fix(deploy): reconcile canonical integration status

[khaliqgant]

Summary

• accept canonical OAuth-connected integration status in deploy connection checks, even before initial sync/writeback reaches ready
• during connect polling, check the exact setup-session connection id first, then fall back to canonical same-scope status without connectionId so final Nango rows reconcile
• update fallback polling tests for canonical workspace rows and setup-session/final connection id mismatch

Validation

• corepack pnpm --filter @agentworkforce/deploy test

[gemini-code-assist]

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

[coderabbitai]

Warning

Review limit reached

@khaliqgant, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 6 minutes and 20 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 7e3bb862-a9c9-492f-87ef-82b631147bf7

📥 Commits

Reviewing files that changed from the base of the PR and between 50c3e7c and d96b570.

📒 Files selected for processing (2)

• packages/deploy/src/connect.test.ts
• packages/deploy/src/connect.ts

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/deploy-connect-canonical-status

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cubic-dev-ai]

1 issue found across 2 files

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="packages/deploy/src/connect.ts">

<violation number="1" location="packages/deploy/src/connect.ts:268">
P2: Canonical primary-source polling can report connected for the wrong provider config because `sessionConfigKey` is not passed into `statusIsConnectedForSource`.</violation>
</file>

<sub>Reply with feedback, questions, or to request a fix.

Re-trigger cubic</sub>

[cubic-dev-ai]

P2: Canonical primary-source polling can report connected for the wrong provider config because sessionConfigKey is not passed into statusIsConnectedForSource.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At packages/deploy/src/connect.ts, line 268:

<comment>Canonical primary-source polling can report connected for the wrong provider config because `sessionConfigKey` is not passed into `statusIsConnectedForSource`.</comment>

<file context>
@@ -260,7 +263,18 @@ const fallbackSource = workspaceFallbackSource(
-const fallbackSource = workspaceFallbackSource(
+        if (sessionId) {
+          const canonicalStatus = await fetchIntegrationStatusForScope(statusArgs);
+          if (statusIsConnectedForSource(canonicalStatus, provider, effectiveSource)) {
+            const connectionId = readConnectionId(canonicalStatus)
+              ?? sessionId
</file context>

Suggested change

	if (statusIsConnectedForSource(canonicalStatus, provider, effectiveSource)) {
	if (statusIsConnectedForSource(canonicalStatus, provider, effectiveSource, sessionConfigKey)) {

[agent-relay-bot]

Fixed the PR findings.

Changes made:

• Fixed the config-key reconciliation issue cubic found: canonical no-connectionId polling now passes sessionConfigKey into statusIsConnectedForSource.
• Kept canonical OAuth acceptance narrow by rejecting legacy connected / active fields unless the payload has canonical OAuth or ready status.
• Added regression tests for legacy connected fields, mismatched config keys, and canonical connect reconciliation.

Validation:

• @agentworkforce/deploy tests pass locally: 151 passed, 0 failed.
• PR head CI is green.
• Cubic reran on the pushed head and reports 0 issues.
• PR is mergeable/clean.