diff --git a/packages/owletto b/packages/owletto index d5ae2a44d..2b74ac24c 160000 --- a/packages/owletto +++ b/packages/owletto @@ -1 +1 @@ -Subproject commit d5ae2a44d5e7f19ec6c04f646f2c75fcbfa76949 +Subproject commit 2b74ac24ca3a98ac5193cfd0b7f106e6fcded0ce diff --git a/packages/server/src/auth/config.ts b/packages/server/src/auth/config.ts index 81b1d8b49..4216f04ff 100644 --- a/packages/server/src/auth/config.ts +++ b/packages/server/src/auth/config.ts @@ -403,7 +403,14 @@ export async function getAuthConfig( } } - const magicLink = hasValue(env.RESEND_API_KEY) || !isProduction; + // Magic-link requires actual email delivery. Without RESEND_API_KEY, + // Better Auth's plugin logs the magic URL to server stdout instead of + // emailing it — useful for debugging, useless to a real operator who's + // staring at their inbox. Hide the "Send me a magic link" affordance + // when delivery isn't configured. (Previously this also returned true + // in non-production, which made local dev render a dead button that + // appears to work then silently does nothing.) + const magicLink = hasValue(env.RESEND_API_KEY); const phone = hasValue(env.TWILIO_SID) && hasValue(env.TWILIO_TOKEN) && hasValue(env.TWILIO_WHATSAPP_NUMBER); const hasProviderAuthEnabled = Object.values(social).some(Boolean) || phone; diff --git a/packages/server/src/auth/routes.ts b/packages/server/src/auth/routes.ts index 2296b1695..3dc21d0df 100644 --- a/packages/server/src/auth/routes.ts +++ b/packages/server/src/auth/routes.ts @@ -434,7 +434,11 @@ credentialRoutes.post('/local-init', async (c) => { error: 'no_user_yet', error_description: 'No user exists yet on this install. Open the web UI and sign up first; the menubar / CLI will pick up the new user on the next /api/local-init call.', - signup_url: '/sign-up', + // Owletto's SPA routes signup via /auth/sign-up (mapped by + // auth/$pathname.tsx → /auth/login?intent=sign-up). A bare /sign-up + // would fall into the $owner catch-all and loop through the login + // redirect — pre-PR-908 codex review caught this. + signup_url: '/auth/sign-up', }, 404 ); diff --git a/scripts/task-use.sh b/scripts/task-use.sh index 38e9adbde..43cfce950 100755 --- a/scripts/task-use.sh +++ b/scripts/task-use.sh @@ -31,7 +31,15 @@ if [[ "$name" != "main" ]] && ! [[ "$name" =~ ^[a-z0-9]+(-[a-z0-9]+)*$ ]]; then fi script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" -repo="$(cd "$script_dir/.." && pwd)" +# Resolve `repo` to the main checkout, not whatever worktree the script +# happens to live inside. Worktrees share the working tree (scripts/ +# included), so a naive `$script_dir/..` returns the calling worktree's +# root — and task-use would retarget the active/chrome + active/mac +# symlinks at `/.claude/worktrees//packages/...`, +# nested inside whatever worktree the operator happened to be in. Same +# fix as task-setup.sh (#899/#900): use git's shared .git path with +# --path-format=absolute so the resolution is invariant to cwd. +repo="$(dirname "$(git -C "$script_dir" rev-parse --path-format=absolute --git-common-dir)")" if [[ "$name" == "main" ]]; then source_root="$repo"