Skip to content

Fix OAuth continuity, media tool discovery, and fallback privacy#94

Merged
freshtechbro merged 9 commits into
mainfrom
codex/google-oauth-session-continuity
Jun 27, 2026
Merged

Fix OAuth continuity, media tool discovery, and fallback privacy#94
freshtechbro merged 9 commits into
mainfrom
codex/google-oauth-session-continuity

Conversation

@freshtechbro

Copy link
Copy Markdown
Owner

Summary

  • Preserve Google OAuth session continuity and redact user-owned Google/OAuth suspended-intent and browser-fallback error details.
  • Repair FFmpeg/FFprobe discovery for LaunchAgent-style daemon environments and document the media-analysis dependency contract.
  • Sync AGENTS/docs planning evidence for the OAuth, FFmpeg, and Inspiredesign readiness work on this branch.

Verification

  • npm run lint
  • npm run typecheck
  • npm run version:check
  • node scripts/docs-drift-check.mjs
  • git diff --check
  • npm run build
  • npm run extension:build
  • npm run test - 294 test files passed, 1 skipped; 5459 tests passed, 1 skipped
  • Branch coverage recomputed from coverage/lcov.info: 25145/25922 = 97.0025%, deficit 0

Real Workflows

  • Isolated packed install under .tmp/final-install-workflows-20260627-005627/: npm pack, temp npm install, installed CLI help, isolated daemon status, stripped-PATH status-capabilities, installed inspiredesign run, and installed inspiredesign harvest.
  • Installed package media-analysis preflight reported available=true, capabilityTier=full, FFmpeg 7.1.1, FFprobe 7.1.1, and no limitations.
  • Installed inspiredesign run and inspiredesign harvest completed with artifact bundles and diagnostic-only product readiness for weak/reference-limited inputs, with no media-analysis failure.
  • Extra isolated daemon-backed stronger-reference probe still returned readiness=needs_recovery due to off-brief reference signals, confirming readiness gating rather than FFmpeg/media-analysis degradation.

Safety Notes

  • Did not inspect cookies, tokens, auth headers, Google account pages, private URLs, or the user's real LaunchAgent.
  • Used isolated HOME, OPENCODE_CONFIG_DIR, OPENCODE_CACHE_DIR, daemon ports, and relay ports for live workflow checks.

freshtechbro and others added 9 commits June 22, 2026 21:22
- route user-owned Google auth through extension /ops and fail closed for unsafe modes
- skip Google-sensitive cookie bootstrap by default with explicit diagnostic override
- add sanitized auth provenance, docs, runtime guidance, and regression coverage

Co-authored-by: Codex <noreply@openai.com>
- write common binary directories into macOS LaunchAgent PATH

- classify old or incomplete PATH plists as repairable

Co-authored-by: Codex <noreply@openai.com>
- fall back from implicit PATH ENOENT misses to common install dirs

- keep explicit env and config paths diagnostic

Co-authored-by: Codex <noreply@openai.com>
- align CLI, troubleshooting, surface, skill, and AGENTS guidance

- regenerate public surface manifests and lock guidance tests

Co-authored-by: Codex <noreply@openai.com>
- Merge AGENTS hierarchy updates from t3code/2d2e3c11 onto google-oauth-session-continuity.

- Address RepoPrompt review fixes for Inspiredesign, media-analysis, guidance, installers, and provider workflow wording.

Co-authored-by: Codex <noreply@openai.com>
Co-authored-by: Codex <noreply@openai.com>
- Restore investigation, plan, and review artifacts needed for PR traceability.

Co-authored-by: Codex <noreply@openai.com>
- Strip user-owned Google suspended intent inputs from preserved challenge summaries.

- Preserve non-Google suspended intent inputs and cover both fresh and existing summaries.

Co-authored-by: Codex <noreply@openai.com>
- Sanitize fallback error messages, details, nested challenge payloads, and no-output failures for Google/OAuth/user-owned sensitive values.

- Add regression coverage for OAuth params, emails, bearer tokens, malformed strings, and benign non-OAuth URLs.

Co-authored-by: Codex <noreply@openai.com>
@freshtechbro freshtechbro merged commit 8d05bb0 into main Jun 27, 2026
9 checks passed
@freshtechbro freshtechbro deleted the codex/google-oauth-session-continuity branch June 27, 2026 06:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant