campfirein · bao-byterover · May 27, 2026 · May 26, 2026 · github-actions · May 26, 2026
@@ -223,7 +223,7 @@ export class AuthHandler {
           return {isAuthorized: false}
         }
 
-        const {projectPath} = data
+        const projectPath = data?.projectPath
         const [user, brvConfig] = await Promise.all([
           this.userService.getCurrentUser(token.sessionKey),
           projectPath ? this.projectConfigStore.read(projectPath) : Promise.resolve(),

@@ -13,7 +13,7 @@ export const AuthEvents = {
 } as const
 
 export interface AuthGetStateRequest {
-  projectPath: string
+  projectPath?: string
 }
-}
+export interface AuthGetStateRequest {
+  /** Project-scoped lookup for `brvConfig` (space/team). Omit to skip the lookup and return auth-only state. */
+  projectPath?: string
+}
-}
+export interface AuthGetStateRequest {
+  /** Project-scoped lookup for `brvConfig` (space/team). Omit to skip the lookup and return auth-only state. */
+  projectPath?: string
+}
 
 export interface AuthGetStateResponse {

@@ -82,6 +82,39 @@ function createTestBrvConfig(): BrvConfig {
 
 // ==================== Tests ====================
 
+function makeValidTokenStoreFixture(): ITokenStore {
+  return {
+    clear: stub().resolves(),
+    load: stub().resolves(createValidToken()),
+    save: stub().resolves(),
+  } as unknown as ITokenStore
+}
+
+function makeMissingTokenStoreFixture(): ITokenStore {
+  return {
+    clear: stub().resolves(),
+    load: stub().resolves(),
+    save: stub().resolves(),
+  } as unknown as ITokenStore
+}
+
+function makeExpiredTokenStoreFixture(): ITokenStore {
+  const expired = new AuthToken({
+    accessToken: 'expired-access',
+    expiresAt: new Date(Date.now() - 60_000),
+    refreshToken: 'expired-refresh',
+    sessionKey: 'expired-session',
+    tokenType: 'Bearer',
+    userEmail: 'test@example.com',
+    userId: 'user-123',
+  })
+  return {
+    clear: stub().resolves(),
+    load: stub().resolves(expired),
+    save: stub().resolves(),
+  } as unknown as ITokenStore
+}
+
 function createMockProviderConfigStore(
   options: {isConnected?: boolean} = {},
 ): SinonStubbedInstance<IProviderConfigStore> {
@@ -524,4 +557,62 @@ describe('AuthHandler — setupExternalAuthSync', () => {
         .to.be.lessThan(callOrder.indexOf('LOGIN_COMPLETED'))
     })
   })
+
+  describe('setupGetState', () => {
+    it('returns isAuthorized=true and skips brvConfig when body is undefined (TUI sends no body)', async () => {
+      createHandler({tokenStore: makeValidTokenStoreFixture()})
+      const handler = transport._handlers.get(AuthEvents.GET_STATE)!
+
+
+      const result = await handler(undefined, 'client-1')
+
+      expect(result.isAuthorized).to.equal(true)
+      expect(result.user).to.deep.include({email: 'test@example.com', id: 'user-123'})
+      expect(result.brvConfig).to.equal(undefined)
+      expect(result.authToken).to.have.property('accessToken', 'test-access-token')
+      expect(projectConfigStore.read.called, 'projectConfigStore.read should not be called without projectPath').to.be
+        .false
+    })
+
+    it('returns full state including brvConfig when body has projectPath (WebUI happy path)', async () => {
+      createHandler({tokenStore: makeValidTokenStoreFixture()})
+      const handler = transport._handlers.get(AuthEvents.GET_STATE)!
+
+      const result = await handler({projectPath: '/foo'}, 'client-1')
+
+      expect(result.isAuthorized).to.equal(true)
+      expect(result.brvConfig).to.deep.include({spaceId: 'space-1', teamId: 'team-1'})
+      expect(projectConfigStore.read.calledOnceWith('/foo')).to.be.true
+    })
+
+    it('returns isAuthorized=true and skips brvConfig when body is empty object', async () => {
+      createHandler({tokenStore: makeValidTokenStoreFixture()})
+      const handler = transport._handlers.get(AuthEvents.GET_STATE)!
+
+      const result = await handler({}, 'client-1')
+
+      expect(result.isAuthorized).to.equal(true)
+      expect(result.brvConfig).to.equal(undefined)
+      expect(projectConfigStore.read.called).to.be.false
+    })
+
+    it('returns isAuthorized=false when token is missing, regardless of body', async () => {
+      createHandler({tokenStore: makeMissingTokenStoreFixture()})
+      const handler = transport._handlers.get(AuthEvents.GET_STATE)!
+
+
+      const result = await handler(undefined, 'client-1')
+
+      expect(result).to.deep.equal({isAuthorized: false})
+    })
+
+    it('returns isAuthorized=false when token is expired, regardless of body', async () => {
+      createHandler({tokenStore: makeExpiredTokenStoreFixture()})
+      const handler = transport._handlers.get(AuthEvents.GET_STATE)!
+
+      const result = await handler({projectPath: '/foo'}, 'client-1')
+
+      expect(result).to.deep.equal({isAuthorized: false})
+    })
+  })
 })