Skip to content

[codex] add session context to credential errors#3349

Merged
juliusmarminge merged 1 commit into
mainfrom
codex/structure-session-store-errors
Jun 21, 2026
Merged

[codex] add session context to credential errors#3349
juliusmarminge merged 1 commit into
mainfrom
codex/structure-session-store-errors

Conversation

@juliusmarminge

@juliusmarminge juliusmarminge commented Jun 20, 2026
edited by cursor Bot
Loading

Copy link
Copy Markdown
Member

Summary

  • attach session IDs and lifecycle timestamps to token/session expiry, revocation, and lookup errors
  • preserve exact repository and encoding causes while mapping at points where correlation context is known
  • keep raw tokens and signatures out of every error attribute

Verification

  • vp test apps/server/src/auth/SessionStore.test.ts (8 tests)
  • vp check (passes with 20 pre-existing warnings)
  • vp run typecheck

Note

Medium Risk
Touches session and WebSocket verification and revocation error paths in auth; behavior is largely additive structured fields with nested causes, but callers depending on old error shapes or broad mapError wrappers could see different error tags.

Overview
SessionStore auth failures now carry structured correlation fields instead of relying on generic messages alone.

Expiry, unknown-session, revocation, and invalid-exp errors for session and WebSocket tokens include sessionId plus lifecycle timestamps (expiresAt / observedAt or revokedAt). Internal paths—issue, verify, WebSocket issue/verify, revoke, and revoke-all-except—attach sessionId (or currentSessionId) on wrapper errors while nesting encoding and persistence failures as cause. Expiry checks use DateTime.now rather than raw millisecond clock reads.

Tests assert tagged error shapes and context fields (including repository failures on revoke) instead of substring checks on message.

Reviewed by Cursor Bugbot for commit 308f5f4. Bugbot is set up for automated code reviews on this repo. Configure here.

Note

Add session context fields to credential and revocation errors in SessionStore

  • Adds structured context fields (sessionId, expiresAt, observedAt, revokedAt, etc.) to all typed errors in SessionStore.ts, replacing bare string messages.
  • Switches time resolution from Clock.currentTimeMillis to DateTime.now for expiry checks in both session and WebSocket token verification.
  • Maps previously untyped repository and encoding failures into specific typed errors (SessionCredentialIssueError, SessionRevocationError, OtherSessionsRevocationError, etc.) with nested causes.
  • Updates tests in SessionStore.test.ts to assert on typed error tags and contextual fields rather than message substrings.

Macroscope summarized 308f5f4.

@juliusmarminge juliusmarminge added the vouch:trusted PR author is trusted by repo permissions or the VOUCHED list. label Jun 20, 2026
@coderabbitai

coderabbitai Bot commented Jun 20, 2026
edited
Loading

Copy link
Copy Markdown

Important

Review skipped

Auto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 35ca2211-334e-479d-ac57-dd5ead6cc53f

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch codex/structure-session-store-errors

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions github-actions Bot added the size:L 100-499 changed lines (additions + deletions). label Jun 20, 2026
@macroscopeapp

macroscopeapp Bot commented Jun 20, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Approvability

Verdict: Needs human review

This PR modifies authentication session handling code (SessionStore.ts) to add context fields to error classes. Changes to auth-related code paths warrant human review regardless of the additive nature of the changes.

No code changes detected at 308f5f4. Prior analysis still applies.

You can customize Macroscope's approvability policy. Learn more.

@juliusmarminge juliusmarminge force-pushed the codex/structure-session-store-errors branch 14 times, most recently from 87e3de9 to 9c8311a Compare June 21, 2026 02:06
@juliusmarminge @codex
fix: add session context to credential errors
308f5f4 
Co-authored-by: codex <codex@users.noreply.github.com>
@juliusmarminge juliusmarminge force-pushed the codex/structure-session-store-errors branch from 9c8311a to 308f5f4 Compare June 21, 2026 02:21
@juliusmarminge juliusmarminge merged commit 82a9bcc into main Jun 21, 2026
16 checks passed
@juliusmarminge juliusmarminge deleted the codex/structure-session-store-errors branch June 21, 2026 03:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

size:L 100-499 changed lines (additions + deletions). vouch:trusted PR author is trusted by repo permissions or the VOUCHED list.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@juliusmarminge