chore(upstream): PR2 MCP OAuth audience + tray menu refactor (#3459 #3458)#177
chore(upstream): PR2 MCP OAuth audience + tray menu refactor (#3459 #3458)#177
Conversation
…h#3459) MCP clients on spec 2025-06-18 send resource=<mcp-url> in authorize/token requests. better-auth 1.5.6 validates that against validAudiences and our allowlist only contained the bare API origin, so tokens were rejected with "requested resource invalid". Add the MCP endpoint to validAudiences and to the JWT verifier's audience list.
…et-sh#3458) Replace the 5s tray polling interval with event-driven refresh: `mouse-enter` + host-service status-changed trigger an async rebuild. Drop the hostInfoCache Map — updateTrayMenu is now async and fetches host.info inline with a 2s AbortController timeout, so there is no stale state to manage. Unwrap the superjson envelope (`result.data.json`) that the original polling code missed, which was causing every org to render as a UUID slice (previously) or "Loading…" (after the first pass of this fix). Closes superset-sh#3454
|
Warning Rate limit exceeded
Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 19 minutes and 17 seconds. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (5)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: e19f9ccca6
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Address Codex review on #177: updateTrayMenu is triggered by both status-changed and mouse-enter and awaits fetchHostInfo in between, so an older invocation can finish after a newer one and overwrite the tray state with a stale orgIds snapshot. In practice that could reintroduce a stopped service's submenu entries and flip the Quit menu between single- and dual-mode variants. Introduce a monotonic trayUpdateToken bumped on entry; drop the result if trayUpdateToken has advanced by the time fetchHostInfo resolves.
|
9629c13 で対応しました。trayUpdateToken を単調増加カウンターとして導入し、fetchHostInfo await 後に token が進んでいたら結果を破棄するようにしました。status-changed と mouse-enter が重なっても古いスナップショットで新しい状態を上書きすることはなくなります。 |
-s ours merge to record that upstream commits a3e34bf through de70163 (13 commits) are semantically already present on origin/main via the PR1-6 cherry-pick series (PRs #176, #177, #178, #179, #180, #182), plus fork-adaptation fixes layered on top. This merge target is de70163 specifically (not upstream/main) so newer upstream commits (9fff075 and later) remain visible in future behind counts. Upstream commits covered by this audit merge: - a3e34bf fix(desktop): restore cmd+click requirement for v1 terminal file links (superset-sh#3457) [PR1/#176] - 57557f8 fix(desktop): gate v2 workspace children on collection readiness (superset-sh#3464) [PR1/#176] - 4ee2e61 fix(desktop): use native clipboard for copy path in v2 sidebar (superset-sh#3462) [PR1/#176] - 87d6e93 feat(desktop): close settings with Escape key (superset-sh#3466) [PR1/#176] - 9c7f5f4 chore(desktop): auto-restart host-service on bundle change in dev (superset-sh#3461) [PR1/#176] - 93140d9 fix(mcp): accept MCP resource URL as valid OAuth audience (superset-sh#3459) [PR2/#177] - be9e000 fix(desktop): drive tray menu off events, fetch real org name (superset-sh#3458) [PR2/#177] - c5f791e feat(v2): unify workspace delete through host-service (superset-sh#3443) [PR3/#178] - 2c24d93 feat(desktop): paginated branch picker with checkout + open actions (superset-sh#3397) [PR4/#179] - 2bf1049 feat(desktop/hotkeys): v1 directional pane focus + best-effort v1 override migrator (superset-sh#3460) [PR5/#180] - 1294a7d feat(desktop/hotkeys): restore Cmd+Alt+Arrow for tab/workspace nav (superset-sh#3472) [PR5/#180] - de70163 feat(desktop): v2 review tab first pass — PR info, checks, comments (superset-sh#3463) [PR6/#182] Intentionally skipped (version bump, fork has independent versioning): - 1e23353 chore(desktop): bump version to 1.5.5 (superset-sh#3473) Fork-adaptation fixes layered on top of the cherry-picks: - PR1: host-service-coordinator alias import fix, settings Escape selector narrowing (role-based + popper wrapper), Escape close uses replace navigation - PR2: dual quit mode preservation (requestQuit "release"/"stop"), trayUpdateToken guard for stale async fetchHostInfo results - PR4: ChangesHeader.normalizeBranchName regex rewrite (lint false positive), worktree add uses fullRef for remote-tracking refs, syncTimedOut reset on pendingId change, GIT_REFS.md barrel example fix - PR5: migrate.ts re-sanitize of existing localStorage overrides (v2 marker bump intent), FOCUS_PANE_* enabled:isActive for KeepAliveWorkspaces, CATEGORY_ORDER merges Navigation (upstream) and Browser (fork) - PR6: normalizeThreadsToComments flattens all thread.comments (not just first), CommentPane overrides <a> (openUrl) and <img> (SafeImage), zero-badge suppression, pr-null comments gate Fork features verified intact (Explore agent audit of combined 36d4de4..35d95f3 range): - BROWSER_RELOAD / BROWSER_HARD_RELOAD hotkeys - dual quit mode menu in tray - v1 terminal cold-restore + retry reconnect (out of range but unaffected) - KeepAliveWorkspaces (FOCUS_PANE_* gated on isActive) - useCommandPalette + addMemoTab in v2 workspace - host-service-coordinator rename alias pattern
2 participants
概要
upstream から MCP OAuth 検証の audience 追加と、tray メニューのイベント駆動リファクタを取り込みます。12コミット中、小修正バンドル (PR #176) の次に低リスクな2件です。
取り込む upstream コミット
93140d936be9e00049superset-sh#3459 について (衝突なし)
packages/auth/src/server.tsのvalidAudiencesに${NEXT_PUBLIC_API_URL}/api/agent/mcpを追加しただけの 4行変更。fork 固有の MCP 統合 (packages/chat/src/server/trpc/utils/runtime/superset-mcp.ts) とも整合しており、JWT verifier (apps/api/src/app/api/agent/[transport]/auth-flow.ts:220) も同じ audience を受理。削除された2テストファイル (
auth-flow.test.ts,oauth-metadata.test.ts) は upstream のコミットでも削除されており、fork 側のカスタマイズはありません。superset-sh#3458 について (競合あり、手動解決)
apps/desktop/src/main/lib/tray/index.tsで content conflict。fork 側は pre-superset-sh#3458 時点で以下の差分を持っていました:getHostServiceCoordinator as getHostServiceManageralias import (fork が coordinator rename を最小差分で吸収する方針)formatStatusLabel(status)ヘルパで "Running"/"Starting..."/"Stopped" にマッピングPOLL_INTERVAL_MS = 5000+setIntervalフォールバックrequestQuit(\"release\"), "Quit & Stop Services" →requestQuit(\"stop\")upstream superset-sh#3458 はこの実装を大幅に書き換え、
fetchHostInfo()で `/trpc/host.info` から実際の組織名を取得し、loadToken()+env.NEXT_PUBLIC_API_URLを使って tray から Restart を復活させ、ポーリングを廃止してmouse-enter/status-changedイベントで更新する構造に変えています。解決方針
upstream の実装をほぼ全面採用 し、fork 固有の dual quit mode メニューだけを戻しました。
formatStatusLabelも破棄 (upstream は\\\${status}\`` テンプレートで直接表示)quitApp()を直接呼んでいますが、fork では host-service lifecycle に合わせてrequestQuit(\"release\" | \"stop\")を呼ぶ必要があるため、そこだけ差し戻しました。requestQuitはapps/desktop/src/main/index.ts:348でQuitMode引数を取り、before-quitイベントでstopAll()/releaseAll()に分岐します。これにより fork の特別ビヘイビアは維持したまま、upstream のイベント駆動アーキテクチャと組織名表示を取り込めます。
Codex 事前レビュー結果
テスト
bun installbun run lintbun run typecheck: `/tmp` worktree 特有の @types/node 解決問題があり、CI のtypecheck に委ねます (origin/main でも同じエラーが再現するため cherry-pick とは無関係の環境問題)次のステップ
このPRマージ後、PR3 (v2 workspace delete unification, +1457/-107) に進みます。