feat(ENG-12652): suspense mre and debug log#129
Merged
adefreitas merged 5 commits intoStackOneHQ:mainfrom Apr 14, 2026
Merged
Conversation
Adds a second tab to the dev app that replicates the client's Relay setup (Suspense, useLazyLoadQuery network-only, @required, startTransition) to reproduce the unstable QueryClient bug seen in hub v1.0.1. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
adefreitas
changed the title
Contributor
There was a problem hiding this comment.
Pull request overview
This PR adds a Relay + React Suspense minimal reproducible example (MRE) to the dev/ playground and introduces an optional debug flag that traces Integration Picker connection-state updates for easier OAuth troubleshooting.
Changes:
- Add Relay tooling/config (Relay compiler script, Relay config/schema, Vite Relay plugin, Babel config) and generated Relay artifacts for the MRE.
- Add a new
SuspenseMREdev tab and supporting Relay environment to reproduce/debug Suspense + token creation flows. - Thread a new optional
debugprop throughStackOneHub→Hub→IntegrationPicker→useIntegrationPickerand tracesetConnectionStatecalls when enabled.
Reviewed changes
Copilot reviewed 13 out of 17 changed files in this pull request and generated 8 comments.
Show a summary per file
| File | Description |
|---|---|
vite.config.ts |
Adds Relay Vite plugin and changes dev server port. |
src/modules/integration-picker/hooks/useIntegrationPicker.ts |
Adds debug prop and traces connection-state updates. |
src/modules/integration-picker/IntegrationPicker.tsx |
Adds debug prop wiring and removes feature-flag gating around content. |
src/StackOneHub.tsx |
Adds debug prop and forwards it into Hub. |
src/Hub.tsx |
Adds debug prop and forwards it into IntegrationPicker. |
relay.config.json |
Configures Relay compiler to use the dev/ schema and sources. |
package.json |
Adds Relay/Babel dependencies and a relay script. |
package-lock.json |
Locks newly added Relay/Babel dependencies. |
dev/schema.graphql |
Adds a local schema used by Relay compiler/MRE. |
dev/main.tsx |
Adds tab UI and Integration ID input; mounts SuspenseMRE. |
dev/main.css |
Adds styles for the new tab bar. |
dev/SuspenseMRE.tsx |
New Suspense + Relay MRE flow for reproducing OAuth issues. |
dev/RelayEnvironment.ts |
Adds a Relay environment with mocked provider query + real-ish session creation. |
dev/__generated__/SuspenseMREProvidersQuery.graphql.ts |
Relay generated artifact for the providers query. |
dev/__generated__/SuspenseMRECreateSessionMutation.graphql.ts |
Relay generated artifact for session creation mutation. |
dev/__generated__/SuspenseMREConfirmAccountMutation.graphql.ts |
Relay generated artifact for confirm-account mutation. |
babel.config.json |
Adds Babel preset config (supporting Relay transforms). |
Files not reviewed (3)
- dev/generated/SuspenseMREConfirmAccountMutation.graphql.ts: Language not supported
- dev/generated/SuspenseMRECreateSessionMutation.graphql.ts: Language not supported
- dev/generated/SuspenseMREProvidersQuery.graphql.ts: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
0 issues found across 10 files (changes from recent commits).
Requires human review: Large PR introducing Relay infrastructure and dev tools. Most importantly, it removes the 'hub_link_account_release' feature flag, which is a production logic change requiring human review.
There was a problem hiding this comment.
5 issues found across 17 files
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="dev/main.tsx">
<violation number="1" location="dev/main.tsx:52">
P2: `fetchToken` now uses `integrationId` but does not include it in `useCallback` dependencies, which can send stale `integration_id` values in token requests.</violation>
</file>
<file name="vite.config.ts">
<violation number="1" location="vite.config.ts:8">
P3: The default dev server port was changed to 3001, but repository docs still instruct developers to use localhost:3000. Keep the configured default aligned with docs or update the docs in the same PR.</violation>
</file>
<file name="package.json">
<violation number="1" location="package.json:53">
P2: Remove the self-dependency from `devDependencies`; a package should not depend on itself.</violation>
</file>
<file name="dev/RelayEnvironment.ts">
<violation number="1" location="dev/RelayEnvironment.ts:26">
P1: Custom agent: **Flag Security Vulnerabilities**
Enforce HTTPS for `VITE_API_URL` before making the request; current code allows insecure `http://` transport for session creation.</violation>
<violation number="2" location="dev/RelayEnvironment.ts:45">
P0: Custom agent: **Flag Security Vulnerabilities**
Do not use `VITE_*` client-side env vars for API keys. This exposes credentials in the browser and leaks secrets via Authorization headers; move this call behind a trusted backend.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
| method: 'POST', | ||
| headers: { | ||
| 'Content-Type': 'application/json', | ||
| Authorization: `Basic ${encodedApiKey}`, |
There was a problem hiding this comment.
P0: Custom agent: Flag Security Vulnerabilities
Do not use VITE_* client-side env vars for API keys. This exposes credentials in the browser and leaks secrets via Authorization headers; move this call behind a trusted backend.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At dev/RelayEnvironment.ts, line 45:
<comment>Do not use `VITE_*` client-side env vars for API keys. This exposes credentials in the browser and leaks secrets via Authorization headers; move this call behind a trusted backend.</comment>
<file context>
@@ -0,0 +1,87 @@
+ method: 'POST',
+ headers: {
+ 'Content-Type': 'application/json',
+ Authorization: `Basic ${encodedApiKey}`,
+ },
+ body: JSON.stringify(requestBody),
</file context>
| } | ||
|
|
||
| if (operation.name === 'SuspenseMRECreateSessionMutation') { | ||
| const apiUrl = import.meta.env.VITE_API_URL ?? 'https://api.stackone.com'; |
There was a problem hiding this comment.
P1: Custom agent: Flag Security Vulnerabilities
Enforce HTTPS for VITE_API_URL before making the request; current code allows insecure http:// transport for session creation.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At dev/RelayEnvironment.ts, line 26:
<comment>Enforce HTTPS for `VITE_API_URL` before making the request; current code allows insecure `http://` transport for session creation.</comment>
<file context>
@@ -0,0 +1,87 @@
+ }
+
+ if (operation.name === 'SuspenseMRECreateSessionMutation') {
+ const apiUrl = import.meta.env.VITE_API_URL ?? 'https://api.stackone.com';
+ const apiKey = import.meta.env.VITE_STACKONE_API_KEY ?? '';
+ const encodedApiKey = btoa(apiKey);
</file context>
| origin_owner_name: originOwnerName, | ||
| origin_username: originUsername, | ||
| account_id: accountId !== '' && accountId != null ? accountId : undefined, | ||
| integration_id: integrationId !== '' && integrationId != null ? integrationId : undefined, |
There was a problem hiding this comment.
P2: fetchToken now uses integrationId but does not include it in useCallback dependencies, which can send stale integration_id values in token requests.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At dev/main.tsx, line 52:
<comment>`fetchToken` now uses `integrationId` but does not include it in `useCallback` dependencies, which can send stale `integration_id` values in token requests.</comment>
<file context>
@@ -43,6 +49,7 @@ const HubWrapper: React.FC = () => {
origin_owner_name: originOwnerName,
origin_username: originUsername,
account_id: accountId !== '' && accountId != null ? accountId : undefined,
+ integration_id: integrationId !== '' && integrationId != null ? integrationId : undefined,
},
});
</file context>
| "@rollup/plugin-replace": "^6.0.2", | ||
| "@rollup/plugin-terser": "^0.4.4", | ||
| "@rollup/plugin-typescript": "^12.1.2", | ||
| "@stackone/hub": "^1.0.1", |
There was a problem hiding this comment.
P2: Remove the self-dependency from devDependencies; a package should not depend on itself.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At package.json, line 53:
<comment>Remove the self-dependency from `devDependencies`; a package should not depend on itself.</comment>
<file context>
@@ -42,23 +43,31 @@
"@rollup/plugin-replace": "^6.0.2",
"@rollup/plugin-terser": "^0.4.4",
"@rollup/plugin-typescript": "^12.1.2",
+ "@stackone/hub": "^1.0.1",
"@types/node": "^22.15.17",
"@types/react": "^18.3.23",
</file context>
| plugins: [relay, react()], | ||
| server: { | ||
| port: 3000, | ||
| port: 3001, |
There was a problem hiding this comment.
P3: The default dev server port was changed to 3001, but repository docs still instruct developers to use localhost:3000. Keep the configured default aligned with docs or update the docs in the same PR.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At vite.config.ts, line 8:
<comment>The default dev server port was changed to 3001, but repository docs still instruct developers to use localhost:3000. Keep the configured default aligned with docs or update the docs in the same PR.</comment>
<file context>
@@ -1,10 +1,11 @@
+ plugins: [relay, react()],
server: {
- port: 3000,
+ port: 3001,
// hmr: true,
},
</file context>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary by cubic
Adds a Suspense-based Relay MRE in the dev app to reproduce the OAuth regression (ENG-12652). Adds a
debugflag,integrationIdsupport, dev tab UI, and Relay tooling.New Features
useLazyLoadQuerynetwork-only,@required,startTransition).debugprop acrossHub→StackOneHub→ Integration Picker; traces connection state transitions.integrationIdinput, andintegration_idpassed to session creation.hub_link_account_releaseflag).Dependencies
react-relay,relay-runtime,relay-compiler,babel-plugin-relay,vite-plugin-relay,graphql, and@babel/preset-typescript.Written for commit fabe1cd. Summary will update on new commits.