fix(mistral): expand cookie import to Safari, Chrome, and Firefox#1985
fix(mistral): expand cookie import to Safari, Chrome, and Firefox#1985djsavvy wants to merge 2 commits into
Conversation
Mistral's importSession hardcoded preferredBrowsers to [.chrome], bypassing the descriptor's browserCookieOrder. Users signed in via Firefox or Firefox Developer Edition saw "No Mistral session cookies found in browsers." Add a mistralCookieImportOrder preset ([.safari, .chrome, .firefox]) matching the MiMo steipete#1304 precedent, wire it through the descriptor, and change importSession/hasSession to use the descriptor order when no explicit preferredBrowsers are passed (matching the Manus/Perplexity pattern). Also update docs/providers.md and add a focused test.
|
Codex review: needs real behavior proof before merge. Reviewed July 8, 2026, 1:36 AM ET / 05:36 UTC. Summary Reproducibility: yes. from source inspection: current main defaults Mistral Review metrics: 2 noteworthy metrics.
Merge readiness Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch. Rank-up moves:
Proof guidance:
Risk before merge
Maintainer options:
Next step before merge
Maintainer decision needed
Security Review findings
Review detailsBest possible solution: Land a bounded Mistral auto-import path that preserves Chrome first, never falls through to the full default browser list for empty preferences, and includes redacted live proof from the changed cookie source. Do we have a high-confidence way to reproduce the issue? Yes from source inspection: current main defaults Mistral Is this the best way to solve the issue? No, not yet: Chrome-first bounded Mistral Auto is a plausible direction, but the patch still falls back to the full default browser order for empty preferences and lacks real behavior proof. Full review comments:
Overall correctness: patch is incorrect AGENTS.md: found and applied where relevant. Codex review notes: model internal, reasoning high; reviewed against aa401f1d8b74. Label changesLabel changes:
Label justifications:
Evidence reviewedWhat I checked:
Likely related people:
What the crustacean ranks mean
Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics. How this review workflow works
Review history (1 earlier review cycle)
|
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 3a37002ec3
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| /// Other Chromium forks stay on Manual import to avoid scanning the full default order. | ||
| public static var mistralCookieImportOrder: BrowserCookieImportOrder? { | ||
| #if os(macOS) | ||
| [.safari, .chrome, .firefox] |
There was a problem hiding this comment.
Skip invalid earlier browser sessions before retrying
When a user has an old or unauthorized Mistral ory_session_* cookie in Safari (or Chrome) and a valid session in a later browser, this new Safari → Chrome → Firefox order can make auto-import fail instead of falling through. MistralCookieImporter returns the first browser with any ory_session_*, and the invalidCredentials retry in MistralWebFetchStrategy clears the cache but calls resolveCookieHeader(false), which re-imports with this same order and picks the same bad source again, so Chrome/Firefox are never tried after the 401/403.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
Good catch. Updated to Chrome → Firefox → Safari in 525aabd so Chrome stays first — no regression from the original Chrome-only behavior. Firefox is still covered; Safari moved to last for Full Disk Access users.
The deeper issue (importSession returning the first browser with any ory_session_* cookie, without trying the next browser on 401/403) is a pre-existing design limitation shared by MiMo and other providers. Happy to address it in a follow-up if maintainers want a multi-session retry approach like ManusCookieImporter.importSessions.
Avoids regression where a stale Safari session could block a valid Chrome or Firefox session (Codex review feedback on steipete#1985). Chrome first preserves the original Chrome-only behavior; Firefox still detected; Safari follows for Full Disk Access users.
|
made chrome first |
Mistral's importSession hardcoded preferredBrowsers to [.chrome], bypassing the descriptor's browserCookieOrder. Users signed in via Firefox or Firefox Developer Edition saw "No Mistral session cookies found in browsers."
Add a mistralCookieImportOrder preset ([.safari, .chrome, .firefox]) matching the MiMo #1304 precedent, wire it through the descriptor, and change importSession/hasSession to use the descriptor order when no explicit preferredBrowsers are passed (matching the Manus/Perplexity pattern).
Heads up that Ollama seems to have the same bug, but I didn't address that here.
The PR was generated with a Hermes agent, but I gave it a review as well.