Skip to content

fix: stabilize local dev auth startup#3252

Open
huxcrux wants to merge 5 commits into
pingdotgg:mainfrom
huxcrux:dev-fix
Open

fix: stabilize local dev auth startup#3252
huxcrux wants to merge 5 commits into
pingdotgg:mainfrom
huxcrux:dev-fix

Conversation

@huxcrux

@huxcrux huxcrux commented Jun 20, 2026
edited by macroscopeapp Bot
Loading

Copy link
Copy Markdown
Contributor

What Changed

  • Prevent Clerk-dependent desktop/web code from loading when Clerk local config is absent.
  • Register the desktop app scheme independently so local desktop startup no longer depends on Clerk side effects.
  • Route desktop custom-scheme requests through the app protocol using the Effect/Undici HTTP client.
  • Load the diff worker via the portable worker entry to avoid Vite worker default-export failures.
  • Route configured local-dev HTTP requests through the Vite origin while preserving direct WebSocket targets.
  • Harden pairing bootstrap by deduping same-token submits and tolerating already-authenticated stale token retries.

Why

Local development could fail when Clerk config was missing or when running the web dev flow through vp run dev. Clerk was being loaded too eagerly, desktop scheme registration depended on Clerk bridge setup, diff worker imports could fail under Vite, and pairing-token exchange could consume a one-time token before the browser session was observable on the correct origin.

This keeps local startup resilient without Clerk config, avoids CORS/cookie-origin issues by using the web/Vite origin for browser HTTP requests, and preserves direct loopback WebSockets where required.

UI Changes

Checklist

  • This PR is small and focused
  • I explained what changed and why
  • I included before/after screenshots for any UI changes
  • I included a video for animation/interaction changes

Note

Medium Risk
Touches auth credential exchange, primary HTTP URL resolution, and the desktop protocol proxy path—areas that affect cookies, pairing, and renderer loading, though changes are guarded by tests and mostly dev-scoped.

Overview
Stabilizes local development when Clerk config is missing or auth runs through Vite/desktop custom schemes.

Desktop: Clerk bridge acquisition is gated on desktopClerkBridgeEnabled; when disabled, the custom t3code/t3code-dev scheme is registered up front in main.ts instead of relying on Clerk side effects. Protocol proxying moves from Electron.net.fetch to Effect HttpClient (Undici), with streamed bodies, hop-by-hop header stripping, and registerDesktopSchemePrivileges.

Web primary environment: resolveHttpRequestBaseUrl routes loopback HTTP through the Vite dev origin when the page is served from the dev server, and through t3code-dev://app when the desktop dev shell is active—keeping cookies/proxy behavior aligned while WebSocket bases stay direct.

Auth bootstrap: submitServerAuthCredential dedupes concurrent submits for the same token, waits for session observability after exchange, and treats invalid-credential responses as success if the session is already authenticated.

Bundling/dev UX: Clerk UI and cloud auth root load via React.lazy; diff workers use @pierre/diffs/worker/worker-portable.js; Vite defines VITE_DEV_SERVER_URL, tightens HMR clientPort, and drops an unused @pierre/diffs optimizeDeps entry.

Reviewed by Cursor Bugbot for commit 89bf5f5. Bugbot is set up for automated code reviews on this repo. Configure here.

Note

Fix local dev auth startup by stabilizing Clerk bridge initialization and HTTP request routing

  • Guards Clerk SDK bridge acquisition in DesktopClerk.makeDesktopClerkLayer behind an enabled flag, skipping bridge setup entirely when no frontend API hostname is configured.
  • Reworks HTTP base URL resolution in target.ts to route loopback requests through the Vite dev server origin or the desktop dev custom scheme (t3code-dev://) as appropriate.
  • Registers the desktop custom scheme with full privileges (standard, secure, streaming, CORS) on startup when the Clerk bridge is disabled.
  • Replaces Electron.net.fetch in ElectronProtocol.ts with an injected HttpClient (Undici at runtime), adding hop-by-hop header filtering and streaming response bodies without buffering.
  • Deduplicates concurrent one-time token submissions in auth.ts, treating an already-authenticated session as success instead of surfacing an error on race or retry.

Macroscope summarized 89bf5f5.

@coderabbitai

coderabbitai Bot commented Jun 20, 2026
edited
Loading

Copy link
Copy Markdown

Important

Review skipped

Auto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 9d9bcf64-ebee-4a13-8bf1-961725173179

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions github-actions Bot added vouch:unvouched PR author is not yet trusted in the VOUCHED list. size:L 100-499 changed lines (additions + deletions). labels Jun 20, 2026
cursor[bot]
cursor Bot reviewed Jun 20, 2026
View reviewed changes

@cursor cursor Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes using high effort and found 2 potential issues.

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit cd0056b. Configure here.

Comment thread apps/desktop/src/electron/ElectronProtocol.ts
Comment thread apps/web/src/environments/primary/auth.ts
@huxcrux huxcrux marked this pull request as draft June 20, 2026 09:42
macroscopeapp[bot]
macroscopeapp Bot reviewed Jun 20, 2026
View reviewed changes
Comment thread apps/web/src/environments/primary/auth.ts
@macroscopeapp

macroscopeapp Bot commented Jun 20, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Approvability

Verdict: Needs human review

This PR modifies authentication-related code paths including credential submission handling, request proxy routing for auth endpoints, and clerk bridge initialization. Changes to auth flows and security-sensitive code require human review.

You can customize Macroscope's approvability policy. Learn more.

@huxcrux huxcrux marked this pull request as ready for review June 20, 2026 09:52
This was referenced Jun 20, 2026
Merged
Merged
huxcrux and others added 5 commits June 21, 2026 11:41
@huxcrux
fix: stabilize local desktop startup without clerk config
0e9e3b7 
Gate Clerk-dependent renderer and desktop bridge setup when local config is absent, register the desktop schemes independently, proxy custom-scheme requests through the app protocol, and load the diff worker via the portable package worker entry.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@huxcrux
fix: harden local dev pairing bootstrap
2b1a84d 
Route configured loopback HTTP requests through the Vite origin so browser-session cookies are scoped to the page origin, while preserving direct WebSocket targets. Dedupe same-token pairing submits and tolerate stale one-time-token retries when a session is already authenticated.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@huxcrux
fix: address local dev startup review feedback
f2cf0f7 
Stream desktop protocol proxy responses instead of buffering complete bodies, and wait for browser sessions to become observable after manual pairing exchanges.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@huxcrux
chore: trigger ci
21503e8 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@huxcrux
fix: resolve latest main rebase conflicts
89bf5f5
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@macroscopeapp macroscopeapp[bot] macroscopeapp[bot] left review comments

@cursor cursor[bot] cursor[bot] left review comments

Assignees

No one assigned

Labels

size:L 100-499 changed lines (additions + deletions). vouch:unvouched PR author is not yet trusted in the VOUCHED list.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@huxcrux