feat(settings): add personal token creation flow#311
Open
IvGolovach wants to merge 7 commits intojunhoyeo:mainfrom
Open
feat(settings): add personal token creation flow#311IvGolovach wants to merge 7 commits intojunhoyeo:mainfrom
IvGolovach wants to merge 7 commits intojunhoyeo:mainfrom
Conversation
Contributor
|
@IvGolovach is attempting to deploy a commit to the Inevitable Team on Vercel. A member of the Team first needs to authorize it. |
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
2 issues found across 5 files
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="packages/frontend/src/app/settings/SettingsClient.tsx">
<violation number="1" location="packages/frontend/src/app/settings/SettingsClient.tsx:364">
P2: The cancellation flag isn’t checked before `setUser`, so if the component unmounts while `/api/auth/session` is in flight, `setUser` can still run and update state after unmount. Guard this update with the cancellation flag (as you already do for later state updates) to avoid React warnings and stale updates.</violation>
</file>
<file name="packages/frontend/src/app/api/settings/tokens/route.ts">
<violation number="1" location="packages/frontend/src/app/api/settings/tokens/route.ts:27">
P2: The API contract says `expiresAt` must be an ISO date string, but validation uses `new Date(value)` which accepts many non-ISO formats. This permits ambiguous/non-ISO inputs despite the stated requirement, potentially resulting in unexpected expiry times.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
Contributor
There was a problem hiding this comment.
1 issue found across 4 files (changes from recent commits).
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="packages/frontend/src/app/settings/SettingsClient.tsx">
<violation number="1" location="packages/frontend/src/app/settings/SettingsClient.tsx:364">
P2: Unmount cancellation is incomplete: stale async branches can still call `router.push` after component unmount, causing unexpected redirects.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
…personal-tokens-refresh
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Why
Diff scope
mainfeat-settings-create-personal-tokensgit rev-list --left-right --count origin/main...HEAD->0 4409fe2f2e658389f2000b67ff16ec42c93e452b74a51463d94fb6f6a26c8156454509be9a2c9ccac21feat(settings): add personal token creation flow6c5f74cd8934e568ac8c76cd351a9b9d5d6b5c19fix(settings): polish token revoke flow9992a37db01b1363249fe2e1d35b1f7591997f40fix(settings): harden personal token flow states254a4394dbd850b4a7761ed704564d37ee0c5183test(settings): cover token route failure statespackages/frontend/src/app/settings/SettingsClient.tsxpackages/frontend/src/app/api/settings/tokens/route.tspackages/frontend/src/lib/auth/personalTokens.tspackages/frontend/__tests__/api/settingsTokens.test.tspackages/frontend/__tests__/lib/personalTokens.test.tsTest proof
npx vitest run __tests__/api/settingsTokens.test.ts __tests__/lib/personalTokens.test.ts __tests__/api/devicePoll.test.ts __tests__/api/submitAuth.test.ts4 passed files,34 passed testsnpx eslint __tests__/api/settingsTokens.test.ts __tests__/lib/personalTokens.test.ts __tests__/api/devicePoll.test.ts __tests__/api/submitAuth.test.ts src/app/api/settings/tokens/route.ts src/app/settings/SettingsClient.tsx src/lib/auth/personalTokens.ts src/app/api/auth/device/poll/route.ts src/app/api/submit/route.tsVerification-pack proof
Not applicable - no workflow, infrastructure, governance, replay, or migration changes.
Migration notes
Not applicable - no schema or migration changes.
CI context confirmation
CI context names unchanged.
Rollback plan
git revert --no-edit 51463d94fb6f6a26c8156454509be9a2c9ccac21^..254a4394dbd850b4a7761ed704564d37ee0c5183Known residual risks
npx tsc -p tsconfig.json --noEmitwas not used as merge proof because it did not complete within the local validation window.