Merged
Conversation
* fix(desktop): harden external protocol handling * fix(build): avoid optional peer resolution in dev
release(desktop): Release v1.3.1
* chore(infra): migrate desktop web from Vercel to Cloudflare Workers Replaces separate Vercel deployments (follow SPA + follow-external-ssr) with unified Cloudflare Workers + Assets deployment. Implements meta tag injection, OG image generation, and environment variable management in Hono-based Worker. Adds GitHub Actions CI/CD for automatic deployment on push to dev/main branches. - Replace Fastify with Hono for Cloudflare Workers compatibility - Create Worker entry point with SSR routes and SPA fallback - Add AsyncLocalStorage-based request context shim - Implement WASM-based OG image rendering with R2 font storage - Split SPA and SSR routing: /share/* and auth routes use SSR, others fallback to SPA - Add Cloudflare wrangler configuration with dev/prod environments - Create GitHub Actions workflow for automated deployments - Add build scripts for font data and WASM patching Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(ssr): exclude worker files from typecheck and fix tsdown config Worker-specific files (*.worker.ts) use Cloudflare Workers types and generated modules that aren't available during the main tsc typecheck. Exclude them from tsconfig since they're only used via tsdown aliases. Also fix broken path.resolve reference in tsdown.worker.config.ts. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
The worker build intentionally bundles all dependencies (noExternal: ["**"]) for Cloudflare Workers. Set inlineOnly: false to suppress the error that causes the build to exit with code 1. Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* fix: harden setting sync auth lifecycle * fix: preserve legacy setting sync queue * fix: keep setting queue on auth flaps * fix: persist queue reset on auth errors * fix: initialize setting sync queue earlier * fix: await mobile sync queue load
Bumps [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) from 3 to 4. - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](actions/attest-build-provenance@v3...v4) --- updated-dependencies: - dependency-name: actions/attest-build-provenance dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* feat(cli): add agent-friendly CLI client with tests * fix(lockfile): regenerate lockfile after merging dev
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6 to 7. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v6...v7) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* feat(cli): deep integration with desktop client - Package CLI binary with desktop app via extraResource in Electron Forge - Sync desktop login session to ~/.folo/config.json automatically on login/logout - Add CliService IPC with install/uninstall methods supporting macOS (osascript), Linux (pkexec), Windows (.cmd wrapper) - Add CLI settings tab in desktop app for install status and management - Create prepare-cli build script to compile and bundle CLI before packaging - Add i18n strings for CLI UI (English and Chinese) The CLI now shares the desktop app's authentication session without requiring separate login. Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com> * fix(cli): fix CI failures in auth service and forge config - Pass `undefined` explicitly to syncSessionToCliConfig() to satisfy TS arity check - Make resources/cli conditional in extraResource so packaging doesn't fail when CLI bundle is absent Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(cli): make syncSessionToCliConfig token param optional Avoids TS2554 when called without arguments on signOut, while also satisfying the lint rule that strips explicit `undefined` arguments. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(cli): address PR review feedback - Fix $@ shell expansion in privileged install path by writing to a temp file first, then using admin cp (Comment #1) - Check .cmd extension on Windows for install status and uninstall guard so the CLI is correctly detected and removed (Comment #2) - Wire prepare:cli into build:electron-vite instead of build:electron so all CI packaging paths (vite + forge) include CLI (Comment #3) - Add CLI i18n strings for ja, fr-FR, zh-TW locales (Comment #4) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Haiku 4.5 <noreply@anthropic.com>
* feat: add cross-platform e2e coverage * fix: stabilize desktop e2e navigation * fix: harden desktop e2e read flow * fix: harden desktop e2e auth and follow flows * fix: stabilize desktop e2e discover entry flows * fix: run android e2e in a single shell * fix: speed up mobile e2e builds in ci * fix: build android e2e app from mobile workspace * fix: invoke android gradle build from repo root * fix: use absolute path for android ci build * fix: restore android eas build in ci * fix: target iOS simulator by udid in ci * fix: align desktop e2e with discover card flow * fix: reorder web e2e after relogin * fix: navigate web e2e via real hash url * fix: close stale settings modal before reopening * fix: track android maestro flows * fix: wait for settings router in web e2e * fix: wait for web settings sync propagation * fix: stabilize desktop e2e settings flows * fix: harden desktop e2e regressions * fix: stabilize desktop e2e selectors * fix: read desktop entry state from locators * fix: relax desktop e2e entry assertions * fix: avoid waiting on missing desktop feed ids
* fix: harden desktop e2e auth and user flows * fix: stabilize desktop e2e in ci * fix: stabilize ci desktop e2e flows * fix: make ci desktop e2e more robust * fix: avoid media interception in desktop e2e * fix: increase desktop e2e timeouts for ci * fix: use keyboard navigation for web e2e entries * fix: stabilize desktop e2e navigation in ci * fix: simplify desktop e2e navigation paths * fix: narrow desktop e2e action selectors * fix: add desktop e2e read-action fallbacks * fix: reduce desktop e2e flakiness in ci * fix: harden desktop e2e route transitions * fix: relax desktop e2e ci assertions * fix: prefer keyboard read toggle in desktop e2e * fix: tolerate settings modal close races in e2e * fix: tighten desktop e2e flows and remove gha e2e
* fix(mobile): stabilize auth e2e flows * docs(skill): add mobile e2e runbook
…endencies management
* feat(mobile): support iOS Apple subscriptions * fix: stabilize mobile subscription checks
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 278388cc13
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Comment on lines
+101
to
+103
| if (currentCookie) { | ||
| return ctx.response | ||
| } |
There was a problem hiding this comment.
This new guard returns immediately on any 401 whenever currentCookie exists, which prevents the logout/re-auth flow from running for expired or revoked sessions. In the common case where SecureStore still has a stale cookie but the server has invalidated it, the app will keep receiving 401 responses without clearing user state or presenting LoginScreen, leaving users stuck in a broken authenticated state until they manually reset local auth data.
Useful? React with 👍 / 👎.
Comment on lines
+110
to
+112
| if (IN_ELECTRON && getAuthSessionToken()) { | ||
| return response | ||
| } |
There was a problem hiding this comment.
This early return suppresses the login prompt whenever a local Electron session token exists, even if that token is no longer valid server-side. If /better-auth/get-session (or other auth checks when whoami() is empty) returns 401 for an expired/revoked token, the handler exits before setLoginModalShow(true) and removeCurrentUser(), so the app never surfaces re-authentication and can remain in a permanently unauthorized state.
Useful? React with 👍 / 👎.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
v0.4.0