Skip to content

fix: accept api_token as an alias for token in sf login#265

Merged
sigmachirality merged 1 commit into
mainfrom
indent-2026-05-21-console-login
May 21, 2026
Merged

fix: accept api_token as an alias for token in sf login#265
sigmachirality merged 1 commit into
mainfrom
indent-2026-05-21-console-login

Conversation

@sigmachirality
Copy link
Copy Markdown
Member

@sigmachirality sigmachirality commented May 21, 2026
edited
Loading

Summary

  • Accept either token or api_token in the getSession polling response so the CLI is forward- and backward-compatible across the cutover.

Motivation

Field rename — the polling response uses api_token on console where the old site used token. The newer rust CLI already tolerates both; this PR brings the standalone sf cli in line so it keeps working both before and after the DNS flip to sfcompute.com -> console.sfcompute.com.

Testing

  • bun run check — clean.
  • bunx biome ci . — clean (only pre-existing warnings).
  • bun run test — 9 / 9 pass.
  • Manual sf login end-to-end against console pending from a human; @Gii2000 already verified the JWT flow on both sites.

@sigmachirality sigmachirality added the indent label May 21, 2026 — with indent
@semanticdiff-com
Copy link
Copy Markdown

semanticdiff-com Bot commented May 21, 2026
edited
Loading

Review changes with  SemanticDiff

Changed Files
File Status
  src/lib/login.ts  17% smaller

@indent
Copy link
Copy Markdown
Contributor

indent Bot commented May 21, 2026
edited
Loading

PR Summary

Makes the sf login polling code forward-compatible with a potential server-side rename of the auth-token field, without changing any URLs or defaults. Scope was reduced from the original PR (which also flipped webapp_url to console.sfcompute.com and prefixed the session paths with /api) to just this single defensive change.

  • getSession in src/lib/login.ts now reads data.token ?? data.api_token so the CLI keeps working if the field is renamed to api_token server-side.

Issues

All clear! No issues remaining. 🎉

1 issue already resolved
  • Upgraded users with a persisted webapp_url will break on sf login: loadConfig lets the on-disk value shadow the new default, and several call sites (src/index.ts:56, src/lib/images/utils.ts, src/lib/posthog.ts, clearAuthFromConfig) already persist the merged config containing the old https://sfcompute.com, so the CLI will POST to https://sfcompute.com/api/cli/session (old host, new path) and fail unless the marketing domain proxies it. (fixed by commit dfdc781)

CI Checks

All CI checks passed on 7f48f08.

@capy-ai
Copy link
Copy Markdown

capy-ai Bot commented May 21, 2026

Capy auto-review is paused for this organization because the monthly auto-review limit has been reached. Increase the limit or turn it off in billing settings to resume automatic reviews.

indent[bot]
indent Bot reviewed May 21, 2026
View reviewed changes
Comment thread src/helpers/config.ts Outdated
@sigmachirality sigmachirality self-assigned this May 21, 2026
@sigmachirality sigmachirality changed the title feat: route sf login through console.sfcompute.com feat: route sf login through new frontend May 21, 2026
@sigmachirality
feat: accept api_token as an alias for token in sf login
dfdc781 
The CLI session polling endpoint returns the auth JWT under the `token`
field today. Accept `api_token` as a fallback so the CLI stays
compatible if the field is renamed server-side.
@indent indent Bot force-pushed the indent-2026-05-21-console-login branch from 7f48f08 to dfdc781 Compare May 21, 2026 21:51
@indent indent Bot changed the title feat: route sf login through new frontend feat: accept api_token as an alias for token in sf login May 21, 2026
@sigmachirality sigmachirality changed the title feat: accept api_token as an alias for token in sf login fix: accept api_token as an alias for token in sf login May 21, 2026
@Gii2000 Graphite App
Copy link
Copy Markdown
Contributor

Gii2000 commented May 21, 2026

Just spitballing an alternative, but we can make the Console just reply with token instead of api_token to match the old website. I have no idea why we renamed it in the first place

Gii2000
Gii2000 approved these changes May 21, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@Gii2000 Gii2000 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

@sigmachirality
Copy link
Copy Markdown
Member Author

sigmachirality commented May 21, 2026
edited
Loading

Just spitballing an alternative, but we can make the Console just reply with token instead of api_token to match the old website. I have no idea why we renamed it in the first place

I'd like to ship this as well to get defense in depth

@sigmachirality sigmachirality merged commit 6b52a19 into main May 21, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@indent indent[bot] indent[bot] left review comments

@Gii2000 Gii2000 Gii2000 approved these changes

@joshi4 joshi4 Awaiting requested review from joshi4

@Sladuca Sladuca Awaiting requested review from Sladuca

Assignees

@sigmachirality sigmachirality

Labels

indent

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sigmachirality @Gii2000