feat(auth): unify controller oauth flows

[skulidropek]

Summary

• unify controller OAuth handling across CLI/TUI/web auth surfaces
• add Codex auth actions and snapshot counts to the web Auth panel
• route Claude/Gemini login through controller auth terminal sessions
• count only credential-bearing auth accounts for global/project snapshots

Closes #327

Verification

• bun run --cwd packages/api vitest run tests/auth-menu.test.ts
• bun run --cwd packages/app vitest run tests/docker-git/actions-auth.test.ts tests/docker-git/actions-codex-oauth.test.ts tests/docker-git/actions-github-oauth.test.ts tests/docker-git/auth-stream-markers.test.ts tests/docker-git/api-auth-schema.test.ts tests/docker-git/program.test.ts
• bun run --cwd packages/api typecheck
• bun run --cwd packages/app typecheck
• bun run --cwd packages/api build
• bun run --cwd packages/app build:web
• bun run --cwd packages/app build:docker-git
• MCP Playwright check: Auth panel shows Codex accounts; Codex OAuth posts to /api/auth/codex/login; Gemini OAuth posts to /api/auth/terminal-sessions with flow GeminiOauth

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: f9bad4a2-8c08-47d4-bf44-c8de39bdbf84

📥 Commits

Reviewing files that changed from the base of the PR and between 6aa93b9 and fca64b3.

📒 Files selected for processing (1)

• README.md

💤 Files with no reviewable changes (1)

• README.md

📜 Recent review details

⏰ Context from checks skipped due to timeout of 900000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (8)

• GitHub Check: Final build (windows-latest)
• GitHub Check: E2E (Login context)
• GitHub Check: E2E (Browser command)
• GitHub Check: E2E (Clone cache)
• GitHub Check: E2E (Clone auto-open SSH)
• GitHub Check: E2E (OpenCode)
• GitHub Check: E2E (Runtime volumes + SSH)
• GitHub Check: Lint

---

📝 Walkthrough

Summary by CodeRabbit

• New Features

  • Codex OAuth (вход/выход) с видимым стримом логина в веб‑интерфейсе и интеграцией в меню/flows
  • Полная поддержка Grok‑аутентификации в UI, шаблонах и bootstrap-процессе

• Improvements

  • Счётчики авторизаций теперь учитывают только реальные креденшелы (точнее показывают доступные аккаунты)
  • Унификация терминальных OAuth‑флоу и видимых auth‑стримов; единая обработка успешных/ошибочных результатов
  • Расширены миграции и подготовка bootstrap‑volume под дополнительные провайдеры

• Tests

  • Добавлены и обновлены тесты для всех новых auth‑сценариев, миграций и схем снапшотов

Walkthrough

Добавлена поддержка Codex OAuth и унифицирована детекция credential-bearing аккаунтов (Claude, Gemini, Grok, Codex). Изменены контракты и схемы, добавлен сервис подсчёта учётных данных, обновлены клиентские auth-потоки, меню, терминальная маршрутизация, bootstrap/migration и тесты.

Changes

Codex OAuth и детекция credentials (весь срез)

Layer / File(s)	Summary
Единый набор изменений packages/*	Добавлены поля Codex в контрактах и схемах, реализован новый модуль подсчёта credential-bearing аккаунтов, перенесена серверная/клиентская логика на детекцию реальных credentials, добавлены видимые auth-потоки и мутации Codex, обновлена терминальная маршрутизация, bootstrap/migration для Grok, и добавлены/обновлены тесты по всему стеку.
Оценка объёма ревью	🎯 5 (Critical)

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch issue-327

[coderabbitai]

Actionable comments posted: 4

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

packages/lib/src/usecases/auth-grok-oauth.ts (1)

122-136: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Исправьте устаревшее описание результата в TSDoc.

На Line 130 всё ещё указано device authorization, хотя функция уже про OAuth/browser flow. Это вводит в заблуждение при поддержке и ревью контрактов.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/lib/src/usecases/auth-grok-oauth.ts` around lines 122 - 136, The
TSDoc `@returns` text still mentions "device authorization" but this code
implements the OAuth/browser flow; update the `@returns` description in the JSDoc
block for the auth-grok-oauth use case (the comment above the
usecases/auth-grok-oauth.ts function) to accurately state that the OAuth/browser
flow completes and writes normalized credentials (e.g., "Effect that completes
after the OAuth/browser flow finishes and credentials are written and
normalized"), ensuring the wording replaces "device authorization" with
"OAuth/browser flow" and keeps the rest of the contract semantics intact.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@packages/api/src/services/auth-account-counts.ts`:
- Around line 259-290: The function countAuthCredentialAccounts currently only
inspects child directories from fs.readDirectory and therefore misses
credentials stored directly at root; before iterating entries (after confirming
exists), call hasCredentials(fs, root) (using the same Effect.orElseSucceed(()
=> false) pattern) and increment count when true, then continue with the
existing loop that checks entries (ignoredAuthAccountEntries, fs.stat, etc.) to
avoid missing the root account.

In `@packages/app/src/docker-git/api-auth-codec.ts`:
- Around line 79-91: The required validation in decodeRequiredAuthSnapshot is
missing the Codex fields causing incomplete snapshots to pass; update the
requiredValues array used in decodeRequiredAuthSnapshot (and the similar array
around lines 99-107) to include snapshot.codexAuthPath and
snapshot.codexAuthEntries so the decoder enforces those keys are present, and
adjust any related error messages or tests to reflect the added required fields.

In `@packages/app/src/web/actions-codex-oauth.ts`:
- Line 29: The user-facing message in the Web Auth flow is inconsistent: change
the Russian string passed to context.setMessage("Codex OAuth запущен. Следуй
инструкциям в Output.") to an English message matching the rest of the flow
(e.g., "Codex OAuth started. Follow the instructions in Output.") so that all
messages in the Codex OAuth UI are unified; update the call to
context.setMessage in the actions-codex-oauth module accordingly.

---

Outside diff comments:
In `@packages/lib/src/usecases/auth-grok-oauth.ts`:
- Around line 122-136: The TSDoc `@returns` text still mentions "device
authorization" but this code implements the OAuth/browser flow; update the
`@returns` description in the JSDoc block for the auth-grok-oauth use case (the
comment above the usecases/auth-grok-oauth.ts function) to accurately state that
the OAuth/browser flow completes and writes normalized credentials (e.g.,
"Effect that completes after the OAuth/browser flow finishes and credentials are
written and normalized"), ensuring the wording replaces "device authorization"
with "OAuth/browser flow" and keeps the rest of the contract semantics intact.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: c765dd58-a6dc-4726-b01a-f4ae35959ddd

📥 Commits

Reviewing files that changed from the base of the PR and between d9e5acc and b81f280.

📒 Files selected for processing (57)

• packages/api/src/api/contracts.ts
• packages/api/src/services/auth-account-counts.ts
• packages/api/src/services/auth-menu.ts
• packages/api/src/services/project-auth.ts
• packages/api/tests/auth-menu.test.ts
• packages/api/tests/project-auth.test.ts
• packages/app/src/docker-git/api-auth-codec.ts
• packages/app/src/docker-git/api-client-auth.ts
• packages/app/src/docker-git/menu-auth-effects.ts
• packages/app/src/docker-git/menu-auth-helpers.ts
• packages/app/src/docker-git/menu-auth-shared.ts
• packages/app/src/docker-git/menu-auth-snapshot-builder.ts
• packages/app/src/docker-git/menu-auth.ts
• packages/app/src/docker-git/menu-project-auth-gemini.ts
• packages/app/src/docker-git/menu-project-auth-grok-credential-text.ts
• packages/app/src/docker-git/menu-project-auth-grok.ts
• packages/app/src/docker-git/menu-project-auth-helpers.ts
• packages/app/src/docker-git/menu-render-auth.ts
• packages/app/src/docker-git/menu-types.ts
• packages/app/src/docker-git/program-auth.ts
• packages/app/src/docker-git/program-unsupported.ts
• packages/app/src/lib/core/templates-entrypoint/nested-docker-git.ts
• packages/app/src/lib/usecases/actions/create-project.ts
• packages/app/src/lib/usecases/actions/paths.ts
• packages/app/src/lib/usecases/actions/prepare-files.ts
• packages/app/src/lib/usecases/auth-grok-oauth.ts
• packages/app/src/lib/usecases/auth-sync.ts
• packages/app/src/lib/usecases/shared-volume-seed.ts
• packages/app/src/lib/usecases/state-normalize.ts
• packages/app/src/shared/auth-stream-markers.ts
• packages/app/src/web/actions-auth.ts
• packages/app/src/web/actions-codex-oauth.ts
• packages/app/src/web/api-auth-schema.ts
• packages/app/src/web/api.ts
• packages/app/src/web/panel-auth.tsx
• packages/app/tests/docker-git/actions-auth.test.ts
• packages/app/tests/docker-git/actions-codex-oauth.test.ts
• packages/app/tests/docker-git/actions-github-oauth.test.ts
• packages/app/tests/docker-git/api-auth-schema.test.ts
• packages/app/tests/docker-git/app-ready-create-fixture.ts
• packages/app/tests/docker-git/auth-stream-markers.test.ts
• packages/app/tests/docker-git/core-templates.test.ts
• packages/app/tests/docker-git/create-flow-render.test.ts
• packages/app/tests/docker-git/program.test.ts
• packages/lib/src/core/templates-entrypoint/nested-docker-git.ts
• packages/lib/src/usecases/actions/create-project.ts
• packages/lib/src/usecases/actions/paths.ts
• packages/lib/src/usecases/actions/prepare-files.ts
• packages/lib/src/usecases/auth-grok-oauth.ts
• packages/lib/src/usecases/auth-sync.ts
• packages/lib/src/usecases/shared-volume-seed.ts
• packages/lib/src/usecases/state-normalize.ts
• packages/lib/tests/core/templates.test.ts
• packages/lib/tests/usecases/auth-grok.test.ts
• packages/lib/tests/usecases/auth-sync.test.ts
• packages/lib/tests/usecases/shared-volume-seed.test.ts
• packages/lib/tests/usecases/state-normalize.test.ts

📜 Review details

🧰 Additional context used

📓 Path-based instructions (8)

**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.{ts,tsx}: Implement Functional Core, Imperative Shell (FCIS) pattern: CORE layer contains only pure functions with immutable data and mathematical operations; SHELL layer isolates all effects (IO, network, database). Strict dependency direction: SHELL → CORE (never reverse).
Never use any, unknown, eslint-disable, ts-ignore, or as type assertions (except in rigorously justified cases with documentation). Always use exhaustive union type analysis through .exhaustive() pattern matching.
All external dependencies must be wrapped through typed interfaces and injected via Effect-TS Layer pattern. Never call external services directly from CORE functions.
Use monadic composition with Effect-TS for all effects: Effect<Success, Error, Requirements>. Compose effects through pipe() and Effect.flatMap(). Implement dependency injection via Layer pattern. Handle errors without try/catch blocks.
All functions must be pure in the CORE layer: no side effects (logging, console output, IO operations, mutations). Separate all side effects into the SHELL layer.
Use exhaustive pattern matching with Effect.Match instead of switch statements. Example: Match.value(item).pipe(Match.when(...), Match.exhaustive).
Document all functions with comprehensive TSDoc including: @pure (true/false), @effect (required services), @invariant (mathematical invariants), @precondition, @postcondition, @complexity (time and space), @throws Never (errors must be typed in Effect).
Use functional comment markers for code clarity: CHANGE (brief description), WHY (mathematical/architectural justification), QUOTE(ТЗ) (requirement citation), REF (RTM or message ID), SOURCE (external source with quote), FORMAT THEOREM (∀x ∈ Domain: P(x) → Q(f(x))), PURITY (CORE|SHELL), EFFECT (Effect type signature), INVARIANT (mathematical invariant), COMPLEXITY (time/space).
Define all external service dependencies as Context.Tag classes with fully typed methods returning Effect types. Example: `class Da...

Files:

• packages/app/src/web/panel-auth.tsx
• packages/app/tests/docker-git/actions-github-oauth.test.ts
• packages/app/src/lib/core/templates-entrypoint/nested-docker-git.ts
• packages/lib/src/usecases/auth-sync.ts
• packages/app/src/shared/auth-stream-markers.ts
• packages/app/tests/docker-git/core-templates.test.ts
• packages/app/tests/docker-git/actions-codex-oauth.test.ts
• packages/lib/src/core/templates-entrypoint/nested-docker-git.ts
• packages/app/src/docker-git/menu-auth.ts
• packages/app/tests/docker-git/auth-stream-markers.test.ts
• packages/lib/tests/usecases/state-normalize.test.ts
• packages/app/tests/docker-git/app-ready-create-fixture.ts
• packages/app/tests/docker-git/api-auth-schema.test.ts
• packages/lib/tests/core/templates.test.ts
• packages/app/src/docker-git/menu-auth-effects.ts
• packages/app/src/docker-git/menu-project-auth-grok.ts
• packages/app/tests/docker-git/create-flow-render.test.ts
• packages/lib/src/usecases/actions/prepare-files.ts
• packages/app/src/docker-git/menu-render-auth.ts
• packages/api/src/api/contracts.ts
• packages/api/tests/auth-menu.test.ts
• packages/app/src/docker-git/menu-auth-shared.ts
• packages/app/src/docker-git/menu-project-auth-grok-credential-text.ts
• packages/app/src/lib/usecases/state-normalize.ts
• packages/app/src/lib/usecases/auth-sync.ts
• packages/app/src/web/api-auth-schema.ts
• packages/app/src/web/actions-codex-oauth.ts
• packages/app/src/web/actions-auth.ts
• packages/app/src/lib/usecases/actions/prepare-files.ts
• packages/api/tests/project-auth.test.ts
• packages/app/src/docker-git/menu-types.ts
• packages/app/src/docker-git/program-unsupported.ts
• packages/lib/src/usecases/actions/create-project.ts
• packages/app/src/docker-git/api-auth-codec.ts
• packages/app/src/docker-git/api-client-auth.ts
• packages/app/src/lib/usecases/auth-grok-oauth.ts
• packages/lib/tests/usecases/auth-sync.test.ts
• packages/app/src/docker-git/menu-auth-snapshot-builder.ts
• packages/lib/tests/usecases/shared-volume-seed.test.ts
• packages/lib/src/usecases/auth-grok-oauth.ts
• packages/app/src/lib/usecases/actions/paths.ts
• packages/lib/tests/usecases/auth-grok.test.ts
• packages/app/tests/docker-git/program.test.ts
• packages/lib/src/usecases/actions/paths.ts
• packages/api/src/services/auth-account-counts.ts
• packages/app/tests/docker-git/actions-auth.test.ts
• packages/app/src/lib/usecases/shared-volume-seed.ts
• packages/api/src/services/auth-menu.ts
• packages/app/src/web/api.ts
• packages/app/src/docker-git/menu-project-auth-helpers.ts
• packages/app/src/docker-git/menu-project-auth-gemini.ts
• packages/app/src/lib/usecases/actions/create-project.ts
• packages/app/src/docker-git/menu-auth-helpers.ts
• packages/app/src/docker-git/program-auth.ts
• packages/api/src/services/project-auth.ts
• packages/lib/src/usecases/state-normalize.ts
• packages/lib/src/usecases/shared-volume-seed.ts

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (AGENTS.md)

**/*.{ts,tsx,js,jsx}: Forbidden constructs in CORE code: any, eslint-disable, ts-ignore, async/await, raw Promise chains (then/catch), Promise.all, try/catch for logic control, console.*, switch statements (use Match with .exhaustive() instead)
All functions must use Effect-TS for composing effects: Effect<Success, Error, Requirements>. No direct async/await, Promise chains, or try/catch in product logic.
Functional comments must include: CHANGE, WHY, QUOTE(ТЗ) or n/a, REF, SOURCE or n/a, FORMAT THEOREM, PURITY (CORE|SHELL), EFFECT signature for SHELL functions, INVARIANT, and COMPLEXITY.
All data mutations must use immutable patterns (ReadonlyArray, readonly properties, Object.freeze); mutation in SHELL only when absolutely necessary and documented.

Files:

• packages/app/src/web/panel-auth.tsx
• packages/app/tests/docker-git/actions-github-oauth.test.ts
• packages/app/src/lib/core/templates-entrypoint/nested-docker-git.ts
• packages/lib/src/usecases/auth-sync.ts
• packages/app/src/shared/auth-stream-markers.ts
• packages/app/tests/docker-git/core-templates.test.ts
• packages/app/tests/docker-git/actions-codex-oauth.test.ts
• packages/lib/src/core/templates-entrypoint/nested-docker-git.ts
• packages/app/src/docker-git/menu-auth.ts
• packages/app/tests/docker-git/auth-stream-markers.test.ts
• packages/lib/tests/usecases/state-normalize.test.ts
• packages/app/tests/docker-git/app-ready-create-fixture.ts
• packages/app/tests/docker-git/api-auth-schema.test.ts
• packages/lib/tests/core/templates.test.ts
• packages/app/src/docker-git/menu-auth-effects.ts
• packages/app/src/docker-git/menu-project-auth-grok.ts
• packages/app/tests/docker-git/create-flow-render.test.ts
• packages/lib/src/usecases/actions/prepare-files.ts
• packages/app/src/docker-git/menu-render-auth.ts
• packages/api/src/api/contracts.ts
• packages/api/tests/auth-menu.test.ts
• packages/app/src/docker-git/menu-auth-shared.ts
• packages/app/src/docker-git/menu-project-auth-grok-credential-text.ts
• packages/app/src/lib/usecases/state-normalize.ts
• packages/app/src/lib/usecases/auth-sync.ts
• packages/app/src/web/api-auth-schema.ts
• packages/app/src/web/actions-codex-oauth.ts
• packages/app/src/web/actions-auth.ts
• packages/app/src/lib/usecases/actions/prepare-files.ts
• packages/api/tests/project-auth.test.ts
• packages/app/src/docker-git/menu-types.ts
• packages/app/src/docker-git/program-unsupported.ts
• packages/lib/src/usecases/actions/create-project.ts
• packages/app/src/docker-git/api-auth-codec.ts
• packages/app/src/docker-git/api-client-auth.ts
• packages/app/src/lib/usecases/auth-grok-oauth.ts
• packages/lib/tests/usecases/auth-sync.test.ts
• packages/app/src/docker-git/menu-auth-snapshot-builder.ts
• packages/lib/tests/usecases/shared-volume-seed.test.ts
• packages/lib/src/usecases/auth-grok-oauth.ts
• packages/app/src/lib/usecases/actions/paths.ts
• packages/lib/tests/usecases/auth-grok.test.ts
• packages/app/tests/docker-git/program.test.ts
• packages/lib/src/usecases/actions/paths.ts
• packages/api/src/services/auth-account-counts.ts
• packages/app/tests/docker-git/actions-auth.test.ts
• packages/app/src/lib/usecases/shared-volume-seed.ts
• packages/api/src/services/auth-menu.ts
• packages/app/src/web/api.ts
• packages/app/src/docker-git/menu-project-auth-helpers.ts
• packages/app/src/docker-git/menu-project-auth-gemini.ts
• packages/app/src/lib/usecases/actions/create-project.ts
• packages/app/src/docker-git/menu-auth-helpers.ts
• packages/app/src/docker-git/program-auth.ts
• packages/api/src/services/project-auth.ts
• packages/lib/src/usecases/state-normalize.ts
• packages/lib/src/usecases/shared-volume-seed.ts

**/*.{sh,bash,py,js,ts,jsx,tsx,go,java,rb,php}

📄 CodeRabbit inference engine (Custom checks)

Fail if changed files introduce command injection or unsafe shell/process execution with user-controlled input

Files:

• packages/app/src/web/panel-auth.tsx
• packages/app/tests/docker-git/actions-github-oauth.test.ts
• packages/app/src/lib/core/templates-entrypoint/nested-docker-git.ts
• packages/lib/src/usecases/auth-sync.ts
• packages/app/src/shared/auth-stream-markers.ts
• packages/app/tests/docker-git/core-templates.test.ts
• packages/app/tests/docker-git/actions-codex-oauth.test.ts
• packages/lib/src/core/templates-entrypoint/nested-docker-git.ts
• packages/app/src/docker-git/menu-auth.ts
• packages/app/tests/docker-git/auth-stream-markers.test.ts
• packages/lib/tests/usecases/state-normalize.test.ts
• packages/app/tests/docker-git/app-ready-create-fixture.ts
• packages/app/tests/docker-git/api-auth-schema.test.ts
• packages/lib/tests/core/templates.test.ts
• packages/app/src/docker-git/menu-auth-effects.ts
• packages/app/src/docker-git/menu-project-auth-grok.ts
• packages/app/tests/docker-git/create-flow-render.test.ts
• packages/lib/src/usecases/actions/prepare-files.ts
• packages/app/src/docker-git/menu-render-auth.ts
• packages/api/src/api/contracts.ts
• packages/api/tests/auth-menu.test.ts
• packages/app/src/docker-git/menu-auth-shared.ts
• packages/app/src/docker-git/menu-project-auth-grok-credential-text.ts
• packages/app/src/lib/usecases/state-normalize.ts
• packages/app/src/lib/usecases/auth-sync.ts
• packages/app/src/web/api-auth-schema.ts
• packages/app/src/web/actions-codex-oauth.ts
• packages/app/src/web/actions-auth.ts
• packages/app/src/lib/usecases/actions/prepare-files.ts
• packages/api/tests/project-auth.test.ts
• packages/app/src/docker-git/menu-types.ts
• packages/app/src/docker-git/program-unsupported.ts
• packages/lib/src/usecases/actions/create-project.ts
• packages/app/src/docker-git/api-auth-codec.ts
• packages/app/src/docker-git/api-client-auth.ts
• packages/app/src/lib/usecases/auth-grok-oauth.ts
• packages/lib/tests/usecases/auth-sync.test.ts
• packages/app/src/docker-git/menu-auth-snapshot-builder.ts
• packages/lib/tests/usecases/shared-volume-seed.test.ts
• packages/lib/src/usecases/auth-grok-oauth.ts
• packages/app/src/lib/usecases/actions/paths.ts
• packages/lib/tests/usecases/auth-grok.test.ts
• packages/app/tests/docker-git/program.test.ts
• packages/lib/src/usecases/actions/paths.ts
• packages/api/src/services/auth-account-counts.ts
• packages/app/tests/docker-git/actions-auth.test.ts
• packages/app/src/lib/usecases/shared-volume-seed.ts
• packages/api/src/services/auth-menu.ts
• packages/app/src/web/api.ts
• packages/app/src/docker-git/menu-project-auth-helpers.ts
• packages/app/src/docker-git/menu-project-auth-gemini.ts
• packages/app/src/lib/usecases/actions/create-project.ts
• packages/app/src/docker-git/menu-auth-helpers.ts
• packages/app/src/docker-git/program-auth.ts
• packages/api/src/services/project-auth.ts
• packages/lib/src/usecases/state-normalize.ts
• packages/lib/src/usecases/shared-volume-seed.ts

**/*.{py,js,ts,jsx,tsx,go,java,rb,php,sh,bash,c,cpp}

📄 CodeRabbit inference engine (Custom checks)

Fail if changed files introduce path traversal or writes outside intended project/container state directories

Files:

• packages/app/src/web/panel-auth.tsx
• packages/app/tests/docker-git/actions-github-oauth.test.ts
• packages/app/src/lib/core/templates-entrypoint/nested-docker-git.ts
• packages/lib/src/usecases/auth-sync.ts
• packages/app/src/shared/auth-stream-markers.ts
• packages/app/tests/docker-git/core-templates.test.ts
• packages/app/tests/docker-git/actions-codex-oauth.test.ts
• packages/lib/src/core/templates-entrypoint/nested-docker-git.ts
• packages/app/src/docker-git/menu-auth.ts
• packages/app/tests/docker-git/auth-stream-markers.test.ts
• packages/lib/tests/usecases/state-normalize.test.ts
• packages/app/tests/docker-git/app-ready-create-fixture.ts
• packages/app/tests/docker-git/api-auth-schema.test.ts
• packages/lib/tests/core/templates.test.ts
• packages/app/src/docker-git/menu-auth-effects.ts
• packages/app/src/docker-git/menu-project-auth-grok.ts
• packages/app/tests/docker-git/create-flow-render.test.ts
• packages/lib/src/usecases/actions/prepare-files.ts
• packages/app/src/docker-git/menu-render-auth.ts
• packages/api/src/api/contracts.ts
• packages/api/tests/auth-menu.test.ts
• packages/app/src/docker-git/menu-auth-shared.ts
• packages/app/src/docker-git/menu-project-auth-grok-credential-text.ts
• packages/app/src/lib/usecases/state-normalize.ts
• packages/app/src/lib/usecases/auth-sync.ts
• packages/app/src/web/api-auth-schema.ts
• packages/app/src/web/actions-codex-oauth.ts
• packages/app/src/web/actions-auth.ts
• packages/app/src/lib/usecases/actions/prepare-files.ts
• packages/api/tests/project-auth.test.ts
• packages/app/src/docker-git/menu-types.ts
• packages/app/src/docker-git/program-unsupported.ts
• packages/lib/src/usecases/actions/create-project.ts
• packages/app/src/docker-git/api-auth-codec.ts
• packages/app/src/docker-git/api-client-auth.ts
• packages/app/src/lib/usecases/auth-grok-oauth.ts
• packages/lib/tests/usecases/auth-sync.test.ts
• packages/app/src/docker-git/menu-auth-snapshot-builder.ts
• packages/lib/tests/usecases/shared-volume-seed.test.ts
• packages/lib/src/usecases/auth-grok-oauth.ts
• packages/app/src/lib/usecases/actions/paths.ts
• packages/lib/tests/usecases/auth-grok.test.ts
• packages/app/tests/docker-git/program.test.ts
• packages/lib/src/usecases/actions/paths.ts
• packages/api/src/services/auth-account-counts.ts
• packages/app/tests/docker-git/actions-auth.test.ts
• packages/app/src/lib/usecases/shared-volume-seed.ts
• packages/api/src/services/auth-menu.ts
• packages/app/src/web/api.ts
• packages/app/src/docker-git/menu-project-auth-helpers.ts
• packages/app/src/docker-git/menu-project-auth-gemini.ts
• packages/app/src/lib/usecases/actions/create-project.ts
• packages/app/src/docker-git/menu-auth-helpers.ts
• packages/app/src/docker-git/program-auth.ts
• packages/api/src/services/project-auth.ts
• packages/lib/src/usecases/state-normalize.ts
• packages/lib/src/usecases/shared-volume-seed.ts

**/*.{js,ts,jsx,tsx,py,java,go,rb,php,sh,bash,yml,yaml,json,env*,toml,cfg,config,dockerfile,dockerignore}

📄 CodeRabbit inference engine (Custom checks)

Fail if changed files expose credentials, tokens, private-keys, or PII in source, generated config, logs, or CI output

Files:

• packages/app/src/web/panel-auth.tsx
• packages/app/tests/docker-git/actions-github-oauth.test.ts
• packages/app/src/lib/core/templates-entrypoint/nested-docker-git.ts
• packages/lib/src/usecases/auth-sync.ts
• packages/app/src/shared/auth-stream-markers.ts
• packages/app/tests/docker-git/core-templates.test.ts
• packages/app/tests/docker-git/actions-codex-oauth.test.ts
• packages/lib/src/core/templates-entrypoint/nested-docker-git.ts
• packages/app/src/docker-git/menu-auth.ts
• packages/app/tests/docker-git/auth-stream-markers.test.ts
• packages/lib/tests/usecases/state-normalize.test.ts
• packages/app/tests/docker-git/app-ready-create-fixture.ts
• packages/app/tests/docker-git/api-auth-schema.test.ts
• packages/lib/tests/core/templates.test.ts
• packages/app/src/docker-git/menu-auth-effects.ts
• packages/app/src/docker-git/menu-project-auth-grok.ts
• packages/app/tests/docker-git/create-flow-render.test.ts
• packages/lib/src/usecases/actions/prepare-files.ts
• packages/app/src/docker-git/menu-render-auth.ts
• packages/api/src/api/contracts.ts
• packages/api/tests/auth-menu.test.ts
• packages/app/src/docker-git/menu-auth-shared.ts
• packages/app/src/docker-git/menu-project-auth-grok-credential-text.ts
• packages/app/src/lib/usecases/state-normalize.ts
• packages/app/src/lib/usecases/auth-sync.ts
• packages/app/src/web/api-auth-schema.ts
• packages/app/src/web/actions-codex-oauth.ts
• packages/app/src/web/actions-auth.ts
• packages/app/src/lib/usecases/actions/prepare-files.ts
• packages/api/tests/project-auth.test.ts
• packages/app/src/docker-git/menu-types.ts
• packages/app/src/docker-git/program-unsupported.ts
• packages/lib/src/usecases/actions/create-project.ts
• packages/app/src/docker-git/api-auth-codec.ts
• packages/app/src/docker-git/api-client-auth.ts
• packages/app/src/lib/usecases/auth-grok-oauth.ts
• packages/lib/tests/usecases/auth-sync.test.ts
• packages/app/src/docker-git/menu-auth-snapshot-builder.ts
• packages/lib/tests/usecases/shared-volume-seed.test.ts
• packages/lib/src/usecases/auth-grok-oauth.ts
• packages/app/src/lib/usecases/actions/paths.ts
• packages/lib/tests/usecases/auth-grok.test.ts
• packages/app/tests/docker-git/program.test.ts
• packages/lib/src/usecases/actions/paths.ts
• packages/api/src/services/auth-account-counts.ts
• packages/app/tests/docker-git/actions-auth.test.ts
• packages/app/src/lib/usecases/shared-volume-seed.ts
• packages/api/src/services/auth-menu.ts
• packages/app/src/web/api.ts
• packages/app/src/docker-git/menu-project-auth-helpers.ts
• packages/app/src/docker-git/menu-project-auth-gemini.ts
• packages/app/src/lib/usecases/actions/create-project.ts
• packages/app/src/docker-git/menu-auth-helpers.ts
• packages/app/src/docker-git/program-auth.ts
• packages/api/src/services/project-auth.ts
• packages/lib/src/usecases/state-normalize.ts
• packages/lib/src/usecases/shared-volume-seed.ts

**/*

⚙️ CodeRabbit configuration file

**/*: Ты строгий ревьюер SPEC DRIVEN DEVELOPMENT.

Перед выводами изучи README.md, другие *.md файлы, linked issues,
PR description, PR comments/discussion и релевантную кодовую базу.

Сверь изменения с исходным ТЗ/спекой и обсуждением. Флагай любой уход
от спеки, недокументированное изменение поведения, отсутствие тестов
для заявленного поведения и security-риск. Если спека не видна,
попроси автора добавить ее в issue или PR description.

Проверь решение с точки зрения формальной верификации: какие инварианты,
предусловия и постусловия можно доказать математически, а где доказуемость
слабая. Оцени решение с точки зрения теории игр: устойчивы ли стимулы,
нет ли выгодного обхода правил, и какое решение было бы сильнее.

Files:

• packages/app/src/web/panel-auth.tsx
• packages/app/tests/docker-git/actions-github-oauth.test.ts
• packages/app/src/lib/core/templates-entrypoint/nested-docker-git.ts
• packages/lib/src/usecases/auth-sync.ts
• packages/app/src/shared/auth-stream-markers.ts
• packages/app/tests/docker-git/core-templates.test.ts
• packages/app/tests/docker-git/actions-codex-oauth.test.ts
• packages/lib/src/core/templates-entrypoint/nested-docker-git.ts
• packages/app/src/docker-git/menu-auth.ts
• packages/app/tests/docker-git/auth-stream-markers.test.ts
• packages/lib/tests/usecases/state-normalize.test.ts
• packages/app/tests/docker-git/app-ready-create-fixture.ts
• packages/app/tests/docker-git/api-auth-schema.test.ts
• packages/lib/tests/core/templates.test.ts
• packages/app/src/docker-git/menu-auth-effects.ts
• packages/app/src/docker-git/menu-project-auth-grok.ts
• packages/app/tests/docker-git/create-flow-render.test.ts
• packages/lib/src/usecases/actions/prepare-files.ts
• packages/app/src/docker-git/menu-render-auth.ts
• packages/api/src/api/contracts.ts
• packages/api/tests/auth-menu.test.ts
• packages/app/src/docker-git/menu-auth-shared.ts
• packages/app/src/docker-git/menu-project-auth-grok-credential-text.ts
• packages/app/src/lib/usecases/state-normalize.ts
• packages/app/src/lib/usecases/auth-sync.ts
• packages/app/src/web/api-auth-schema.ts
• packages/app/src/web/actions-codex-oauth.ts
• packages/app/src/web/actions-auth.ts
• packages/app/src/lib/usecases/actions/prepare-files.ts
• packages/api/tests/project-auth.test.ts
• packages/app/src/docker-git/menu-types.ts
• packages/app/src/docker-git/program-unsupported.ts
• packages/lib/src/usecases/actions/create-project.ts
• packages/app/src/docker-git/api-auth-codec.ts
• packages/app/src/docker-git/api-client-auth.ts
• packages/app/src/lib/usecases/auth-grok-oauth.ts
• packages/lib/tests/usecases/auth-sync.test.ts
• packages/app/src/docker-git/menu-auth-snapshot-builder.ts
• packages/lib/tests/usecases/shared-volume-seed.test.ts
• packages/lib/src/usecases/auth-grok-oauth.ts
• packages/app/src/lib/usecases/actions/paths.ts
• packages/lib/tests/usecases/auth-grok.test.ts
• packages/app/tests/docker-git/program.test.ts
• packages/lib/src/usecases/actions/paths.ts
• packages/api/src/services/auth-account-counts.ts
• packages/app/tests/docker-git/actions-auth.test.ts
• packages/app/src/lib/usecases/shared-volume-seed.ts
• packages/api/src/services/auth-menu.ts
• packages/app/src/web/api.ts
• packages/app/src/docker-git/menu-project-auth-helpers.ts
• packages/app/src/docker-git/menu-project-auth-gemini.ts
• packages/app/src/lib/usecases/actions/create-project.ts
• packages/app/src/docker-git/menu-auth-helpers.ts
• packages/app/src/docker-git/program-auth.ts
• packages/api/src/services/project-auth.ts
• packages/lib/src/usecases/state-normalize.ts
• packages/lib/src/usecases/shared-volume-seed.ts

**/*.test.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.test.{ts,tsx}: Implement property-based testing using fast-check for mathematical properties and invariants. Example: fc.property(fc.array(messageArbitrary), (messages) => isChronologicallySorted(sortMessagesByTimestamp(messages))).
Mock external dependencies in unit tests using Effect's testing utilities. Run tests without Effect runtime for speed. Example: Effect.provide(MockService), Effect.runPromise.

Files:

• packages/app/tests/docker-git/actions-github-oauth.test.ts
• packages/app/tests/docker-git/core-templates.test.ts
• packages/app/tests/docker-git/actions-codex-oauth.test.ts
• packages/app/tests/docker-git/auth-stream-markers.test.ts
• packages/lib/tests/usecases/state-normalize.test.ts
• packages/app/tests/docker-git/api-auth-schema.test.ts
• packages/lib/tests/core/templates.test.ts
• packages/app/tests/docker-git/create-flow-render.test.ts
• packages/api/tests/auth-menu.test.ts
• packages/api/tests/project-auth.test.ts
• packages/lib/tests/usecases/auth-sync.test.ts
• packages/lib/tests/usecases/shared-volume-seed.test.ts
• packages/lib/tests/usecases/auth-grok.test.ts
• packages/app/tests/docker-git/program.test.ts
• packages/app/tests/docker-git/actions-auth.test.ts

**/*.{test,spec}.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

Property-based tests (fast-check) must verify mathematical invariants; unit tests must use Effect test utilities without async/await.

Files:

• packages/app/tests/docker-git/actions-github-oauth.test.ts
• packages/app/tests/docker-git/core-templates.test.ts
• packages/app/tests/docker-git/actions-codex-oauth.test.ts
• packages/app/tests/docker-git/auth-stream-markers.test.ts
• packages/lib/tests/usecases/state-normalize.test.ts
• packages/app/tests/docker-git/api-auth-schema.test.ts
• packages/lib/tests/core/templates.test.ts
• packages/app/tests/docker-git/create-flow-render.test.ts
• packages/api/tests/auth-menu.test.ts
• packages/api/tests/project-auth.test.ts
• packages/lib/tests/usecases/auth-sync.test.ts
• packages/lib/tests/usecases/shared-volume-seed.test.ts
• packages/lib/tests/usecases/auth-grok.test.ts
• packages/app/tests/docker-git/program.test.ts
• packages/app/tests/docker-git/actions-auth.test.ts

🧠 Learnings (1)

📚 Learning: 2026-05-18T07:43:38.131Z

Learnt from: skulidropek
Repo: ProverCoderAI/docker-git PR: 313
File: packages/api/src/services/panel-cloudflare-tunnel.ts:123-135
Timestamp: 2026-05-18T07:43:38.131Z
Learning: In this repo’s ProverCoderAI/docker-git architecture, it is intentional for service modules under packages/api/src/services/ to call Node.js APIs directly (e.g., fs, child_process, fetch). Do not treat direct Node API usage in these service modules as a dependency-injection (DI) violation. This codebase provides the NodeContext at the program boundary (entry point) rather than injecting Context.Tag/Layer services into individual service modules; reviewers should only flag DI/context issues if the expected boundary setup is missing.

Applied to files:

• packages/api/src/services/auth-account-counts.ts
• packages/api/src/services/auth-menu.ts
• packages/api/src/services/project-auth.ts

🔇 Additional comments (46)

packages/app/src/docker-git/program-auth.ts (1)

24-24: LGTM!

Also applies to: 40-41, 58-58, 73-74, 116-117, 121-121, 123-123, 128-145, 151-151, 191-192

packages/app/src/docker-git/program-unsupported.ts (1)

31-31: LGTM!

Also applies to: 35-35, 39-39, 43-43

packages/app/tests/docker-git/actions-auth.test.ts (1)

5-6: Без замечаний по изменённым сегментам.

Also applies to: 12-14, 18-19, 21-21, 23-23, 36-67, 71-73, 77-77, 79-83, 85-87, 93-94, 110-110, 113-113, 116-116, 119-120

packages/app/tests/docker-git/actions-codex-oauth.test.ts (1)

1-70: Без замечаний по изменённым сегментам.

packages/app/tests/docker-git/actions-github-oauth.test.ts (1)

35-36: Без замечаний по изменённым сегментам.

packages/app/tests/docker-git/api-auth-schema.test.ts (1)

26-27: Без замечаний по изменённым сегментам.

Also applies to: 43-44

packages/app/tests/docker-git/app-ready-create-fixture.ts (1)

7-7: Без замечаний по изменённому сегменту.

packages/app/tests/docker-git/auth-stream-markers.test.ts (1)

7-8: Без замечаний по изменённым сегментам.

Also applies to: 51-63

packages/app/tests/docker-git/core-templates.test.ts (1)

45-52: Без замечаний по изменённым сегментам.

packages/app/tests/docker-git/create-flow-render.test.ts (1)

11-11: Без замечаний по изменённому сегменту.

packages/app/tests/docker-git/program.test.ts (1)

13-14: LGTM!

Also applies to: 31-41, 63-63, 87-89, 114-125, 183-203

packages/lib/tests/core/templates.test.ts (1)

569-580: LGTM!

packages/lib/tests/usecases/auth-grok.test.ts (1)

94-107: LGTM!

packages/lib/tests/usecases/auth-sync.test.ts (1)

395-431: LGTM!

packages/lib/tests/usecases/shared-volume-seed.test.ts (1)

33-33: LGTM!

Also applies to: 46-50, 58-59, 71-79, 93-98, 107-108, 135-153, 159-161

packages/lib/tests/usecases/state-normalize.test.ts (1)

1-66: LGTM!

packages/app/src/lib/usecases/auth-grok-oauth.ts (1)

45-49: LGTM!

Also applies to: 53-53, 77-77, 123-123, 148-148

packages/app/src/lib/usecases/shared-volume-seed.ts (1)

26-42: LGTM!

Also applies to: 44-50, 59-80, 117-127, 148-171, 179-179, 185-188, 206-206, 222-222, 254-264, 286-287, 301-302

packages/lib/src/usecases/shared-volume-seed.ts (1)

25-42: LGTM!

Also applies to: 47-49, 58-79, 116-126, 147-170, 178-178, 184-187, 205-205, 221-221, 253-263, 285-286, 300-301

packages/app/src/lib/usecases/actions/create-project.ts (1)

10-10: LGTM!

Also applies to: 81-85, 93-95

packages/app/src/lib/core/templates-entrypoint/nested-docker-git.ts (1)

9-9: LGTM!

Also applies to: 20-20, 24-24, 197-197

packages/lib/src/usecases/actions/create-project.ts (1)

10-10: LGTM!

Also applies to: 70-74, 82-84

packages/lib/src/core/templates-entrypoint/nested-docker-git.ts (1)

8-8: LGTM!

Also applies to: 19-19, 23-23, 196-196

packages/app/src/lib/usecases/actions/paths.ts (1)

4-4: LGTM!

Also applies to: 11-14, 51-51, 60-62, 74-77

packages/app/src/lib/usecases/actions/prepare-files.ts (1)

326-329: LGTM!

packages/lib/src/usecases/actions/paths.ts (1)

3-3: LGTM!

Also applies to: 10-13, 50-50, 59-61, 73-76

packages/lib/src/usecases/actions/prepare-files.ts (1)

325-328: LGTM!

packages/app/src/lib/usecases/auth-sync.ts (1)

215-216: LGTM!

Also applies to: 229-236

packages/app/src/lib/usecases/state-normalize.ts (1)

33-35: LGTM!

Also applies to: 60-62, 70-72

packages/lib/src/usecases/auth-sync.ts (1)

214-215: LGTM!

Also applies to: 228-235

packages/lib/src/usecases/state-normalize.ts (1)

32-34: LGTM!

Also applies to: 59-60, 69-70

packages/app/src/docker-git/menu-types.ts (1)

88-89: LGTM!

Also applies to: 102-103, 110-110

packages/app/src/docker-git/menu-auth-effects.ts (1)

3-3: LGTM!

Also applies to: 64-75

packages/app/src/docker-git/menu-auth-shared.ts (1)

7-10: LGTM!

Also applies to: 30-31, 59-64, 99-100, 118-119

packages/app/src/docker-git/menu-auth-snapshot-builder.ts (1)

6-9: LGTM!

Also applies to: 13-13, 22-23, 28-31

packages/app/src/docker-git/menu-auth.ts (1)

102-103: LGTM!

packages/app/src/shared/auth-stream-markers.ts (1)

71-77: LGTM!

packages/app/src/web/actions-auth.ts (1)

22-22: LGTM!

Also applies to: 38-38, 140-162, 312-319

packages/app/src/web/api.ts (1)

292-302: LGTM!

packages/app/src/web/api-auth-schema.ts (1)

29-30: LGTM!

packages/app/src/docker-git/menu-render-auth.ts (1)

21-21: LGTM!

Also applies to: 27-27, 44-44, 61-61, 69-69

packages/app/src/web/panel-auth.tsx (1)

13-13: LGTM!

Also applies to: 81-81

packages/app/src/docker-git/menu-project-auth-helpers.ts (1)

11-87: LGTM!

packages/app/src/docker-git/menu-project-auth-grok-credential-text.ts (1)

1-77: LGTM!

packages/app/src/docker-git/menu-project-auth-grok.ts (1)

20-62: LGTM!

packages/app/src/docker-git/menu-project-auth-gemini.ts (1)

21-26: LGTM!

Also applies to: 37-41, 60-72

[skulidropek]

AI Session Backup

Commit: 3c203f6
Status: success
Files: 13 (16.86 MB)
Links: README | Manifest

git status

On branch issue-327
Your branch is up to date with 'origin/issue-327'.

Changes not staged for commit:
  (use "git add <file>..." to update what will be committed)
  (use "git restore <file>..." to discard changes in working directory)
	modified:   .github/workflows/check.yml
	modified:   bun.lock
	modified:   package.json
	modified:   pnpm-workspace.yaml

Untracked files:
  (use "git add <file>..." to include in what will be committed)
	.playwright-mcp/
	exports/
	packages/rostender-csv-exporter/

no changes added to commit (use "git add" and/or "git commit -a")

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@packages/app/src/web/actions-github-oauth.ts`:
- Line 19: The startMessage string in the GitHub OAuth flow ("startMessage:
\"GitHub OAuth запущен. Следуй инструкциям в Output.\",") is in Russian while
the rest of the UI is English; update the startMessage to an English, consistent
message (e.g., "GitHub OAuth started. Follow the instructions in Output.") by
locating and editing the startMessage property in
packages/app/src/web/actions-github-oauth.ts so the OAuth start text matches the
surrounding English UI.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 9dd05442-1813-49e9-8be1-a23435ed24a4

📥 Commits

Reviewing files that changed from the base of the PR and between b81f280 and 3c203f6.

📒 Files selected for processing (12)

• packages/app/src/docker-git/menu-auth-file-helpers.ts
• packages/app/src/docker-git/menu-auth-helpers.ts
• packages/app/src/docker-git/menu-auth-snapshot-builder.ts
• packages/app/src/docker-git/menu-project-auth-helpers.ts
• packages/app/src/docker-git/program-auth.ts
• packages/app/src/web/actions-auth.ts
• packages/app/src/web/actions-codex-oauth.ts
• packages/app/src/web/actions-github-oauth.ts
• packages/app/src/web/actions-terminal-auth.ts
• packages/app/src/web/actions-visible-auth-stream.ts
• packages/app/tests/docker-git/actions-auth.test.ts
• packages/app/tests/docker-git/actions-codex-oauth.test.ts

📜 Review details

⏰ Context from checks skipped due to timeout of 900000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)

• GitHub Check: E2E (Browser command)
• GitHub Check: E2E (Login context)
• GitHub Check: E2E (Runtime volumes + SSH)
• GitHub Check: E2E (Clone auto-open SSH)
• GitHub Check: E2E (OpenCode)
• GitHub Check: E2E (Clone cache)

🧰 Additional context used

📓 Path-based instructions (8)

**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.{ts,tsx}: Implement Functional Core, Imperative Shell (FCIS) pattern: CORE layer contains only pure functions with immutable data and mathematical operations; SHELL layer isolates all effects (IO, network, database). Strict dependency direction: SHELL → CORE (never reverse).
Never use any, unknown, eslint-disable, ts-ignore, or as type assertions (except in rigorously justified cases with documentation). Always use exhaustive union type analysis through .exhaustive() pattern matching.
All external dependencies must be wrapped through typed interfaces and injected via Effect-TS Layer pattern. Never call external services directly from CORE functions.
Use monadic composition with Effect-TS for all effects: Effect<Success, Error, Requirements>. Compose effects through pipe() and Effect.flatMap(). Implement dependency injection via Layer pattern. Handle errors without try/catch blocks.
All functions must be pure in the CORE layer: no side effects (logging, console output, IO operations, mutations). Separate all side effects into the SHELL layer.
Use exhaustive pattern matching with Effect.Match instead of switch statements. Example: Match.value(item).pipe(Match.when(...), Match.exhaustive).
Document all functions with comprehensive TSDoc including: @pure (true/false), @effect (required services), @invariant (mathematical invariants), @precondition, @postcondition, @complexity (time and space), @throws Never (errors must be typed in Effect).
Use functional comment markers for code clarity: CHANGE (brief description), WHY (mathematical/architectural justification), QUOTE(ТЗ) (requirement citation), REF (RTM or message ID), SOURCE (external source with quote), FORMAT THEOREM (∀x ∈ Domain: P(x) → Q(f(x))), PURITY (CORE|SHELL), EFFECT (Effect type signature), INVARIANT (mathematical invariant), COMPLEXITY (time/space).
Define all external service dependencies as Context.Tag classes with fully typed methods returning Effect types. Example: `class Da...

Files:

• packages/app/src/web/actions-visible-auth-stream.ts
• packages/app/src/web/actions-terminal-auth.ts
• packages/app/src/docker-git/menu-auth-file-helpers.ts
• packages/app/tests/docker-git/actions-codex-oauth.test.ts
• packages/app/src/docker-git/program-auth.ts
• packages/app/src/docker-git/menu-auth-snapshot-builder.ts
• packages/app/tests/docker-git/actions-auth.test.ts
• packages/app/src/web/actions-github-oauth.ts
• packages/app/src/web/actions-codex-oauth.ts
• packages/app/src/docker-git/menu-project-auth-helpers.ts
• packages/app/src/docker-git/menu-auth-helpers.ts
• packages/app/src/web/actions-auth.ts

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (AGENTS.md)

**/*.{ts,tsx,js,jsx}: Forbidden constructs in CORE code: any, eslint-disable, ts-ignore, async/await, raw Promise chains (then/catch), Promise.all, try/catch for logic control, console.*, switch statements (use Match with .exhaustive() instead)
All functions must use Effect-TS for composing effects: Effect<Success, Error, Requirements>. No direct async/await, Promise chains, or try/catch in product logic.
Functional comments must include: CHANGE, WHY, QUOTE(ТЗ) or n/a, REF, SOURCE or n/a, FORMAT THEOREM, PURITY (CORE|SHELL), EFFECT signature for SHELL functions, INVARIANT, and COMPLEXITY.
All data mutations must use immutable patterns (ReadonlyArray, readonly properties, Object.freeze); mutation in SHELL only when absolutely necessary and documented.

Files:

• packages/app/src/web/actions-visible-auth-stream.ts
• packages/app/src/web/actions-terminal-auth.ts
• packages/app/src/docker-git/menu-auth-file-helpers.ts
• packages/app/tests/docker-git/actions-codex-oauth.test.ts
• packages/app/src/docker-git/program-auth.ts
• packages/app/src/docker-git/menu-auth-snapshot-builder.ts
• packages/app/tests/docker-git/actions-auth.test.ts
• packages/app/src/web/actions-github-oauth.ts
• packages/app/src/web/actions-codex-oauth.ts
• packages/app/src/docker-git/menu-project-auth-helpers.ts
• packages/app/src/docker-git/menu-auth-helpers.ts
• packages/app/src/web/actions-auth.ts

**/*.{sh,bash,py,js,ts,jsx,tsx,go,java,rb,php}

📄 CodeRabbit inference engine (Custom checks)

Fail if changed files introduce command injection or unsafe shell/process execution with user-controlled input

Files:

• packages/app/src/web/actions-visible-auth-stream.ts
• packages/app/src/web/actions-terminal-auth.ts
• packages/app/src/docker-git/menu-auth-file-helpers.ts
• packages/app/tests/docker-git/actions-codex-oauth.test.ts
• packages/app/src/docker-git/program-auth.ts
• packages/app/src/docker-git/menu-auth-snapshot-builder.ts
• packages/app/tests/docker-git/actions-auth.test.ts
• packages/app/src/web/actions-github-oauth.ts
• packages/app/src/web/actions-codex-oauth.ts
• packages/app/src/docker-git/menu-project-auth-helpers.ts
• packages/app/src/docker-git/menu-auth-helpers.ts
• packages/app/src/web/actions-auth.ts

**/*.{py,js,ts,jsx,tsx,go,java,rb,php,sh,bash,c,cpp}

📄 CodeRabbit inference engine (Custom checks)

Fail if changed files introduce path traversal or writes outside intended project/container state directories

Files:

• packages/app/src/web/actions-visible-auth-stream.ts
• packages/app/src/web/actions-terminal-auth.ts
• packages/app/src/docker-git/menu-auth-file-helpers.ts
• packages/app/tests/docker-git/actions-codex-oauth.test.ts
• packages/app/src/docker-git/program-auth.ts
• packages/app/src/docker-git/menu-auth-snapshot-builder.ts
• packages/app/tests/docker-git/actions-auth.test.ts
• packages/app/src/web/actions-github-oauth.ts
• packages/app/src/web/actions-codex-oauth.ts
• packages/app/src/docker-git/menu-project-auth-helpers.ts
• packages/app/src/docker-git/menu-auth-helpers.ts
• packages/app/src/web/actions-auth.ts

**/*.{js,ts,jsx,tsx,py,java,go,rb,php,sh,bash,yml,yaml,json,env*,toml,cfg,config,dockerfile,dockerignore}

📄 CodeRabbit inference engine (Custom checks)

Fail if changed files expose credentials, tokens, private-keys, or PII in source, generated config, logs, or CI output

Files:

• packages/app/src/web/actions-visible-auth-stream.ts
• packages/app/src/web/actions-terminal-auth.ts
• packages/app/src/docker-git/menu-auth-file-helpers.ts
• packages/app/tests/docker-git/actions-codex-oauth.test.ts
• packages/app/src/docker-git/program-auth.ts
• packages/app/src/docker-git/menu-auth-snapshot-builder.ts
• packages/app/tests/docker-git/actions-auth.test.ts
• packages/app/src/web/actions-github-oauth.ts
• packages/app/src/web/actions-codex-oauth.ts
• packages/app/src/docker-git/menu-project-auth-helpers.ts
• packages/app/src/docker-git/menu-auth-helpers.ts
• packages/app/src/web/actions-auth.ts

**/*

⚙️ CodeRabbit configuration file

**/*: Ты строгий ревьюер SPEC DRIVEN DEVELOPMENT.

Перед выводами изучи README.md, другие *.md файлы, linked issues,
PR description, PR comments/discussion и релевантную кодовую базу.

Сверь изменения с исходным ТЗ/спекой и обсуждением. Флагай любой уход
от спеки, недокументированное изменение поведения, отсутствие тестов
для заявленного поведения и security-риск. Если спека не видна,
попроси автора добавить ее в issue или PR description.

Проверь решение с точки зрения формальной верификации: какие инварианты,
предусловия и постусловия можно доказать математически, а где доказуемость
слабая. Оцени решение с точки зрения теории игр: устойчивы ли стимулы,
нет ли выгодного обхода правил, и какое решение было бы сильнее.

Files:

• packages/app/src/web/actions-visible-auth-stream.ts
• packages/app/src/web/actions-terminal-auth.ts
• packages/app/src/docker-git/menu-auth-file-helpers.ts
• packages/app/tests/docker-git/actions-codex-oauth.test.ts
• packages/app/src/docker-git/program-auth.ts
• packages/app/src/docker-git/menu-auth-snapshot-builder.ts
• packages/app/tests/docker-git/actions-auth.test.ts
• packages/app/src/web/actions-github-oauth.ts
• packages/app/src/web/actions-codex-oauth.ts
• packages/app/src/docker-git/menu-project-auth-helpers.ts
• packages/app/src/docker-git/menu-auth-helpers.ts
• packages/app/src/web/actions-auth.ts

**/*.test.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.test.{ts,tsx}: Implement property-based testing using fast-check for mathematical properties and invariants. Example: fc.property(fc.array(messageArbitrary), (messages) => isChronologicallySorted(sortMessagesByTimestamp(messages))).
Mock external dependencies in unit tests using Effect's testing utilities. Run tests without Effect runtime for speed. Example: Effect.provide(MockService), Effect.runPromise.

Files:

• packages/app/tests/docker-git/actions-codex-oauth.test.ts
• packages/app/tests/docker-git/actions-auth.test.ts

**/*.{test,spec}.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

Property-based tests (fast-check) must verify mathematical invariants; unit tests must use Effect test utilities without async/await.

Files:

• packages/app/tests/docker-git/actions-codex-oauth.test.ts
• packages/app/tests/docker-git/actions-auth.test.ts

🔇 Additional comments (11)

packages/app/src/web/actions-visible-auth-stream.ts (1)

36-71: LGTM!

packages/app/src/web/actions-terminal-auth.ts (1)

5-32: LGTM!

packages/app/src/docker-git/menu-auth-file-helpers.ts (1)

10-27: LGTM!

packages/app/tests/docker-git/actions-codex-oauth.test.ts (1)

1-1: LGTM!

Also applies to: 72-72

packages/app/src/docker-git/program-auth.ts (1)

24-24: LGTM!

Also applies to: 40-42, 58-63, 73-75, 116-153, 191-193

packages/app/src/docker-git/menu-auth-snapshot-builder.ts (1)

18-23: LGTM!

Also applies to: 28-28, 32-50

packages/app/tests/docker-git/actions-auth.test.ts (1)

1-1: LGTM!

Also applies to: 124-124

packages/app/src/web/actions-codex-oauth.ts (1)

24-24: Повтор ранее отмеченного замечания: унифицируй язык сообщения в Web Auth UI.

Здесь текст для пользователя остаётся на русском, тогда как остальной flow в панели авторизации на английском.

packages/app/src/docker-git/menu-auth-helpers.ts (1)

41-42: Повтор ранее поднятого риска: подсчёт credential-аккаунтов всё ещё хрупкий к единичной ошибке stat.

Один сбой fs.stat по entry может прервать весь эффект подсчёта вместо best-effort поведения.

packages/app/src/docker-git/menu-project-auth-helpers.ts (1)

5-8: LGTM!

Also applies to: 15-73

packages/app/src/web/actions-auth.ts (1)

8-8: LGTM!

Also applies to: 21-21, 32-32, 68-71, 189-206, 265-290, 301-301, 304-304

[skulidropek]

AI Session Backup

Commit: a105641
Status: success
Files: 13 (17.58 MB)
Links: README | Manifest

git status

On branch issue-327
Your branch is up to date with 'origin/issue-327'.

Changes not staged for commit:
  (use "git add <file>..." to update what will be committed)
  (use "git restore <file>..." to discard changes in working directory)
	modified:   .github/workflows/check.yml
	modified:   bun.lock
	modified:   package.json
	modified:   pnpm-workspace.yaml

Untracked files:
  (use "git add <file>..." to include in what will be committed)
	.playwright-mcp/
	exports/
	packages/rostender-csv-exporter/

no changes added to commit (use "git add" and/or "git commit -a")

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@packages/lib/src/usecases/auth-grok-oauth.ts`:
- Line 130: Update README.md to reflect the new Grok OAuth/browser flow (replace
any references to "device-code login flow" and its operator/support steps).
Locate the documentation section that describes Grok authentication (referencing
the usecases/auth-grok-oauth.ts module and the function implementing the
OAuth/browser flow) and rewrite the verification, support, and troubleshooting
steps to match the OAuth/browser flow (browser-based consent,
redirect/credential write behavior, and normalized permissions) and add any
required short instructions for operators to follow during auth. Ensure the
README change is included in this PR alongside the code change.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: acd91fd7-740c-4fd4-b84f-d1401a32ed59

📥 Commits

Reviewing files that changed from the base of the PR and between 3c203f6 and a105641.

📒 Files selected for processing (11)

• packages/api/src/services/auth-account-counts.ts
• packages/api/tests/auth-menu.test.ts
• packages/app/src/docker-git/api-auth-codec.ts
• packages/app/src/docker-git/menu-auth-helpers.ts
• packages/app/src/web/actions-codex-oauth.ts
• packages/app/src/web/actions-github-oauth.ts
• packages/app/tests/docker-git/actions-codex-oauth.test.ts
• packages/app/tests/docker-git/actions-github-oauth.test.ts
• packages/app/tests/docker-git/api-auth-codec.test.ts
• packages/app/tests/docker-git/menu-auth-helpers.test.ts
• packages/lib/src/usecases/auth-grok-oauth.ts

📜 Review details

⏰ Context from checks skipped due to timeout of 900000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: E2E (Clone auto-open SSH)
• GitHub Check: E2E (Login context)
• GitHub Check: E2E (OpenCode)
• GitHub Check: E2E (Clone cache)
• GitHub Check: E2E (Runtime volumes + SSH)

🧰 Additional context used

📓 Path-based instructions (8)

**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.{ts,tsx}: Implement Functional Core, Imperative Shell (FCIS) pattern: CORE layer contains only pure functions with immutable data and mathematical operations; SHELL layer isolates all effects (IO, network, database). Strict dependency direction: SHELL → CORE (never reverse).
Never use any, unknown, eslint-disable, ts-ignore, or as type assertions (except in rigorously justified cases with documentation). Always use exhaustive union type analysis through .exhaustive() pattern matching.
All external dependencies must be wrapped through typed interfaces and injected via Effect-TS Layer pattern. Never call external services directly from CORE functions.
Use monadic composition with Effect-TS for all effects: Effect<Success, Error, Requirements>. Compose effects through pipe() and Effect.flatMap(). Implement dependency injection via Layer pattern. Handle errors without try/catch blocks.
All functions must be pure in the CORE layer: no side effects (logging, console output, IO operations, mutations). Separate all side effects into the SHELL layer.
Use exhaustive pattern matching with Effect.Match instead of switch statements. Example: Match.value(item).pipe(Match.when(...), Match.exhaustive).
Document all functions with comprehensive TSDoc including: @pure (true/false), @effect (required services), @invariant (mathematical invariants), @precondition, @postcondition, @complexity (time and space), @throws Never (errors must be typed in Effect).
Use functional comment markers for code clarity: CHANGE (brief description), WHY (mathematical/architectural justification), QUOTE(ТЗ) (requirement citation), REF (RTM or message ID), SOURCE (external source with quote), FORMAT THEOREM (∀x ∈ Domain: P(x) → Q(f(x))), PURITY (CORE|SHELL), EFFECT (Effect type signature), INVARIANT (mathematical invariant), COMPLEXITY (time/space).
Define all external service dependencies as Context.Tag classes with fully typed methods returning Effect types. Example: `class Da...

Files:

• packages/app/tests/docker-git/actions-github-oauth.test.ts
• packages/app/src/web/actions-codex-oauth.ts
• packages/app/tests/docker-git/api-auth-codec.test.ts
• packages/app/src/docker-git/api-auth-codec.ts
• packages/app/src/web/actions-github-oauth.ts
• packages/app/tests/docker-git/menu-auth-helpers.test.ts
• packages/api/tests/auth-menu.test.ts
• packages/app/tests/docker-git/actions-codex-oauth.test.ts
• packages/app/src/docker-git/menu-auth-helpers.ts
• packages/api/src/services/auth-account-counts.ts
• packages/lib/src/usecases/auth-grok-oauth.ts

**/*.test.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.test.{ts,tsx}: Implement property-based testing using fast-check for mathematical properties and invariants. Example: fc.property(fc.array(messageArbitrary), (messages) => isChronologicallySorted(sortMessagesByTimestamp(messages))).
Mock external dependencies in unit tests using Effect's testing utilities. Run tests without Effect runtime for speed. Example: Effect.provide(MockService), Effect.runPromise.

Files:

• packages/app/tests/docker-git/actions-github-oauth.test.ts
• packages/app/tests/docker-git/api-auth-codec.test.ts
• packages/app/tests/docker-git/menu-auth-helpers.test.ts
• packages/api/tests/auth-menu.test.ts
• packages/app/tests/docker-git/actions-codex-oauth.test.ts

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (AGENTS.md)

**/*.{ts,tsx,js,jsx}: Forbidden constructs in CORE code: any, eslint-disable, ts-ignore, async/await, raw Promise chains (then/catch), Promise.all, try/catch for logic control, console.*, switch statements (use Match with .exhaustive() instead)
All functions must use Effect-TS for composing effects: Effect<Success, Error, Requirements>. No direct async/await, Promise chains, or try/catch in product logic.
Functional comments must include: CHANGE, WHY, QUOTE(ТЗ) or n/a, REF, SOURCE or n/a, FORMAT THEOREM, PURITY (CORE|SHELL), EFFECT signature for SHELL functions, INVARIANT, and COMPLEXITY.
All data mutations must use immutable patterns (ReadonlyArray, readonly properties, Object.freeze); mutation in SHELL only when absolutely necessary and documented.

Files:

• packages/app/tests/docker-git/actions-github-oauth.test.ts
• packages/app/src/web/actions-codex-oauth.ts
• packages/app/tests/docker-git/api-auth-codec.test.ts
• packages/app/src/docker-git/api-auth-codec.ts
• packages/app/src/web/actions-github-oauth.ts
• packages/app/tests/docker-git/menu-auth-helpers.test.ts
• packages/api/tests/auth-menu.test.ts
• packages/app/tests/docker-git/actions-codex-oauth.test.ts
• packages/app/src/docker-git/menu-auth-helpers.ts
• packages/api/src/services/auth-account-counts.ts
• packages/lib/src/usecases/auth-grok-oauth.ts

**/*.{test,spec}.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

Property-based tests (fast-check) must verify mathematical invariants; unit tests must use Effect test utilities without async/await.

Files:

• packages/app/tests/docker-git/actions-github-oauth.test.ts
• packages/app/tests/docker-git/api-auth-codec.test.ts
• packages/app/tests/docker-git/menu-auth-helpers.test.ts
• packages/api/tests/auth-menu.test.ts
• packages/app/tests/docker-git/actions-codex-oauth.test.ts

**/*.{sh,bash,py,js,ts,jsx,tsx,go,java,rb,php}

📄 CodeRabbit inference engine (Custom checks)

Fail if changed files introduce command injection or unsafe shell/process execution with user-controlled input

Files:

• packages/app/tests/docker-git/actions-github-oauth.test.ts
• packages/app/src/web/actions-codex-oauth.ts
• packages/app/tests/docker-git/api-auth-codec.test.ts
• packages/app/src/docker-git/api-auth-codec.ts
• packages/app/src/web/actions-github-oauth.ts
• packages/app/tests/docker-git/menu-auth-helpers.test.ts
• packages/api/tests/auth-menu.test.ts
• packages/app/tests/docker-git/actions-codex-oauth.test.ts
• packages/app/src/docker-git/menu-auth-helpers.ts
• packages/api/src/services/auth-account-counts.ts
• packages/lib/src/usecases/auth-grok-oauth.ts

**/*.{py,js,ts,jsx,tsx,go,java,rb,php,sh,bash,c,cpp}

📄 CodeRabbit inference engine (Custom checks)

Fail if changed files introduce path traversal or writes outside intended project/container state directories

Files:

• packages/app/tests/docker-git/actions-github-oauth.test.ts
• packages/app/src/web/actions-codex-oauth.ts
• packages/app/tests/docker-git/api-auth-codec.test.ts
• packages/app/src/docker-git/api-auth-codec.ts
• packages/app/src/web/actions-github-oauth.ts
• packages/app/tests/docker-git/menu-auth-helpers.test.ts
• packages/api/tests/auth-menu.test.ts
• packages/app/tests/docker-git/actions-codex-oauth.test.ts
• packages/app/src/docker-git/menu-auth-helpers.ts
• packages/api/src/services/auth-account-counts.ts
• packages/lib/src/usecases/auth-grok-oauth.ts

**/*.{js,ts,jsx,tsx,py,java,go,rb,php,sh,bash,yml,yaml,json,env*,toml,cfg,config,dockerfile,dockerignore}

📄 CodeRabbit inference engine (Custom checks)

Fail if changed files expose credentials, tokens, private-keys, or PII in source, generated config, logs, or CI output

Files:

• packages/app/tests/docker-git/actions-github-oauth.test.ts
• packages/app/src/web/actions-codex-oauth.ts
• packages/app/tests/docker-git/api-auth-codec.test.ts
• packages/app/src/docker-git/api-auth-codec.ts
• packages/app/src/web/actions-github-oauth.ts
• packages/app/tests/docker-git/menu-auth-helpers.test.ts
• packages/api/tests/auth-menu.test.ts
• packages/app/tests/docker-git/actions-codex-oauth.test.ts
• packages/app/src/docker-git/menu-auth-helpers.ts
• packages/api/src/services/auth-account-counts.ts
• packages/lib/src/usecases/auth-grok-oauth.ts

**/*

⚙️ CodeRabbit configuration file

**/*: Ты строгий ревьюер SPEC DRIVEN DEVELOPMENT.

Перед выводами изучи README.md, другие *.md файлы, linked issues,
PR description, PR comments/discussion и релевантную кодовую базу.

Сверь изменения с исходным ТЗ/спекой и обсуждением. Флагай любой уход
от спеки, недокументированное изменение поведения, отсутствие тестов
для заявленного поведения и security-риск. Если спека не видна,
попроси автора добавить ее в issue или PR description.

Проверь решение с точки зрения формальной верификации: какие инварианты,
предусловия и постусловия можно доказать математически, а где доказуемость
слабая. Оцени решение с точки зрения теории игр: устойчивы ли стимулы,
нет ли выгодного обхода правил, и какое решение было бы сильнее.

Files:

• packages/app/tests/docker-git/actions-github-oauth.test.ts
• packages/app/src/web/actions-codex-oauth.ts
• packages/app/tests/docker-git/api-auth-codec.test.ts
• packages/app/src/docker-git/api-auth-codec.ts
• packages/app/src/web/actions-github-oauth.ts
• packages/app/tests/docker-git/menu-auth-helpers.test.ts
• packages/api/tests/auth-menu.test.ts
• packages/app/tests/docker-git/actions-codex-oauth.test.ts
• packages/app/src/docker-git/menu-auth-helpers.ts
• packages/api/src/services/auth-account-counts.ts
• packages/lib/src/usecases/auth-grok-oauth.ts

🧠 Learnings (1)

📚 Learning: 2026-05-18T07:43:38.131Z

Learnt from: skulidropek
Repo: ProverCoderAI/docker-git PR: 313
File: packages/api/src/services/panel-cloudflare-tunnel.ts:123-135
Timestamp: 2026-05-18T07:43:38.131Z
Learning: In this repo’s ProverCoderAI/docker-git architecture, it is intentional for service modules under packages/api/src/services/ to call Node.js APIs directly (e.g., fs, child_process, fetch). Do not treat direct Node API usage in these service modules as a dependency-injection (DI) violation. This codebase provides the NodeContext at the program boundary (entry point) rather than injecting Context.Tag/Layer services into individual service modules; reviewers should only flag DI/context issues if the expected boundary setup is missing.

Applied to files:

• packages/api/src/services/auth-account-counts.ts

🔇 Additional comments (10)

packages/app/tests/docker-git/actions-github-oauth.test.ts (1)

70-73: LGTM!

packages/app/src/web/actions-codex-oauth.ts (1)

24-24: LGTM!

packages/app/tests/docker-git/api-auth-codec.test.ts (1)

1-35: LGTM!

packages/app/src/docker-git/api-auth-codec.ts (1)

82-82: LGTM!

Also applies to: 90-90

packages/app/src/web/actions-github-oauth.ts (1)

19-19: LGTM!

packages/app/tests/docker-git/menu-auth-helpers.test.ts (1)

1-68: LGTM!

packages/api/tests/auth-menu.test.ts (1)

67-67: LGTM!

Also applies to: 74-75, 78-84, 106-106, 108-109

packages/app/tests/docker-git/actions-codex-oauth.test.ts (1)

62-65: LGTM!

packages/app/src/docker-git/menu-auth-helpers.ts (1)

22-23: LGTM!

Also applies to: 43-45, 59-73, 87-87

packages/api/src/services/auth-account-counts.ts (1)

16-17: LGTM!

Also applies to: 240-245, 253-255, 278-283, 291-293

[skulidropek]

AI Session Backup

Commit: 68cccad
Status: success
Files: 13 (17.78 MB)
Links: README | Manifest

git status

On branch issue-327
Your branch is up to date with 'origin/issue-327'.

Changes not staged for commit:
  (use "git add <file>..." to update what will be committed)
  (use "git restore <file>..." to discard changes in working directory)
	modified:   .github/workflows/check.yml
	modified:   bun.lock
	modified:   package.json
	modified:   pnpm-workspace.yaml

Untracked files:
  (use "git add <file>..." to include in what will be committed)
	.playwright-mcp/
	exports/
	packages/rostender-csv-exporter/

no changes added to commit (use "git add" and/or "git commit -a")

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@README.md`:
- Around line 31-38: The README contains a language inconsistency: the paragraph
starting with "Grok support uses the official xAI CLI installer..." is in
English while the rest of the README is Russian; replace that English paragraph
with a clear Russian translation preserving the same meaning (describe the xAI
CLI installer URL, the interactive `grok login` OAuth/browser flow inside the
auth container, instructions to open the sign-in URL and paste the callback if
local callback fails, and mention storage of normalized Grok credentials and
API-key env vars `GROK_DEPLOYMENT_KEY`, `GROK_API_KEY`, `XAI_API_KEY` under the
selected Grok account label), keeping formatting and code/variable names
unchanged.
- Around line 37-38: Update README.md to explicitly document the Grok API
environment variable priority: state that when multiple keys are present the
code selects GROK_DEPLOYMENT_KEY first, then GROK_API_KEY, and finally
XAI_API_KEY; mention that this is the deterministic override order so users know
which variable will be used if more than one is set.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 314cc2ae-86d4-478a-a869-820b35464a4e

📥 Commits

Reviewing files that changed from the base of the PR and between a105641 and 68cccad.

📒 Files selected for processing (1)

• README.md

📜 Review details

⏰ Context from checks skipped due to timeout of 900000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)

• GitHub Check: E2E (Login context)
• GitHub Check: E2E (Runtime volumes + SSH)
• GitHub Check: E2E (Clone auto-open SSH)
• GitHub Check: E2E (OpenCode)
• GitHub Check: E2E (Browser command)
• GitHub Check: E2E (Clone cache)

🧰 Additional context used

📓 Path-based instructions (1)

**/*

⚙️ CodeRabbit configuration file

**/*: Ты строгий ревьюер SPEC DRIVEN DEVELOPMENT.

Перед выводами изучи README.md, другие *.md файлы, linked issues,
PR description, PR comments/discussion и релевантную кодовую базу.

Сверь изменения с исходным ТЗ/спекой и обсуждением. Флагай любой уход
от спеки, недокументированное изменение поведения, отсутствие тестов
для заявленного поведения и security-риск. Если спека не видна,
попроси автора добавить ее в issue или PR description.

Проверь решение с точки зрения формальной верификации: какие инварианты,
предусловия и постусловия можно доказать математически, а где доказуемость
слабая. Оцени решение с точки зрения теории игр: устойчивы ли стимулы,
нет ли выгодного обхода правил, и какое решение было бы сильнее.

Files:

• README.md

🧠 Learnings (1)

📓 Common learnings

Learnt from: CR
Repo: ProverCoderAI/docker-git

Timestamp: 2026-05-20T16:56:11.295Z
Learning: Use the official xAI CLI installer from `https://x.ai/cli/install.sh` for Grok authentication and run the interactive `grok login` OAuth/browser flow inside the auth container

Learnt from: CR
Repo: ProverCoderAI/docker-git

Timestamp: 2026-05-20T16:56:11.295Z
Learning: Store Grok credentials under the selected Grok account label; API-key auth can be stored via `GROK_DEPLOYMENT_KEY`, `GROK_API_KEY`, or `XAI_API_KEY` environment variables

Learnt from: CR
Repo: ProverCoderAI/docker-git

Timestamp: 2026-05-20T16:56:11.295Z
Learning: Docker-git is host-Docker-backed by design - the controller container communicates with the host Docker daemon via bind-mounted `/var/run/docker.sock` with no isolated Docker-in-Docker runtime

Learnt from: CR
Repo: ProverCoderAI/docker-git

Timestamp: 2026-05-20T16:56:11.295Z
Learning: Use the structure: APP (CLI + React Frontend) works only with API and has no access to LIB; API works only with LIB; LIB contains all backend and main business logic

Learnt from: CR
Repo: ProverCoderAI/docker-git

Timestamp: 2026-05-20T16:56:11.295Z
Learning: Implement per-project container initialization and management through the controller container talking to host Docker daemon via `/var/run/docker.sock`

Learnt from: CR
Repo: ProverCoderAI/docker-git

Timestamp: 2026-05-20T16:56:11.295Z
Learning: Store controller resource limit configuration (CPU, RAM, memory swap, PID limits) as configurable environment variables with documented defaults

🔇 Additional comments (1)

README.md (1)

31-31: URL установщика xAI CLI доступен и корректен.

Проверка подтвердила, что https://x.ai/cli/install.sh возвращает валидный shell-скрипт установщика (HTTP 200) с правильным содержимым. Документация в README.md ссылается на рабочий и доступный ресурс.

[skulidropek]

AI Session Backup

Commit: 7583c9b
Status: success
Files: 13 (18.18 MB)
Links: README | Manifest

git status

On branch issue-327
Your branch is up to date with 'origin/issue-327'.

Changes not staged for commit:
  (use "git add <file>..." to update what will be committed)
  (use "git restore <file>..." to discard changes in working directory)
	modified:   .github/workflows/check.yml
	modified:   bun.lock
	modified:   package.json
	modified:   pnpm-workspace.yaml

Untracked files:
  (use "git add <file>..." to include in what will be committed)
	.playwright-mcp/
	exports/
	packages/rostender-csv-exporter/

no changes added to commit (use "git add" and/or "git commit -a")

[skulidropek]

AI Session Backup

Commit: 6aa93b9
Status: success
Files: 13 (18.44 MB)
Links: README | Manifest

git status

On branch issue-327
Your branch is up to date with 'origin/issue-327'.

Changes not staged for commit:
  (use "git add <file>..." to update what will be committed)
  (use "git restore <file>..." to discard changes in working directory)
	modified:   .github/workflows/check.yml
	modified:   bun.lock
	modified:   package.json
	modified:   pnpm-workspace.yaml

Untracked files:
  (use "git add <file>..." to include in what will be committed)
	.playwright-mcp/
	exports/
	packages/rostender-csv-exporter/

no changes added to commit (use "git add" and/or "git commit -a")

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@README.md`:
- Line 31: Restore Grok-specific operational docs in README by re-adding a Grok
section that (1) references the xAI CLI installer URL
(https://x.ai/cli/install.sh), (2) documents the three environment variables
GROK_DEPLOYMENT_KEY, GROK_API_KEY and XAI_API_KEY and their explicit priority
order, and (3) clarifies that Grok uses the unified OAuth flow described for all
providers (keep the generic `login` command text) while removing any mention of
device-auth/device-code for Grok; update the README content near the `login`
description to include this unified OAuth note and a short Grok subsection with
the installer URL and env var priority.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: cc34d403-c427-4003-afb1-cef347302bcf

📥 Commits

Reviewing files that changed from the base of the PR and between 7583c9b and 6aa93b9.

📒 Files selected for processing (1)

• README.md

📜 Review details

⏰ Context from checks skipped due to timeout of 900000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (10)

• GitHub Check: E2E (Runtime volumes + SSH)
• GitHub Check: Build
• GitHub Check: E2E (Login context)
• GitHub Check: E2E (Clone cache)
• GitHub Check: E2E (Clone auto-open SSH)
• GitHub Check: Lint
• GitHub Check: E2E (OpenCode)
• GitHub Check: Test
• GitHub Check: E2E (Browser command)
• GitHub Check: Final build (windows-latest)

🧰 Additional context used

📓 Path-based instructions (1)

**/*

⚙️ CodeRabbit configuration file

**/*: Ты строгий ревьюер SPEC DRIVEN DEVELOPMENT.

Перед выводами изучи README.md, другие *.md файлы, linked issues,
PR description, PR comments/discussion и релевантную кодовую базу.

Сверь изменения с исходным ТЗ/спекой и обсуждением. Флагай любой уход
от спеки, недокументированное изменение поведения, отсутствие тестов
для заявленного поведения и security-риск. Если спека не видна,
попроси автора добавить ее в issue или PR description.

Проверь решение с точки зрения формальной верификации: какие инварианты,
предусловия и постусловия можно доказать математически, а где доказуемость
слабая. Оцени решение с точки зрения теории игр: устойчивы ли стимулы,
нет ли выгодного обхода правил, и какое решение было бы сильнее.

Files:

• README.md

🧠 Learnings (1)

📓 Common learnings

Learnt from: CR
Repo: ProverCoderAI/docker-git

Timestamp: 2026-05-20T17:33:34.065Z
Learning: APP (CLI + React Frontend) should only work with the API layer and must not have direct access to LIB

Learnt from: CR
Repo: ProverCoderAI/docker-git

Timestamp: 2026-05-20T17:33:34.065Z
Learning: API server should only work with LIB and must not be accessed directly by APP except through the defined API interface

Learnt from: CR
Repo: ProverCoderAI/docker-git

Timestamp: 2026-05-20T17:33:34.065Z
Learning: docker-git must use host-Docker-backed runtime design where the controller container communicates with the host Docker daemon via bind-mounted /var/run/docker.sock, with no Docker-in-Docker isolation

Learnt from: CR
Repo: ProverCoderAI/docker-git

Timestamp: 2026-05-20T17:33:34.065Z
Learning: Controller container GPU mode is controlled separately via DOCKER_GIT_CONTROLLER_GPU environment variable, defaulting to none

[coderabbitai]

⚠️ Potential issue | 🟠 Major | 🏗️ Heavy lift

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Проверяем, используется ли xAI CLI installer и env vars в кодовой базе

echo "=== Поиск использования xAI CLI installer ==="
rg -n 'x\.ai.*install|xai.*cli|grok.*login' --type=ts --type=js -g '!node_modules' -g '!dist'

echo -e "\n=== Поиск обработки Grok env vars ==="
rg -n 'GROK_DEPLOYMENT_KEY|GROK_API_KEY|XAI_API_KEY' --type=ts --type=js -g '!node_modules' -g '!dist'

echo -e "\n=== Поиск Grok OAuth flow implementation ==="
rg -n 'grok.*oauth|GrokOauth' --type=ts --type=js -g '!node_modules' -g '!dist' | head -20

Repository: ProverCoderAI/docker-git

Length of output: 14857

---

Восстановите операционную документацию Grok-специфичных деталей, которые всё ещё используются в коде.

Кодовая база активно использует xAI CLI installer (https://x.ai/cli/install.sh), и три переменные окружения (GROK_DEPLOYMENT_KEY, GROK_API_KEY, XAI_API_KEY) с явно определённым приоритетом. Текущее изменение удалило эту критическую информацию целиком.

Согласно coding guidelines, требовалось обновить формулировки (убрать device-auth/device-code язык), а не удалять всю Grok-специфичную документацию. Рекомендуемое решение:

• Сохранить унифицированное описание OAuth для всех провайдеров
• Добавить раздел с Grok-специфичными деталями: xAI CLI installer источник, env vars и их приоритет
• Убедиться, что для Grok нет упоминаний device-auth/device-code потока

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@README.md` at line 31, Restore Grok-specific operational docs in README by
re-adding a Grok section that (1) references the xAI CLI installer URL
(https://x.ai/cli/install.sh), (2) documents the three environment variables
GROK_DEPLOYMENT_KEY, GROK_API_KEY and XAI_API_KEY and their explicit priority
order, and (3) clarifies that Grok uses the unified OAuth flow described for all
providers (keep the generic `login` command text) while removing any mention of
device-auth/device-code for Grok; update the README content near the `login`
description to include this unified OAuth note and a short Grok subsection with
the installer URL and env var priority.

[skulidropek]

AI Session Backup

Commit: fca64b3
Status: failure
Error: failed to list tree for skulidropek/docker-git-sessions@main: stream error: stream ID 1; CANCEL; received from peer

git status

On branch issue-327
Your branch is up to date with 'origin/issue-327'.

Changes not staged for commit:
  (use "git add <file>..." to update what will be committed)
  (use "git restore <file>..." to discard changes in working directory)
	modified:   .github/workflows/check.yml
	modified:   bun.lock
	modified:   package.json
	modified:   pnpm-workspace.yaml

Untracked files:
  (use "git add <file>..." to include in what will be committed)
	.playwright-mcp/
	exports/
	packages/rostender-csv-exporter/

no changes added to commit (use "git add" and/or "git commit -a")