Fix OAuth continuity, media tool discovery, and fallback privacy#94
Merged
Conversation
- route user-owned Google auth through extension /ops and fail closed for unsafe modes - skip Google-sensitive cookie bootstrap by default with explicit diagnostic override - add sanitized auth provenance, docs, runtime guidance, and regression coverage Co-authored-by: Codex <noreply@openai.com>
- write common binary directories into macOS LaunchAgent PATH - classify old or incomplete PATH plists as repairable Co-authored-by: Codex <noreply@openai.com>
- fall back from implicit PATH ENOENT misses to common install dirs - keep explicit env and config paths diagnostic Co-authored-by: Codex <noreply@openai.com>
- align CLI, troubleshooting, surface, skill, and AGENTS guidance - regenerate public surface manifests and lock guidance tests Co-authored-by: Codex <noreply@openai.com>
- Merge AGENTS hierarchy updates from t3code/2d2e3c11 onto google-oauth-session-continuity. - Address RepoPrompt review fixes for Inspiredesign, media-analysis, guidance, installers, and provider workflow wording. Co-authored-by: Codex <noreply@openai.com>
Co-authored-by: Codex <noreply@openai.com>
- Restore investigation, plan, and review artifacts needed for PR traceability. Co-authored-by: Codex <noreply@openai.com>
- Strip user-owned Google suspended intent inputs from preserved challenge summaries. - Preserve non-Google suspended intent inputs and cover both fresh and existing summaries. Co-authored-by: Codex <noreply@openai.com>
- Sanitize fallback error messages, details, nested challenge payloads, and no-output failures for Google/OAuth/user-owned sensitive values. - Add regression coverage for OAuth params, emails, bearer tokens, malformed strings, and benign non-OAuth URLs. Co-authored-by: Codex <noreply@openai.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Verification
npm run lintnpm run typechecknpm run version:checknode scripts/docs-drift-check.mjsgit diff --checknpm run buildnpm run extension:buildnpm run test- 294 test files passed, 1 skipped; 5459 tests passed, 1 skippedcoverage/lcov.info: 25145/25922 = 97.0025%, deficit 0Real Workflows
.tmp/final-install-workflows-20260627-005627/:npm pack, tempnpm install, installed CLI help, isolated daemon status, stripped-PATHstatus-capabilities, installedinspiredesign run, and installedinspiredesign harvest.available=true,capabilityTier=full, FFmpeg 7.1.1, FFprobe 7.1.1, and no limitations.inspiredesign runandinspiredesign harvestcompleted with artifact bundles and diagnostic-only product readiness for weak/reference-limited inputs, with no media-analysis failure.readiness=needs_recoverydue to off-brief reference signals, confirming readiness gating rather than FFmpeg/media-analysis degradation.Safety Notes