refactor(theia): drop printenv fallback, fail loudly on bridge failure#128
Merged
Conversation
Removes the printenv fallback path from Theia bootstrapping so the EduIDE data-bridge is the only source for ARTEMIS_URL, ARTEMIS_TOKEN, GIT_URI, GIT_USER, GIT_MAIL. Deletes envVarReader.ts and simplifies activation/extensionCommands. Auth provider behaviour unchanged (Bearer for Theia, Cookie for Desktop).
…s set
readEnvVarsViaDataBridge now returns a discriminated union instead of
`Record | undefined`:
- 'no-bridge' : DATA_BRIDGE_ENABLED unset (genuine Desktop)
- 'success' : all keys delivered
- 'failure' : bridge expected but unreachable (command-missing /
timeout / invalid-response)
detectTheiaEnvironment dispatches on this union: 'failure' surfaces
showErrorMessage and falls back to Desktop so the diagnostic command
remains accessible. Previously every non-success collapsed to silent
Desktop, which booted EduIDE pods with Cookie auth (wrong scheme
against an EduIDE Artemis) when the bridge was slow or absent.
Adds 11 unit tests covering all four return shapes plus the
fail-loud branches in the detector. No behaviour change for
genuine Desktop boots.
…plies Codex follow-up nit on the previous commit: the union member 'invalid-response' was reachable in theiaEnvironment's switch but the reader never actually returned it (string responses fell through to 'timeout' after the polling loop). The arktype validation string the bridge emits when called with the wrong shape will not change between polls, so polling for 10s is wasted time. Now: non-record / non-array responses (string, array, primitive) cause an immediate fail-fast return of 'invalid-response' with the actual response captured for diagnostics. Genuine timeouts (empty record or thrown errors throughout) still return 'timeout'.
Predixx
added a commit
that referenced
this pull request
May 9, 2026
dev's CI was already red on the last commit (PR #128 was merged with a failing knip check). Two issues need to be cleared so the new ci-gate can pass on this PR: - Add esbuild.js to knip's entry list. esbuild, esbuild-css-modules-plugin and esbuild-plugin-inline-worker are all required from esbuild.js (the bundler entry referenced by npm run package), but knip didn't trace it, so they were reported as unused devDependencies. - Drop the export from ReadEnvResult in dataBridgeReader.ts. The type is only used by the readEnvVarsViaDataBridge function in the same file; removing export silences knip's unused-export warning without changing behavior.
Predixx
added a commit
that referenced
this pull request
May 9, 2026
…y workflows) (#129) * ci: harden pipeline with parallel jobs, ci-gate, codeowners Split the existing single sequential job into 5 parallel jobs (typecheck, lint, test, knip, build) with per-job timeouts, then aggregate via a stable "CI gate" job that explicitly checks each need's result and refuses to pass on anything other than success (catches skipped/cancelled/failed). Pin both actions to SHA with version comments (Renovate-compatible). Lock default workflow permissions to contents: read and add a concurrency group that cancels superseded PR runs but never push runs to dev/main. Add Dependency Review (advisory, fails on high-severity vulns) and CodeQL (weekly + on push to main/dev, results in Security tab) workflows. Add CODEOWNERS for the CI/release trust boundary so workflow tampering requires admin approval. Other PRs still need 0 reviews. * fix: clear dev's pre-existing knip failures dev's CI was already red on the last commit (PR #128 was merged with a failing knip check). Two issues need to be cleared so the new ci-gate can pass on this PR: - Add esbuild.js to knip's entry list. esbuild, esbuild-css-modules-plugin and esbuild-plugin-inline-worker are all required from esbuild.js (the bundler entry referenced by npm run package), but knip didn't trace it, so they were reported as unused devDependencies. - Drop the export from ReadEnvResult in dataBridgeReader.ts. The type is only used by the readEnvVarsViaDataBridge function in the same file; removing export silences knip's unused-export warning without changing behavior.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Re-opening after PR #118 (which was the same change) and its revert PR #127. This PR contains the original printenv-fallback removal plus the High-severity fix flagged by codex review on the original PR.
Summary
1. Drop printenv fallback (original scope of #118)
The EduIDE data-bridge is now the sole source for `ARTEMIS_URL`, `ARTEMIS_TOKEN`, `GIT_URI`, `GIT_USER`, `GIT_MAIL`. Deletes `extension/src/extension/theia/envVarReader.ts` and simplifies activation. Auth invariant unchanged (Bearer for Theia, Cookie for Desktop).
2. Fail loudly on bridge failure (new in this PR)
Codex flagged that bridge failure with `DATA_BRIDGE_ENABLED=1` would silently fall back to Desktop-Cookie auth, breaking auth and auto-clone in EduIDE pods. Fixed by:
Out of scope (follow-up)
Two Medium issues from the codex review are tracked as follow-ups so this PR can land:
Codex review
Multi-turn codex review session on this branch. After v1 codex flagged the High issue. After the union refactor and the `invalid-response` fix, codex explicitly approved:
Test plan