feat(auth): add hotdata auth register command#85
Conversation
Add hotdata-search and hotdata-analytics bundled skills, slim the core hotdata skill, and expand WORKFLOWS with a decision tree and datasets vs databases guides. Tag-only release finish for branch-protected main; validate changelog on prepare.
Onboard, Chain, and Retrieval epics link into analytics and search sub-skill references.
Opens the browser to /auth/cli-register/ with PKCE params, waits for the provisioning-complete callback from the webapp, then exchanges the CLIAuthCode for a full JWT session (via mint_from_api_token) so the on-disk state is identical to a normal hotdata auth login. Changes: - auth.rs: add register(), refactor receive_callback to accept success_title/success_body for the browser confirmation page - jwt.rs: add exchange_cli_register_code — POSTs code+verifier to /v1/auth/token, gets opaque API token, mints JWT session from it - command.rs: add Register variant to AuthCommands - main.rs: dispatch AuthCommands::Register to auth::register() Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Codecov Report❌ Patch coverage is
📢 Thoughts on this report? Let us know! |
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
hotdata auth register now defaults to GitHub OAuth signup; pass --email to use email/password instead. The method query param is forwarded to the webapp cli_register endpoint. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
There was a problem hiding this comment.
Review
Blocking Issues
- src/jwt.rs:167 —
exchange_cli_register_codebuilds the token-exchange URL againstapp_url(https://app.hotdata.dev/v1/auth/token), but every other/v1/...route in the CLI is reached viaapi_url(which already includes/v1). This will hit the webapp host instead of the API. End-to-end test boxes in the PR description are unchecked, so this hasn't been verified against a real deploy yet.
Action Required
Switch the URL construction to api_url-based (mirroring sandbox_session.rs::refresh), or — if the backend really does mount this on app_url — explain that in a comment so the divergence from the existing oauth_base doc is intentional.
(Other previously-raised nits about missing tests for exchange_cli_register_code, unescaped HTML in receive_callback, and register()/login() duplication still stand from earlier review threads but are non-blocking.)
|
Responding to the blocking issue raised in the latest review: src/jwt.rs:167 —
|
…ge_cli_register_code - Add doc comment to receive_callback noting success_title/success_body are interpolated into HTML without escaping — callers must pass static strings only - Extract run_browser_auth() to collapse the ~80% duplication between login() and register(); the two functions now each reduce to the signed-in guard plus a run_browser_auth call with distinct URL and exchange closures - Add four tests for exchange_cli_register_code: success (two-step mock: /v1/auth/token then /o/token/), http_error, malformed_response, connection_error — matching the pattern used by mint_from_pkce_code and mint_from_api_token Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
There was a problem hiding this comment.
All prior feedback addressed: helper extraction, doc-comment tightening, and added test coverage for exchange_cli_register_code. Accepting the author's correction on the /v1/auth/token host — the companion webapp PRs make their knowledge of the routing authoritative.
eddietejeda
dismissed
claude[bot]’s stale review
The merge-base changed after approval.
1 participant
Summary
hotdata auth register— opens the browser to create a new Hotdata account via a PKCE handoff flow, then exchanges the auth code for a JWT session saved to~/.hotdata/config.yml--emailto use email/password insteadhotdata auth loginUsage
```
hotdata auth register # GitHub OAuth (default)
hotdata auth register --email # email/password signup
```
Test plan
🤖 Generated with Claude Code