Skip to content

Generate CLI passwords without window#3416

Closed
chubes4 wants to merge 1 commit into
trunkfrom
fix-cli-password-generator-node
Closed

Generate CLI passwords without window#3416
chubes4 wants to merge 1 commit into
trunkfrom
fix-cli-password-generator-node

Conversation

@chubes4
Copy link
Copy Markdown
Contributor

@chubes4 chubes4 commented May 9, 2026

Related issues

Proposed Changes

  • Replace the browser-only @automattic/generate-password wrapper usage with an equivalent runtime-neutral password generator.
  • Use globalThis.crypto.getRandomValues() so password generation works in Node CLI and browser-capable runtimes.
  • Preserve the existing exported generatePassword() and createPassword() APIs.

Testing Instructions

  • npx vitest run tools/common/lib/tests/passwords.test.ts
  • npm run lint -- tools/common/lib/passwords.ts

AI assistance

  • AI assistance: Yes
  • Tool(s): OpenCode (GPT-5.5)
  • Used for: Diagnosing the CLI window is not defined failure and drafting the small runtime-neutral password generator patch. Chris remains responsible for review and merge.

@wpmobilebot
Copy link
Copy Markdown
Collaborator

wpmobilebot commented May 9, 2026

📊 Performance Test Results

Comparing 7290bb0 vs trunk

app-size

Metric trunk 7290bb0 Diff Change
App Size (Mac) 1408.82 MB 1408.82 MB 0.00 MB ⚪ 0.0%

site-editor

Metric trunk 7290bb0 Diff Change
load 1494 ms 1493 ms 1 ms ⚪ 0.0%

site-startup

Metric trunk 7290bb0 Diff Change
siteCreation 8090 ms 8099 ms +9 ms ⚪ 0.0%
siteStartup 4933 ms 4929 ms 4 ms ⚪ 0.0%

Results are median values from multiple test runs.

Legend: 🟢 Improvement (faster) | 🔴 Regression (slower) | ⚪ No change (<50ms diff)

@chubes4 chubes4 mentioned this pull request May 9, 2026
Open
@chubes4
Copy link
Copy Markdown
Contributor Author

chubes4 commented May 9, 2026

Closing this in favor of fixing the root cause upstream in @automattic/generate-password.

The Studio failure is real and tracked in #3417, with Homeboy evidence showing studio site create --no-start fails on trunk because the package calls window.crypto.getRandomValues() in the Node CLI runtime.

This PR worked around the issue by replacing Studio's package usage with local password generation, but that would fork package behavior inside Studio and leave other Node consumers broken. The better path is:

  1. Track/fix @automattic/generate-password in Automattic/wp-calypso.
  2. Add package-level Node-runtime coverage there.
  3. Release/update the package.
  4. Update Studio to consume the fixed package if needed.

Superseded by the upstream-first fix path.

@chubes4 chubes4 closed this May 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@chubes4 chubes4

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@chubes4 @wpmobilebot