
Jul 15, 2026
Merged

feat(account): ship production machine publishing and paired ADE Code remote#827
arul28 merged 3 commits into
mainfrom
ade/fix-ade-code-remote-transport-b25b33d0

Conversation

@arul28

@arul28 arul28 commented Jul 15, 2026

Copy link
Copy Markdown
Owner

Summary

  • ship the production account identity and machine-publishing batch from commit 26e2ed0
  • adopt exact account-created remote targets into the paired DPoP runtime before SSH fallback
  • preserve explicit SSH aliases and credentials, host-key verification, and paired-only fail-closed rules
  • bound and cancel every route/runtime attempt with aggregated diagnostics

Verification

  • ADE CLI typecheck and full test suite: 1865 tests passed
  • targeted remote launcher/runtime suites passed
  • affected desktop remote-runtime suites passed
  • affected desktop CI shards 1, 2, 6, and 8 passed
  • desktop typecheck passed
  • docs validation passed
  • /quality and /test completed

No beta or release was built.

Summary by CodeRabbit

  • New Features

    • Added account-machine pairing for connecting to available machines.
    • Added automatic machine registration and discovery through the hosted account directory.
    • Added support for isolated development and production account environments.
    • Added optional secondary Clerk configuration for webhook relay authentication.
  • Bug Fixes

    • Improved remote connection cancellation, timeouts, route selection, and failure reporting.
    • Prevented untrusted or incomplete account configurations from being used.
  • Documentation

    • Updated Cloudflare deployment, account-directory, CLI, and webhook relay setup guidance.

Greptile Summary

This PR ships production account identity and paired account-machine remote support. The main changes are:

  • Production and development account-directory Worker configuration.
  • Account machine heartbeat publishing from ADE brains.
  • Trusted account machine listing and pairing across CLI, desktop, web, and iOS surfaces.
  • Paired ADE Code remote adoption before SSH fallback.
  • Secondary Clerk token support for the webhook relay.
  • Documentation and CI updates for the new account-directory flow.

Confidence Score: 5/5

This PR appears safe to merge.

No accepted bug findings remain. The reviewed account bearer destinations, paired endpoint identity checks, secondary Clerk verification, legacy SSH fallback, cancellation, and publisher disposal paths have explicit validation in the changed code.

No files require special attention.

T-Rex T-Rex Logs

What T-Rex did

  • Ran the test suite with npm run test -- --run and the run completed with EXIT_CODE: 0; Vitest reported 6 test files passed and 56 tests passed.
  • Initiated a desktop TypeScript high-heap type-check from the desktop workspace and later terminated it after the validation wait budget elapsed, with no type errors found.
  • Evidence artifacts documenting the test results and type-check run were collected.

View all artifacts

T-Rex Ran code and verified through T-Rex

Important Files Changed

Filename Overview
.github/workflows/ci.yml Adds isolated account-directory typecheck/build/test jobs and wires them into CI success gating.
apps/account-directory/wrangler.jsonc Configures hosted account-directory defaults plus a separate production environment and D1 binding.
apps/ade-cli/src/services/account/accountMachinePublisherService.ts Introduces bounded machine heartbeat publishing with host-only registration and trusted bearer destinations.
apps/ade-cli/src/tuiClient/remoteLauncher.ts Expands remote launch resolution to adopt verified account machines, bound attempts, aggregate failures, and preserve explicit SSH fallback.
apps/desktop/src/main/services/account/accountBridge.ts Resolves account directory origins through machine-owner controls and maps account machine pairing through the main-process bridge.
apps/desktop/src/main/services/remoteRuntime/syncPairedMachineStore.ts Adds account-token-authenticated pairing with verified WSS relay bootstrap and saved paired endpoint metadata.
apps/desktop/src/shared/accountDirectory.ts Centralizes trusted account directory URLs, payload parsing, endpoint filtering, and account pairing helpers.
apps/webhook-relay/src/relay.ts Adds secondary Clerk token config support while preserving issuer and audience validation.

Sequence Diagram

%%{init: {'theme': 'neutral'}}%%
sequenceDiagram
  participant Brain as ADE brain
  participant Auth as Shared account auth
  participant Dir as Account directory Worker
  participant Desktop as Desktop/ADE Code client
  participant Host as Paired runtime host

  Brain->>Auth: read signed-in account token
  Brain->>Brain: build validated machine registration
  Brain->>Dir: POST /account/machines/register
  Desktop->>Auth: get account token in main/CLI
  Desktop->>Dir: GET /account/machines
  Dir-->>Desktop: online machines + verified endpoints
  Desktop->>Host: WSS account hello with DPoP proof
  Host-->>Desktop: hello_ok + accountPairing
  Desktop->>Desktop: save paired credentials
  Desktop->>Host: open runtime RPC channel
Loading
%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
sequenceDiagram
  participant Brain as ADE brain
  participant Auth as Shared account auth
  participant Dir as Account directory Worker
  participant Desktop as Desktop/ADE Code client
  participant Host as Paired runtime host

  Brain->>Auth: read signed-in account token
  Brain->>Brain: build validated machine registration
  Brain->>Dir: POST /account/machines/register
  Desktop->>Auth: get account token in main/CLI
  Desktop->>Dir: GET /account/machines
  Dir-->>Desktop: online machines + verified endpoints
  Desktop->>Host: WSS account hello with DPoP proof
  Host-->>Desktop: hello_ok + accountPairing
  Desktop->>Desktop: save paired credentials
  Desktop->>Host: open runtime RPC channel
Loading

Reviews (2): Last reviewed commit: "ship: iteration 1 - fix secret-scan and ..." | Re-trigger Greptile

@vercel

vercel Bot commented Jul 15, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment
Project Deployment Actions Updated (UTC)
ade Ignored Ignored Preview Jul 15, 2026 5:40pm

@arul28 arul28 changed the title fix-ade-code-remote-transport -> Primary feat(account): ship production machine publishing and paired ADE Code remote Jul 15, 2026
@arul28

arul28 commented Jul 15, 2026

Copy link
Copy Markdown
Owner Author

@copilot review but do not make fixes

@coderabbitai

coderabbitai Bot commented Jul 15, 2026

Copy link
Copy Markdown

Warning

Review limit reached

@arul28, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 17 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 097e0cb2-4f4c-4684-8391-367be1afb8d6

📥 Commits

Reviewing files that changed from the base of the PR and between 625be90 and 0cc683f.

📒 Files selected for processing (14)
  • .gitleaksignore
  • apps/ade-cli/src/cli.ts
  • apps/ade-cli/src/multiProjectRpcServer.ts
  • apps/ade-cli/src/services/account/sharedAccountAuthService.test.ts
  • apps/ade-cli/src/services/account/sharedAccountAuthService.ts
  • apps/ade-cli/src/tuiClient/remoteLauncher.ts
  • apps/desktop/src/main/services/account/accountBridge.trust.test.ts
  • apps/desktop/src/main/services/account/accountBridge.ts
  • apps/desktop/src/main/services/remoteRuntime/syncPairedMachineStore.test.ts
  • apps/desktop/src/main/services/remoteRuntime/syncPairedMachineStore.ts
  • apps/desktop/src/main/services/remoteRuntime/syncRuntimeTransport.test.ts
  • apps/desktop/src/main/services/remoteRuntime/syncRuntimeTransport.ts
  • apps/desktop/src/shared/accountDirectory.ts
  • apps/desktop/src/shared/types/account.ts
📝 Walkthrough

Walkthrough

The pull request adds production account-directory deployment configuration, machine registration and pairing across CLI and desktop, bounded remote connection cancellation, multi-issuer webhook verification, CI coverage, documentation updates, and iOS release entitlements.

Changes

Account machine discovery and pairing

Layer / File(s) Summary
Directory defaults and authentication
apps/desktop/src/shared/accountDirectory.ts, apps/ade-cli/src/services/account/sharedAccountAuthService.ts, apps/desktop/src/main/services/account/accountBridge.ts
Adds production/development Clerk and directory defaults, trusted URL resolution, endpoint normalization, and abortable machine listing.
Machine registration publisher
apps/ade-cli/src/services/account/accountMachinePublisherService.ts, apps/ade-cli/src/cli.ts
Publishes sanitized host registrations with bounded requests, heartbeat coalescing, warning throttling, and disposal.
Directory listing and pairing service
apps/ade-cli/src/services/account/accountMachineDirectoryService.ts
Adds timeout and cancellation options to listing and pairing flows.
Desktop pairing API
apps/desktop/src/main/services/account/*, apps/desktop/src/preload/*, apps/desktop/src/shared/*
Adds the pairing result type, IPC channel, preload API, account bridge delegation, and sensitive-data redaction.
Paired account-machine UI
apps/desktop/src/renderer/components/remoteTargets/*, apps/desktop/src/renderer/browserMock.ts
Connects account machines through paired targets and derives availability from shared connection state.

Bounded remote launching

Layer / File(s) Summary
Cancellable sync transport
apps/desktop/src/main/services/remoteRuntime/syncRuntimeTransport.ts, apps/desktop/src/main/services/remoteRuntime/syncPairedMachineStore.ts
Propagates abort signals through WebSocket connection and envelope waits.
Remote launch budgets and transport attempts
apps/ade-cli/src/tuiClient/remoteLauncher.ts
Adds shared deadlines, bounded attempts, cancellation, and authentication-failure pruning.
Account target resolution and SSH routing
apps/ade-cli/src/tuiClient/remoteLauncher.ts
Preserves SSH aliases while overriding routes and applies fail-closed legacy account-target pairing rules.

Secondary Clerk relay verification

Layer / File(s) Summary
Issuer-selected token verification
apps/webhook-relay/src/relay.ts, apps/webhook-relay/test/account.test.ts, apps/webhook-relay/README.md
Supports a complete optional secondary Clerk configuration selected by JWT issuer and validates its client binding.

Deployment and platform configuration

Layer / File(s) Summary
Account-directory production deployment
.github/workflows/ci.yml, apps/account-directory/*
Adds isolated CI jobs, production Worker/D1 configuration, deployment scripts, and Cloudflare instructions.
CLI account and remote documentation
apps/ade-cli/README.md
Documents account.call, environment selection, fail-closed remote pairing, bounded connections, and discovery flags.
iOS release configuration
apps/ios/ADE/ADE.Release.entitlements, apps/ios/ADE/Services/AccountDirectory.swift
Adds release entitlements and updates account-directory URL sourcing documentation.

Estimated code review effort: 5 (Critical) | ~120 minutes

Possibly related PRs

  • arul28/ADE#815 — Related account RPC and authentication wiring.
  • arul28/ADE#819 — Related trusted account-directory URL and desktop account bridge changes.
  • arul28/ADE#821 — Related Clerk token verification changes in the webhook relay.

Suggested labels: ci, docs, desktop, ios

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 10.71% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the two main themes of the PR: production account machine publishing and paired ADE Code remote transport.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch ade/fix-ade-code-remote-transport-b25b33d0

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (3)
apps/desktop/src/main/services/remoteRuntime/syncPairedMachineStore.ts (1)

553-564: 🩺 Stability & Availability | 🟡 Minor | ⚡ Quick win

Loop keeps opening new endpoints after cancellation is requested.

Once options.signal aborts mid-loop, the .catch swallows the abort error and continues, so every remaining candidate in accountRelayEndpoints still gets a fresh openSyncEnvelopeConnection attempt (which constructs a real WebSocket before its internal abort check runs) instead of stopping immediately. This defeats the purpose of the bounded-cancellation signal for multi-endpoint account pairing.

🔌 Proposed fix: stop the loop once cancellation is requested
     const failures: string[] = [];
     for (const endpoint of accountRelayEndpoints) {
+      if (options.signal?.aborted) break;
       const connection = await openSyncEnvelopeConnection({
         endpoint,
         connectTimeoutMs: options.connectTimeoutMs,
         signal: options.signal,
         createWebSocket: options.createWebSocket,
       }).catch((error) => {
         failures.push(error instanceof Error ? error.message : String(error));
         return null;
       });

Also applies to: 632-637

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@apps/desktop/src/main/services/remoteRuntime/syncPairedMachineStore.ts`
around lines 553 - 564, Stop the endpoint iteration immediately when
cancellation is requested: update the connection failure handling in the loop
around openSyncEnvelopeConnection, including the analogous block near the second
referenced location, to detect an aborted options.signal and exit before
continuing to another endpoint. Preserve recording non-cancellation failures and
existing retry behavior when the signal is not aborted.
apps/desktop/src/shared/accountDirectory.ts (1)

291-298: 🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

Distinguish cancellation from timeout in the error message.

If the caller cancels the request via the provided args.signal, controller.signal.aborted becomes true, and this block currently surfaces a misleading "Machine directory timed out" message. Prioritize a check for args.signal?.aborted to accurately report cancellations.

💡 Proposed fix
   } catch {
     return {
       state: "unavailable",
       machines: [],
-      message: controller.signal.aborted
-        ? "Machine directory timed out."
-        : "Couldn't reach the machine directory.",
+      message: args.signal?.aborted
+        ? "Machine directory request was cancelled."
+        : controller.signal.aborted
+          ? "Machine directory timed out."
+          : "Couldn't reach the machine directory.",
     };
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@apps/desktop/src/shared/accountDirectory.ts` around lines 291 - 298, Update
the catch block in the account-directory request flow to check
args.signal?.aborted before controller.signal.aborted, returning a
cancellation-specific message when the caller aborted the request and retaining
the timeout message only for controller-triggered aborts.
apps/desktop/src/main/services/remoteRuntime/syncRuntimeTransport.ts (1)

234-248: 🚀 Performance & Scalability | 🟡 Minor | ⚡ Quick win

Check signal.aborted before creating the WebSocket, not after.

new WebSocket(endpoint) (or the custom factory) runs before the abort check, so an already-cancelled call still opens a connection attempt just to immediately close it. This partially defeats the point of the new cancellation support, especially for callers like pairWithAccountMachine that loop over multiple relay endpoints under one shared signal — each remaining iteration after cancellation still spins up and tears down a socket instead of short-circuiting.

🔧 Proposed fix: reorder the abort check ahead of WebSocket creation
   const endpoint = normalizeSyncEndpoint(options.endpoint);
   const timeoutMs = normalizeTimeout(options.connectTimeoutMs, DEFAULT_CONNECT_TIMEOUT_MS);
-  const ws = options.createWebSocket?.(endpoint) ?? new WebSocket(endpoint);
-  const connection = createConnection(endpoint, ws);
-
   if (options.signal?.aborted) {
-    connection.close(1000, "Sync connection cancelled.");
     throw options.signal.reason instanceof Error
       ? options.signal.reason
       : new Error("Sync connection cancelled.");
   }
+  const ws = options.createWebSocket?.(endpoint) ?? new WebSocket(endpoint);
+  const connection = createConnection(endpoint, ws);
   if (ws.readyState === WebSocket.OPEN) return connection;
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@apps/desktop/src/main/services/remoteRuntime/syncRuntimeTransport.ts` around
lines 234 - 248, Move the existing options.signal?.aborted check in
openSyncEnvelopeConnection before invoking createWebSocket or new WebSocket, and
throw the same abort reason without creating a connection. Keep endpoint
normalization and timeout setup as needed, while preserving normal connection
creation and handling for non-aborted signals.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@apps/ade-cli/src/multiProjectRpcServer.ts`:
- Around line 803-806: Use the shared account-directory resolution path for both
affected call sites: update multiProjectRpcServer.ts lines 803-806 to include
the project-secret ADE_ACCOUNT_DIRECTORY_URL tier, and update remoteLauncher.ts
lines 1265-1268 to pass the same directory-base resolver instead of relying on
the service default. Ensure account.listMachines/pairMachine, ade code remote,
and ade login resolve the same project directory.

In `@apps/desktop/src/main/services/account/accountBridge.ts`:
- Around line 175-185: Update the machine-listing flow around
directoryService().listMachines() to apply the existing AccountAuthStatus source
guard, allowing sessions with status.source equal to "env-token" to proceed
instead of returning a false signed_out result. Reuse the typed
AccountAuthStatus.source value directly without adding a cast, while preserving
the existing unavailable warning and auth_expired response handling.

---

Outside diff comments:
In `@apps/desktop/src/main/services/remoteRuntime/syncPairedMachineStore.ts`:
- Around line 553-564: Stop the endpoint iteration immediately when cancellation
is requested: update the connection failure handling in the loop around
openSyncEnvelopeConnection, including the analogous block near the second
referenced location, to detect an aborted options.signal and exit before
continuing to another endpoint. Preserve recording non-cancellation failures and
existing retry behavior when the signal is not aborted.

In `@apps/desktop/src/main/services/remoteRuntime/syncRuntimeTransport.ts`:
- Around line 234-248: Move the existing options.signal?.aborted check in
openSyncEnvelopeConnection before invoking createWebSocket or new WebSocket, and
throw the same abort reason without creating a connection. Keep endpoint
normalization and timeout setup as needed, while preserving normal connection
creation and handling for non-aborted signals.

In `@apps/desktop/src/shared/accountDirectory.ts`:
- Around line 291-298: Update the catch block in the account-directory request
flow to check args.signal?.aborted before controller.signal.aborted, returning a
cancellation-specific message when the caller aborted the request and retaining
the timeout message only for controller-triggered aborts.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 264d06c8-bb1e-453a-a8a1-8f3bf3c5d71c

📥 Commits

Reviewing files that changed from the base of the PR and between 0a6f865 and 625be90.

⛔ Files ignored due to path filters (7)
  • apps/ios/ADE.xcodeproj/project.pbxproj is excluded by !**/*.xcodeproj/project.pbxproj
  • docs/ARCHITECTURE.md is excluded by !docs/**
  • docs/features/ade-code/README.md is excluded by !docs/**
  • docs/features/remote-runtime/README.md is excluded by !docs/**
  • docs/features/remote-runtime/internal-architecture.md is excluded by !docs/**
  • docs/features/sync-and-multi-device/README.md is excluded by !docs/**
  • docs/features/web-client/README.md is excluded by !docs/**
📒 Files selected for processing (38)
  • .github/workflows/ci.yml
  • apps/account-directory/README.md
  • apps/account-directory/package.json
  • apps/account-directory/wrangler.jsonc
  • apps/ade-cli/README.md
  • apps/ade-cli/src/cli.ts
  • apps/ade-cli/src/multiProjectRpcServer.ts
  • apps/ade-cli/src/services/account/accountMachineDirectoryService.test.ts
  • apps/ade-cli/src/services/account/accountMachineDirectoryService.ts
  • apps/ade-cli/src/services/account/accountMachinePublisherService.ts
  • apps/ade-cli/src/services/account/sharedAccountAuthService.test.ts
  • apps/ade-cli/src/services/account/sharedAccountAuthService.ts
  • apps/ade-cli/src/tuiClient/__tests__/remoteLauncher.test.ts
  • apps/ade-cli/src/tuiClient/remoteLauncher.ts
  • apps/desktop/src/main/services/account/accountBridge.trust.test.ts
  • apps/desktop/src/main/services/account/accountBridge.ts
  • apps/desktop/src/main/services/ipc/registerIpc.ts
  • apps/desktop/src/main/services/remoteRuntime/syncPairedMachineStore.ts
  • apps/desktop/src/main/services/remoteRuntime/syncRuntimeTransport.test.ts
  • apps/desktop/src/main/services/remoteRuntime/syncRuntimeTransport.ts
  • apps/desktop/src/preload/global.d.ts
  • apps/desktop/src/preload/preload.ts
  • apps/desktop/src/renderer/browserMock.ts
  • apps/desktop/src/renderer/components/remoteTargets/AccountMachineRow.tsx
  • apps/desktop/src/renderer/components/remoteTargets/RemoteTargetList.test.tsx
  • apps/desktop/src/renderer/components/remoteTargets/RemoteTargetList.tsx
  • apps/desktop/src/renderer/components/remoteTargets/remoteMachineModel.account.test.ts
  • apps/desktop/src/renderer/components/remoteTargets/remoteMachineModel.ts
  • apps/desktop/src/renderer/webclient/account/client.test.ts
  • apps/desktop/src/renderer/webclient/account/client.ts
  • apps/desktop/src/shared/accountDirectory.ts
  • apps/desktop/src/shared/ipc.ts
  • apps/desktop/src/shared/types/account.ts
  • apps/ios/ADE/ADE.Release.entitlements
  • apps/ios/ADE/Services/AccountDirectory.swift
  • apps/webhook-relay/README.md
  • apps/webhook-relay/src/relay.ts
  • apps/webhook-relay/test/account.test.ts

Comment thread apps/ade-cli/src/multiProjectRpcServer.ts Outdated
Comment thread apps/desktop/src/main/services/account/accountBridge.ts
@arul28

arul28 commented Jul 15, 2026

Copy link
Copy Markdown
Owner Author

@codex review

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 0cc683f6d8

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread .gitleaksignore
Comment on lines +8 to +9
26e2ed03a0fd341ce244fc2cd86d9103d0ad348a:apps/desktop/src/shared/accountDirectory.ts:generic-api-key:21
26e2ed03a0fd341ce244fc2cd86d9103d0ad348a:apps/desktop/src/shared/accountDirectory.ts:generic-api-key:26

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Add c0b1 fingerprints to the gitleaks allowlist

Checked the CI secret-scan job in .github/workflows/ci.yml: it runs gitleaks on the checked-out branch. These allowlist fingerprints are for commit 26e2ed03..., but this squashed commit adds the same Clerk OAuth client IDs at apps/desktop/src/shared/accountDirectory.ts:21 and :26 under c0b1fe3d...; the existing allowlist format includes the commit hash, so the new commit will still report both generic-api-key findings and block CI unless the c0b1 fingerprints are allowlisted too.

Useful? React with 👍 / 👎.

const matches = listed.machines.filter((machine) =>
accountMachineMatchesRemoteTarget(machine, target),
);
if (matches.length !== 1) return target;

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Reject unmatched legacy account targets before SSH

When the directory returns ok, a zero-match case (for example the account machine was deleted/expired) or a multi-match ambiguity for an isUnverifiedLegacyAccountCandidate(target) reaches this return and the caller later opens the saved target through SSH. That bypasses the fail-closed behavior above, so legacy account-created targets whose directory record is missing or ambiguous can silently downgrade to SSH instead of being rejected.

Useful? React with 👍 / 👎.

// A relay-only online machine has no direct SSH route, so it must not sit in
// AVAILABLE as a dead (unconnectable) row.
if (machine.online && accountMachineHasDirectRoute(machine)) {
if (accountMachineConnectionState(machine) === "available") {

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Use configured relay URLs when bucketing account machines

In desktop environments using a self-hosted relay via ADE_TUNNEL_RELAY_URL, account machines publish relay URLs for that host and pairMachine accepts them through defaultRelayUrl(), but this renderer-side call uses only the compiled default relay allowlist. Relay-only machines on the configured relay are therefore placed in UNAVAILABLE with no Connect button even though the main pairing path can connect.

Useful? React with 👍 / 👎.

@arul28
arul28 merged commit 47573f4 into main Jul 15, 2026
35 checks passed
@arul28
arul28 deleted the ade/fix-ade-code-remote-transport-b25b33d0 branch July 16, 2026 01:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant