mirror of
https://github.com/AutoMaker-Org/automaker.git
synced 2026-03-16 21:53:07 +00:00
0196911d59
* fix(copilot): correct tool.execution_complete event handling The CopilotProvider was using incorrect event type and data structure for tool execution completion events from the @github/copilot-sdk, causing tool call outputs to be empty. Changes: - Update event type from 'tool.execution_end' to 'tool.execution_complete' - Fix data structure to use nested result.content instead of flat result - Fix error structure to use error.message instead of flat error - Add success field to match SDK event structure - Add tests for empty and missing result handling This aligns with the official @github/copilot-sdk v0.1.16 types defined in session-events.d.ts. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * test(copilot): add edge case test for error with code field Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * refactor(copilot): improve error handling and code quality Code review improvements: - Extract magic string '[ERROR]' to TOOL_ERROR_PREFIX constant - Add null-safe error handling with direct error variable assignment - Include error codes in error messages for better debugging - Add JSDoc documentation for tool.execution_complete handler - Update tests to verify error codes are displayed - Add missing tool_use_id assertion in error test These changes improve: - Code maintainability (no magic strings) - Debugging experience (error codes now visible) - Type safety (explicit null checks) - Test coverage (verify error code formatting) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Changes from fix/bug-fixes-1-0 * test(copilot): add edge case test for error with code field Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Changes from fix/bug-fixes-1-0 * fix: Handle detached HEAD state in worktree discovery and recovery * fix: Remove unused isDevServerStarting prop and md: breakpoint classes * fix: Add missing dependency and sanitize persisted cache data * feat: Ensure NODE_ENV is set to test in vitest configs * feat: Configure Playwright to run only E2E tests * fix: Improve PR tracking and dev server lifecycle management * feat: Add settings-based defaults for planning mode, model config, and custom providers. Fixes #816 * feat: Add worktree and branch selector to graph view * fix: Add timeout and error handling for worktree HEAD ref resolution * fix: use absolute icon path and place icon outside asar on Linux The hicolor icon theme index only lists sizes up to 512x512, so an icon installed only at 1024x1024 is invisible to GNOME/KDE's theme resolver, causing both the app launcher and taskbar to show a generic icon. Additionally, BrowserWindow.icon cannot be read by the window manager when the file is inside app.asar. - extraResources: copy logo_larger.png to resources/ (outside asar) so it lands at /opt/Automaker/resources/logo_larger.png on install - linux.desktop.Icon: set to the absolute resources path, bypassing the hicolor theme lookup and its size constraints entirely - icon-manager.ts: on Linux production use process.resourcesPath so BrowserWindow receives a real filesystem path the WM can read directly Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix: use linux.desktop.entry for custom desktop Icon field electron-builder v26 rejects arbitrary keys in linux.desktop — the correct schema wraps custom .desktop overrides inside desktop.entry. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix: set desktop name on Linux so taskbar uses the correct app icon Without app.setDesktopName(), the window manager cannot associate the running Electron process with automaker.desktop. GNOME/KDE fall back to _NET_WM_ICON which defaults to Electron's own bundled icon. Calling app.setDesktopName('automaker.desktop') before any window is created sets the _GTK_APPLICATION_ID hint and XDG app_id so the WM picks up the desktop entry's Icon for the taskbar. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * Fix: memory and context views mobile friendly (#818) * Changes from fix/memory-and-context-mobile-friendly * fix: Improve file extension detection and add path traversal protection * refactor: Extract file extension utilities and add path traversal guards Code review improvements: - Extract isMarkdownFilename and isImageFilename to shared image-utils.ts - Remove duplicated code from context-view.tsx and memory-view.tsx - Add path traversal guard for context fixture utilities (matching memory) - Add 7 new tests for context fixture path traversal protection - Total 61 tests pass Addresses code review feedback from PR #813 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * test: Add e2e tests for profiles crud and board background persistence * Update apps/ui/playwright.config.ts Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * fix: Add robust test navigation handling and file filtering * fix: Format NODE_OPTIONS configuration on single line * test: Update profiles and board background persistence tests * test: Replace iPhone 13 Pro with Pixel 5 for mobile test consistency * Update apps/ui/src/components/views/context-view.tsx Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * chore: Remove test project directory * feat: Filter context files by type and improve mobile menu visibility --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * fix: Improve test reliability and localhost handling * chore: Use explicit TEST_USE_EXTERNAL_BACKEND env var for server cleanup * feat: Add E2E/CI mock mode for provider factory and auth verification * feat: Add remoteBranch parameter to pull and rebase operations * chore: Enhance E2E testing setup with worker isolation and auth state management - Updated .gitignore to include worker-specific test fixtures. - Modified e2e-tests.yml to implement test sharding for improved CI performance. - Refactored global setup to authenticate once and save session state for reuse across tests. - Introduced worker-isolated fixture paths to prevent conflicts during parallel test execution. - Improved test navigation and loading handling for better reliability. - Updated various test files to utilize new auth state management and fixture paths. * fix: Update Playwright configuration and improve test reliability - Increased the number of workers in Playwright configuration for better parallelism in CI environments. - Enhanced the board background persistence test to ensure dropdown stability by waiting for the list to populate before interaction, improving test reliability. * chore: Simplify E2E test configuration and enhance mock implementations - Updated e2e-tests.yml to run tests in a single shard for streamlined CI execution. - Enhanced unit tests for worktree list handling by introducing a mock for execGitCommand, improving test reliability and coverage. - Refactored setup functions to better manage command mocks for git operations in tests. - Improved error handling in mkdirSafe function to account for undefined stats in certain environments. * refactor: Improve test configurations and enhance error handling - Updated Playwright configuration to clear VITE_SERVER_URL, ensuring the frontend uses the Vite proxy and preventing cookie domain mismatches. - Enhanced MergeRebaseDialog logic to normalize selectedBranch for better handling of various ref formats. - Improved global setup with a more robust backend health check, throwing an error if the backend is not healthy after retries. - Refactored project creation tests to handle file existence checks more reliably. - Added error handling for missing E2E source fixtures to guide setup process. - Enhanced memory navigation to handle sandbox dialog visibility more effectively. * refactor: Enhance Git command execution and improve test configurations - Updated Git command execution to merge environment paths correctly, ensuring proper command execution context. - Refactored the Git initialization process to handle errors more gracefully and ensure user configuration is set before creating the initial commit. - Improved test configurations by updating Playwright test identifiers for better clarity and consistency across different project states. - Enhanced cleanup functions in tests to handle directory removal more robustly, preventing errors during test execution. * fix: Resolve React hooks errors from duplicate instances in dependency tree * style: Format alias configuration for improved readability --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: DhanushSantosh <dhanushsantoshs05@gmail.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
369 lines
13 KiB
TypeScript
369 lines
13 KiB
TypeScript
/**
|
|
* POST /verify-claude-auth endpoint - Verify Claude authentication by running a test query
|
|
* Supports verifying either CLI auth or API key auth independently
|
|
*/
|
|
|
|
import type { Request, Response } from 'express';
|
|
import { query } from '@anthropic-ai/claude-agent-sdk';
|
|
import { createLogger } from '@automaker/utils';
|
|
import { getClaudeAuthIndicators } from '@automaker/platform';
|
|
import { getApiKey } from '../common.js';
|
|
import {
|
|
createSecureAuthEnv,
|
|
AuthSessionManager,
|
|
AuthRateLimiter,
|
|
validateApiKey,
|
|
createTempEnvOverride,
|
|
} from '../../../lib/auth-utils.js';
|
|
|
|
const logger = createLogger('Setup');
|
|
const rateLimiter = new AuthRateLimiter();
|
|
|
|
// Known error patterns that indicate auth failure
|
|
const AUTH_ERROR_PATTERNS = [
|
|
'OAuth token revoked',
|
|
'Please run /login',
|
|
'please run /login',
|
|
'token revoked',
|
|
'invalid_api_key',
|
|
'authentication_error',
|
|
'unauthorized',
|
|
'not authenticated',
|
|
'authentication failed',
|
|
'invalid api key',
|
|
'api key is invalid',
|
|
];
|
|
|
|
// Patterns that indicate billing/credit issues - should FAIL verification
|
|
const BILLING_ERROR_PATTERNS = [
|
|
'credit balance is too low',
|
|
'credit balance too low',
|
|
'insufficient credits',
|
|
'insufficient balance',
|
|
'no credits',
|
|
'out of credits',
|
|
'billing',
|
|
'payment required',
|
|
'add credits',
|
|
];
|
|
|
|
// Patterns that indicate rate/usage limits - should FAIL verification
|
|
// Users need to wait or upgrade their plan
|
|
const RATE_LIMIT_PATTERNS = [
|
|
'limit reached',
|
|
'rate limit',
|
|
'rate_limit',
|
|
'resets', // Only valid if it's a temporary reset, not a billing issue
|
|
'/upgrade',
|
|
'extra-usage',
|
|
];
|
|
|
|
function isRateLimitError(text: string): boolean {
|
|
const lowerText = text.toLowerCase();
|
|
// First check if it's a billing error - billing errors are NOT rate limits
|
|
if (isBillingError(text)) {
|
|
return false;
|
|
}
|
|
return RATE_LIMIT_PATTERNS.some((pattern) => lowerText.includes(pattern.toLowerCase()));
|
|
}
|
|
|
|
function isBillingError(text: string): boolean {
|
|
const lowerText = text.toLowerCase();
|
|
return BILLING_ERROR_PATTERNS.some((pattern) => lowerText.includes(pattern.toLowerCase()));
|
|
}
|
|
|
|
function containsAuthError(text: string): boolean {
|
|
const lowerText = text.toLowerCase();
|
|
return AUTH_ERROR_PATTERNS.some((pattern) => lowerText.includes(pattern.toLowerCase()));
|
|
}
|
|
|
|
export function createVerifyClaudeAuthHandler() {
|
|
return async (req: Request, res: Response): Promise<void> => {
|
|
try {
|
|
// In E2E/CI mock mode, skip real API calls
|
|
if (process.env.AUTOMAKER_MOCK_AGENT === 'true') {
|
|
res.json({ success: true, authenticated: true });
|
|
return;
|
|
}
|
|
|
|
// Get the auth method and optional API key from the request body
|
|
const { authMethod, apiKey } = req.body as {
|
|
authMethod?: 'cli' | 'api_key';
|
|
apiKey?: string;
|
|
};
|
|
|
|
// Rate limiting to prevent abuse
|
|
const clientIp = req.ip || req.socket.remoteAddress || 'unknown';
|
|
if (!rateLimiter.canAttempt(clientIp)) {
|
|
const resetTime = rateLimiter.getResetTime(clientIp);
|
|
res.status(429).json({
|
|
success: false,
|
|
authenticated: false,
|
|
error: 'Too many authentication attempts. Please try again later.',
|
|
resetTime,
|
|
});
|
|
return;
|
|
}
|
|
|
|
logger.info(
|
|
`[Setup] Verifying Claude authentication using method: ${authMethod || 'auto'}${apiKey ? ' (with provided key)' : ''}`
|
|
);
|
|
|
|
// Create an AbortController with a 30-second timeout
|
|
const abortController = new AbortController();
|
|
const timeoutId = setTimeout(() => abortController.abort(), 30000);
|
|
|
|
let authenticated = false;
|
|
let errorMessage = '';
|
|
let receivedAnyContent = false;
|
|
let cleanupEnv: (() => void) | undefined;
|
|
|
|
// Create secure auth session
|
|
const sessionId = `claude-auth-${Date.now()}-${Math.random().toString(36).substr(2, 9)}`;
|
|
|
|
try {
|
|
// For API key verification, validate the key first
|
|
if (authMethod === 'api_key' && apiKey) {
|
|
const validation = validateApiKey(apiKey, 'anthropic');
|
|
if (!validation.isValid) {
|
|
res.json({
|
|
success: true,
|
|
authenticated: false,
|
|
error: validation.error,
|
|
});
|
|
return;
|
|
}
|
|
}
|
|
|
|
// Create secure environment without modifying process.env
|
|
const authEnv = createSecureAuthEnv(authMethod || 'api_key', apiKey, 'anthropic');
|
|
|
|
// For API key verification without provided key, use stored key or env var
|
|
if (authMethod === 'api_key' && !apiKey) {
|
|
const storedApiKey = getApiKey('anthropic');
|
|
if (storedApiKey) {
|
|
authEnv.ANTHROPIC_API_KEY = storedApiKey;
|
|
logger.info('[Setup] Using stored API key for verification');
|
|
} else if (!authEnv.ANTHROPIC_API_KEY) {
|
|
res.json({
|
|
success: true,
|
|
authenticated: false,
|
|
error: 'No API key configured. Please enter an API key first.',
|
|
});
|
|
return;
|
|
}
|
|
}
|
|
|
|
// Store the secure environment in session manager
|
|
AuthSessionManager.createSession(sessionId, authMethod || 'api_key', apiKey, 'anthropic');
|
|
|
|
// Create temporary environment override for SDK call
|
|
cleanupEnv = createTempEnvOverride(authEnv);
|
|
|
|
// Run a minimal query to verify authentication
|
|
const stream = query({
|
|
prompt: "Reply with only the word 'ok'",
|
|
options: {
|
|
model: 'claude-sonnet-4-6',
|
|
maxTurns: 1,
|
|
allowedTools: [],
|
|
abortController,
|
|
},
|
|
});
|
|
|
|
// Collect all messages and check for errors
|
|
const allMessages: string[] = [];
|
|
|
|
for await (const msg of stream) {
|
|
const msgStr = JSON.stringify(msg);
|
|
allMessages.push(msgStr);
|
|
logger.info('[Setup] Stream message:', msgStr.substring(0, 500));
|
|
|
|
// Check for billing errors FIRST - these should fail verification
|
|
if (isBillingError(msgStr)) {
|
|
logger.error('[Setup] Found billing error in message');
|
|
errorMessage =
|
|
'Credit balance is too low. Please add credits to your Anthropic account at console.anthropic.com';
|
|
authenticated = false;
|
|
break;
|
|
}
|
|
|
|
// Check if any part of the message contains auth errors
|
|
if (containsAuthError(msgStr)) {
|
|
logger.error('[Setup] Found auth error in message');
|
|
if (authMethod === 'cli') {
|
|
errorMessage =
|
|
"CLI authentication failed. Please run 'claude login' in your terminal to authenticate.";
|
|
} else {
|
|
errorMessage = 'API key is invalid or has been revoked.';
|
|
}
|
|
break;
|
|
}
|
|
|
|
// Check specifically for assistant messages with text content
|
|
const msgRecord = msg as Record<string, unknown>;
|
|
const msgMessage = msgRecord.message as Record<string, unknown> | undefined;
|
|
if (msg.type === 'assistant' && msgMessage?.content) {
|
|
const content = msgMessage.content;
|
|
if (Array.isArray(content)) {
|
|
for (const block of content) {
|
|
if (block.type === 'text' && block.text) {
|
|
const text = block.text;
|
|
logger.info('[Setup] Assistant text:', text);
|
|
|
|
if (containsAuthError(text)) {
|
|
if (authMethod === 'cli') {
|
|
errorMessage =
|
|
"CLI authentication failed. Please run 'claude login' in your terminal to authenticate.";
|
|
} else {
|
|
errorMessage = 'API key is invalid or has been revoked.';
|
|
}
|
|
break;
|
|
}
|
|
|
|
// Valid text response that's not an error
|
|
if (text.toLowerCase().includes('ok') || text.length > 0) {
|
|
receivedAnyContent = true;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
// Check for result messages
|
|
if (msg.type === 'result') {
|
|
const resultStr = JSON.stringify(msg);
|
|
|
|
// First check for billing errors - these should FAIL verification
|
|
if (isBillingError(resultStr)) {
|
|
logger.error('[Setup] Billing error detected - insufficient credits');
|
|
errorMessage =
|
|
'Credit balance is too low. Please add credits to your Anthropic account at console.anthropic.com';
|
|
authenticated = false;
|
|
break;
|
|
}
|
|
// Check if it's a rate limit error - should FAIL verification
|
|
else if (isRateLimitError(resultStr)) {
|
|
logger.warn('[Setup] Rate limit detected - treating as unverified');
|
|
errorMessage =
|
|
'Rate limit reached. Please wait a while before trying again or upgrade your plan.';
|
|
authenticated = false;
|
|
break;
|
|
} else if (containsAuthError(resultStr)) {
|
|
if (authMethod === 'cli') {
|
|
errorMessage =
|
|
"CLI authentication failed. Please run 'claude login' in your terminal to authenticate.";
|
|
} else {
|
|
errorMessage = 'API key is invalid or has been revoked.';
|
|
}
|
|
} else {
|
|
// Got a result without errors
|
|
receivedAnyContent = true;
|
|
}
|
|
}
|
|
}
|
|
|
|
// Determine authentication status
|
|
if (errorMessage) {
|
|
authenticated = false;
|
|
} else if (receivedAnyContent) {
|
|
authenticated = true;
|
|
} else {
|
|
// No content received - might be an issue
|
|
logger.warn('[Setup] No content received from stream');
|
|
logger.warn('[Setup] All messages:', allMessages.join('\n'));
|
|
errorMessage = 'No response received from Claude. Please check your authentication.';
|
|
}
|
|
} catch (error: unknown) {
|
|
const errMessage = error instanceof Error ? error.message : String(error);
|
|
|
|
logger.error('[Setup] Claude auth verification exception:', errMessage);
|
|
|
|
// Check for billing errors FIRST - these always fail
|
|
if (isBillingError(errMessage)) {
|
|
authenticated = false;
|
|
errorMessage =
|
|
'Credit balance is too low. Please add credits to your Anthropic account at console.anthropic.com';
|
|
}
|
|
// Check for rate limit in exception - should FAIL verification
|
|
else if (isRateLimitError(errMessage)) {
|
|
authenticated = false;
|
|
errorMessage =
|
|
'Rate limit reached. Please wait a while before trying again or upgrade your plan.';
|
|
logger.warn('[Setup] Rate limit in exception - treating as unverified');
|
|
}
|
|
// If we already determined auth was successful, keep it
|
|
else if (authenticated) {
|
|
logger.info('[Setup] Auth already confirmed, ignoring exception');
|
|
}
|
|
// Check for auth-related errors in exception
|
|
else if (containsAuthError(errMessage)) {
|
|
if (authMethod === 'cli') {
|
|
errorMessage =
|
|
"CLI authentication failed. Please run 'claude login' in your terminal to authenticate.";
|
|
} else {
|
|
errorMessage = 'API key is invalid or has been revoked.';
|
|
}
|
|
} else if (errMessage.includes('abort') || errMessage.includes('timeout')) {
|
|
errorMessage = 'Verification timed out. Please try again.';
|
|
} else if (errMessage.includes('exit') && errMessage.includes('code 1')) {
|
|
// Process exited with code 1 but we might have gotten rate limit info in the stream
|
|
// Check if we received any content that indicated auth worked
|
|
if (receivedAnyContent && !errorMessage) {
|
|
authenticated = true;
|
|
logger.info('[Setup] Process exit 1 but content received - auth valid');
|
|
} else if (!errorMessage) {
|
|
errorMessage = errMessage;
|
|
}
|
|
} else if (!errorMessage) {
|
|
errorMessage = errMessage;
|
|
}
|
|
} finally {
|
|
clearTimeout(timeoutId);
|
|
// Restore process.env to its original state
|
|
cleanupEnv?.();
|
|
// Clean up the auth session
|
|
AuthSessionManager.destroySession(sessionId);
|
|
}
|
|
|
|
logger.info('[Setup] Verification result:', {
|
|
authenticated,
|
|
errorMessage,
|
|
authMethod,
|
|
});
|
|
|
|
// Determine specific auth type for success messages
|
|
const effectiveAuthMethod = authMethod ?? 'api_key';
|
|
let authType: 'oauth' | 'api_key' | 'cli' | undefined;
|
|
if (authenticated) {
|
|
if (effectiveAuthMethod === 'api_key') {
|
|
authType = 'api_key';
|
|
} else if (effectiveAuthMethod === 'cli') {
|
|
// Check if CLI auth is via OAuth (Claude Code subscription) or generic CLI
|
|
try {
|
|
const indicators = await getClaudeAuthIndicators();
|
|
authType = indicators.credentials?.hasOAuthToken ? 'oauth' : 'cli';
|
|
} catch {
|
|
// Fall back to generic CLI if credential check fails
|
|
authType = 'cli';
|
|
}
|
|
}
|
|
}
|
|
|
|
res.json({
|
|
success: true,
|
|
authenticated,
|
|
authType,
|
|
error: errorMessage || undefined,
|
|
});
|
|
} catch (error) {
|
|
logger.error('[Setup] Verify Claude auth endpoint error:', error);
|
|
res.status(500).json({
|
|
success: false,
|
|
authenticated: false,
|
|
error: error instanceof Error ? error.message : 'Verification failed',
|
|
});
|
|
}
|
|
};
|
|
}
|