Harden Panda Claude auth: exchange retry, chat-time re-login, token h…#22
Merged
Conversation
…ygiene Builds on the macOS keychain auth detection already committed in 2b08b21 ("support keychain claude login"). - Security (L1): app_panda_login no longer returns the ccr- proxy key to the renderer (PandaLoginResult { ok }); the key is persisted Rust-side only and the frontend re-reads settings instead of round-tripping the token through JS. - Exchange retry (#2): exchange_code_for_key retries transient failures (transport error / HTTP 5xx / 429) with exponential backoff (300ms, 600ms); the documented terminal 400 codes are surfaced immediately and never retried (the code is single-use). - Chat-time re-login (#1): on the proxy path, a turn that fails with an auth error (revoked/expired key -> BE 401) now emits ChatEvent::AuthExpired instead of a generic error. The chat store raises a needsPandaReauth flag and a new PandaReauthBanner offers a one-click "Sign in again" wired to the sign-in flow. Includes looks_like_auth_failure detection (gated to use_panda_cloud) + tests. Tests: Rust 164 passed, JS 420 passed. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
…ygiene
Builds on the macOS keychain auth detection already committed in 2b08b21 ("support keychain claude login").
Security (L1): app_panda_login no longer returns the ccr- proxy key to the renderer (PandaLoginResult { ok }); the key is persisted Rust-side only and the frontend re-reads settings instead of round-tripping the token through JS.
Exchange retry (Auto-name projects + declutter the file list #2): exchange_code_for_key retries transient failures (transport error / HTTP 5xx / 429) with exponential backoff (300ms, 600ms); the documented terminal 400 codes are surfaced immediately and never retried (the code is single-use).
Chat-time re-login (Fix desktop STL download: native Save As instead of dead HTTP route #1): on the proxy path, a turn that fails with an auth error (revoked/expired key -> BE 401) now emits ChatEvent::AuthExpired instead of a generic error. The chat store raises a needsPandaReauth flag and a new PandaReauthBanner offers a one-click "Sign in again" wired to the sign-in flow. Includes looks_like_auth_failure detection (gated to use_panda_cloud) + tests.
Tests: Rust 164 passed, JS 420 passed.