fix(oauth): stabilize first-launch OAuth CI readiness

[YOMXXX]

Summary

• Restores the first-launch desktop OAuth flow from fix(oauth): sign-in failed on first launch (oauth flow) (#1689) #2247 while unblocking the failing CI surfaces.
• Keeps the runtime readiness gate before launching OAuth in Tauri so first-launch sign-in waits for core/auth readiness.
• Stabilizes legacy OAuth provider tests by mocking the new readiness preflight in Tauri-mode unit tests.
• Makes the E2E-only window.__simulateDeepLink helper fire-and-forget, matching production onOpenUrl behavior so WebDriver does not block on auth readiness.
• Keeps auth readiness focused on core-mode selection plus core RPC reachability, so first-login callbacks are not blocked by CoreStateProvider bootstrap.
• Adds regression coverage for the non-blocking deep-link helper path.

Problem

• fix(oauth): sign-in failed on first launch (oauth flow) (#1689) #2247 fixes first-launch OAuth readiness, but its PR branch is not writable from this maintainer account, and CI is currently red.
• Frontend unit and coverage jobs fail because legacy provider tests exercise Tauri mode without mocking the new readiness preflight.
• Linux E2E times out because browser.execute(async () => await window.__simulateDeepLink(...)) waits on the full auth callback path, including readiness waits.
• The PR checklist also had the diff coverage item unchecked.

Solution

• Mock prepareOAuthLoginLaunch() in the legacy Google/GitHub/Discord/Twitter OAuth tests, preserving their existing URL/openUrl assertions while isolating the readiness preflight.
• Change __simulateDeepLink to schedule handleDeepLinkUrls() without awaiting it, which matches the real desktop deep-link listener's fire-and-forget handler.
• Treat CoreStateProvider bootstrap as observational logging rather than a hard auth-readiness gate; core mode plus a successful core RPC ping are the required login preconditions.
• Dismiss the runtime picker before E2E auth deep-link simulation so raw mega-flow auth callbacks also commit a core mode before readiness checks.
• Treat the E2E default local core mode as an auth-readiness core mode when no explicit localStorage marker exists.
• Add a desktop deep-link listener unit test proving the E2E helper resolves immediately while the auth readiness path continues asynchronously.
• This PR supersedes fix(oauth): sign-in failed on first launch (oauth flow) (#1689) #2247 because the original contributor fork rejected direct pushes from YOMXXX despite maintainerCanModify=true.

Submission Checklist

If a section does not apply to this change, mark the item as N/A with a one-line reason. Do not delete items.

• Tests added or updated (happy path + at least one failure / edge case) per Testing Strategy
• Diff coverage ≥ 80% — changed lines (Vitest + cargo-llvm-cov merged via diff-cover) meet the gate enforced by .github/workflows/coverage.yml. Run pnpm test:coverage and pnpm test:rust locally; PRs below 80% on changed lines will not merge.
• Coverage matrix updated — N/A: behavior/test stabilization for existing OAuth sign-in flow; no feature row added/removed/renamed.
• All affected feature IDs from the matrix are listed in the PR description under ## Related — N/A: no matrix feature IDs changed.
• No new external network dependencies introduced (mock backend used per Testing Strategy)
• Manual smoke checklist updated if this touches release-cut surfaces (docs/RELEASE-MANUAL-SMOKE.md) — N/A: no release smoke procedure changed.
• Linked issue closed via Closes #NNN in the ## Related section

Impact

• Desktop OAuth first-launch sign-in is more reliable because OAuth launch still waits for readiness before opening the external browser.
• E2E-only deep-link simulation no longer blocks WebDriver script execution on long auth readiness waits.
• No new runtime dependency, migration, storage, or security surface.
• Web OAuth behavior is unchanged.

Related

• Closes: Closes Signing in for first time issue #1689
• Follow-up PR(s)/TODOs: Supersedes fix(oauth): sign-in failed on first launch (oauth flow) (#1689) #2247 because the original head branch is not writable from this fork.

---

AI Authored PR Metadata (required for Codex/Linear PRs)

Keep this section for AI-authored PRs. For human-only PRs, mark each field N/A.

Linear Issue

• Key: N/A
• URL: N/A

Commit & Branch

• Branch: fix/2247-oauth-ci-readiness
• Commit SHA: 3367058b145a37566dcd377198b2881a977ce3cd

Validation Run

• pnpm --filter openhuman-app format:check (via pre-push hook)
• pnpm typecheck
• Focused tests:
  • pnpm debug unit test/OAuthTwitter.test.tsx
  • pnpm debug unit src/utils/__tests__/desktopDeepLinkListener.test.ts
  • pnpm debug unit test/OAuthGitHub.test.tsx test/OAuthDiscord.test.tsx test/OAuthLoginSection.test.tsx
  • pnpm debug unit src/components/oauth/__tests__/OAuthProviderButton.test.tsx src/components/oauth/__tests__/oauthAuthReadiness.test.ts
  • pnpm debug unit src/components/oauth/__tests__/oauthAuthReadiness.test.ts src/utils/__tests__/desktopDeepLinkListener.test.ts src/components/oauth/__tests__/OAuthProviderButton.test.tsx test/OAuthTwitter.test.tsx
  • pnpm debug unit src/utils/__tests__/configPersistence.test.ts src/components/oauth/__tests__/oauthAuthReadiness.test.ts src/utils/__tests__/desktopDeepLinkListener.test.ts
  • pnpm debug unit
  • pnpm test:coverage
  • pnpm --dir app exec eslint src/utils/desktopDeepLinkListener.ts src/utils/__tests__/desktopDeepLinkListener.test.ts test/OAuthTwitter.test.tsx test/OAuthGitHub.test.tsx test/OAuthDiscord.test.tsx test/OAuthLoginSection.test.tsx --ext .ts,.tsx --max-warnings=0
• Rust fmt/check (if changed): cargo fmt --manifest-path ../Cargo.toml --all --check, cargo fmt --manifest-path src-tauri/Cargo.toml --all --check, and GGML_NATIVE=OFF pnpm rust:check via pre-push hook
• Tauri fmt/check (if changed): cargo fmt --manifest-path app/src-tauri/Cargo.toml --all --check and GGML_NATIVE=OFF pnpm rust:check via pre-push hook

Validation Blocked

• command: N/A
• error: N/A
• impact: N/A. Local macOS/Tahoe rust:check requires the documented GGML_NATIVE=OFF workaround for whisper-rs-sys/-mcpu=native; validation passed with that env var.

Behavior Changes

• Intended behavior change: first-launch Tauri OAuth launch waits for runtime readiness, and E2E deep-link simulation no longer blocks the WebDriver script on asynchronous auth completion.
• User-visible effect: desktop first-launch sign-in should complete reliably instead of racing core/auth initialization.

Parity Contract

• Legacy behavior preserved: web OAuth redirects and Tauri openUrl() URL construction remain unchanged.
• Guard/fallback/dispatch parity checks: existing provider tests still cover Google/GitHub/Discord/Twitter web and Tauri branches; deep-link listener test covers readiness failure and async helper behavior.

Duplicate / Superseded PR Handling

• Duplicate PR(s): fix(oauth): sign-in failed on first launch (oauth flow) (#1689) #2247
• Canonical PR: this PR
• Resolution (closed/superseded/updated): fix(oauth): sign-in failed on first launch (oauth flow) (#1689) #2247 could not be updated directly because git push git@github.com:CodeGhost21/openhuman.git HEAD:cursor/a02-1689-signin-failed-first-time was rejected with Permission denied to YOMXXX.

Summary by CodeRabbit

• New Features

  • OAuth sign-in adds a readiness gate that checks local runtime availability, surfaces clear user-facing messages when sign-in can’t proceed, and runs a short preflight on supported desktop builds before launching provider flows.
  • Deep-link sign-ins coordinate lifecycle steps for more reliable handling across environments; E2E helpers now treat auth deep links to bypass boot checks when appropriate.
  • Config lookup supports an E2E default core-mode fallback.

• Tests

  • Expanded tests for OAuth readiness, deep-link lifecycle, launch preparation, desktop flows, and config fallbacks.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Adds an OAuth readiness gate, a short desktop preflight, and deep-link lifecycle coordination: provider button starts and completes deep-link processing and awaits a quick readiness preflight on Tauri; the deep-link listener blocks when the OAuth gate reports not-ready; tests and re-exports updated.

Changes

OAuth readiness gating and first-launch sign-in fix

Layer / File(s)	Summary
OAuth readiness gating: types and core logic app/src/components/oauth/oauthAuthReadiness.ts	Exports readiness types and implements ping, conditional local-core start, two-phase polling (persisted mode → ping), oauthAuthReadinessUserMessage(), and prepareOAuthLoginLaunch() preflight.
OAuth readiness validation tests app/src/components/oauth/__tests__/oauthAuthReadiness.test.ts	Mocks core state, persisted mode, Tauri flag, boot-check transport, and RPC; verifies unset-mode, reachable/unreachable core, bootstrap polling, and non-Tauri behavior.
OAuthProviderButton: imports, logging, and helpers app/src/components/oauth/OAuthProviderButton.tsx	Adds deep-link auth helper imports, structured logging, and startup-failure message handling.
OAuthProviderButton: readiness and deep-link coordination app/src/components/oauth/OAuthProviderButton.tsx	Begins deep-link auth processing on click, awaits prepareOAuthLoginLaunch() for Tauri as a preflight, completes deep-link processing on preflight failure, proceeds with OAuth startup, and calls completeDeepLinkAuthProcessing() after success or on error.
Deep-link listener: readiness validation during callback app/src/utils/desktopDeepLinkListener.ts	Replaces legacy wait helper with waitForOAuthAuthReadiness() during auth callback handling; blocks and surfaces oauthAuthReadinessUserMessage() when not ready and updates dev simulator to async.
Deep-link integration tests app/src/utils/__tests__/desktopDeepLinkListener.test.ts, app/src/components/oauth/__tests__/OAuthProviderButton.test.tsx	Asserts beginDeepLinkAuthProcessing, completeDeepLinkAuthProcessing, prepareOAuthLoginLaunch, and backend-health checks are invoked by the provider button; adds deep-link handler tests for readiness-blocked and manual-resolution scenarios.
OAuth version gate re-exports app/src/utils/oauthAppVersionGate.ts	Re-exports waitForOAuthAuthReadiness, prepareOAuthLoginLaunch, oauthAuthReadinessUserMessage, and associated types.
OAuth provider test setup harmonization app/test/OAuthDiscord.test.tsx, app/test/OAuthGitHub.test.tsx, app/test/OAuthLoginSection.test.tsx, app/test/OAuthTwitter.test.tsx	Adds and resets hoisted mockPrepareOAuthLoginLaunch and wires it through oauthAppVersionGate mocks for consistent provider test behavior.
E2E deep-link helpers app/test/e2e/helpers/deep-link-helpers.ts	Adds isAuthDeepLink() classifier and dismisses inline BootCheckGate early for auth deep links in triggerDeepLink.
Config persistence E2E fallback app/src/utils/configPersistence.ts, app/src/utils/__tests__/configPersistence.test.ts	Imports E2E_DEFAULT_CORE_MODE and adds fallback behavior; adds test verifying fallback to 'local' when storage missing.
Repo metadata .github/tauri-cef-expected-sha	Updates stored expected SHA-1 value.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• tinyhumansai/openhuman#2147: Both PRs modify app/src/components/oauth/OAuthProviderButton.tsx around the same pre-flight / backend-unhealthy early-return and deep-link wiring.

Suggested reviewers

• senamakel
• graycyrus

"🐰 I hopped through code, a tiny, earnest critter,
Preflight checked the core so sign-ins no longer fritter,
Deep-links begin, then finish with care,
Tests proof the path, and re-exports share —
Fresh installs now greet logins without a jitter."

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly identifies the main fix: stabilizing first-launch OAuth CI readiness through a readiness gate before OAuth launch, which is reflected in the changeset's OAuth readiness implementation and integration points.
Linked Issues check	✅ Passed	The PR fully addresses both linked issues by implementing OAuth auth-readiness gate (#2247) with core-mode polling and core.ping verification, integrating it into OAuthProviderButton and desktopDeepLinkListener, adding comprehensive unit tests, and achieving ≥80% diff coverage to resolve first-launch sign-in failures (#1689).
Out of Scope Changes check	✅ Passed	All changes are directly scoped to implementing the OAuth readiness gate, integrating it into OAuth flows, updating related tests, and the E2E helper modification to support fire-and-forget deep-link simulation; the .github/tauri-cef-expected-sha update is incidental to testing infrastructure.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@app/src/components/oauth/oauthAuthReadiness.ts`:
- Line 32: Replace all direct console calls in oauthAuthReadiness.ts (e.g., the
console.debug(`${logPrefix} core.ping probe failed`, err) and the other
console.debug/console.warn/console.error occurrences noted around the referenced
ranges) with the project’s namespaced debug logger: import or obtain the
module-specific debug instance (e.g., const debug =
createDebug('oauth:authReadiness') or using the project helper) and call
debug(...) for normal messages and debug(... /* dev-only details */) or
debug.extend('warn')/debug.extend('error') (or the project’s recommended
pattern) for warnings/errors, passing the same message, logPrefix and err
objects; update every instance (lines referenced: 32, 46-49, 77, 88-92, 100-105,
135) to use that namespaced debug function so logs are consistent and grep-able.
- Line 5: Replace the local utils import of isTauri with the standardized export
from the webview account service: import isTauri from (or { isTauri } depending
on that module's export) app/src/services/webviewAccountService.ts and update
any existing calls to use that symbol; if the service exposes isTauri as a named
export use { isTauri }, if it is the default export import accordingly so all
runtime Tauri checks in oauthAuthReadiness.ts call the approved isTauri
implementation.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 803b757c-c487-44ef-a532-0421e513a429

📥 Commits

Reviewing files that changed from the base of the PR and between 094d482 and 87b7cf7.

📒 Files selected for processing (11)

• app/src/components/oauth/OAuthProviderButton.tsx
• app/src/components/oauth/__tests__/OAuthProviderButton.test.tsx
• app/src/components/oauth/__tests__/oauthAuthReadiness.test.ts
• app/src/components/oauth/oauthAuthReadiness.ts
• app/src/utils/__tests__/desktopDeepLinkListener.test.ts
• app/src/utils/desktopDeepLinkListener.ts
• app/src/utils/oauthAppVersionGate.ts
• app/test/OAuthDiscord.test.tsx
• app/test/OAuthGitHub.test.tsx
• app/test/OAuthLoginSection.test.tsx
• app/test/OAuthTwitter.test.tsx

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@app/src/utils/__tests__/configPersistence.test.ts`:
- Around line 421-435: The test leaks module mocks if the import or assertion
throws; wrap the portion that imports '../configPersistence' and calls
getStoredCoreMode() in a try/finally so vi.doUnmock('../config') and
vi.resetModules() always run; specifically, around the block that imports
'../configPersistence' and calls mod.getStoredCoreMode(), ensure cleanup of the
mock and module registry in the finally, preserving removal of MODE_STORAGE_KEY
before import and using vi.doMock('../config') / vi.doUnmock('../config') and
vi.resetModules() in the finally to avoid mock leakage between tests.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: fc35ed90-850d-4110-abb0-9e3c0570ff25

📥 Commits

Reviewing files that changed from the base of the PR and between bc45e27 and 9d03d8e.

📒 Files selected for processing (2)

• app/src/utils/__tests__/configPersistence.test.ts
• app/src/utils/configPersistence.ts

[YOMXXX]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (2)

app/src/components/oauth/__tests__/OAuthProviderButton.test.tsx (1)

82-84: ⚡ Quick win

Cover the full deep-link lifecycle in this test.

These assertions prove the click path calls beginDeepLinkAuthProcessing(), but the shared getDeepLinkAuthState() mock never transitions with it, so the suite still passes if the component forgets to clear the flag after launching the browser. Making the mock stateful—or asserting the matching completeDeepLinkAuthProcessing() call—would turn this into a real regression guard.

As per coding guidelines, "Prefer testing behavior over implementation details. ... Keep tests deterministic: avoid real network calls, time-sensitive flakes, or hidden global state."

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@app/src/components/oauth/__tests__/OAuthProviderButton.test.tsx` around lines
82 - 84, The test currently only asserts
beginDeepLinkAuthProcessing/prepareOAuthLoginLaunch/checkBackendHealthy but
never verifies the deep-link flag is cleared; update the test to cover the full
lifecycle by either making the getDeepLinkAuthState() mock stateful (so it
returns "processing" after beginDeepLinkAuthProcessing() and "not processing"
after completeDeepLinkAuthProcessing()) or simply add an assertion that
completeDeepLinkAuthProcessing() is called after the click; target the functions
beginDeepLinkAuthProcessing, completeDeepLinkAuthProcessing, and
getDeepLinkAuthState in your changes so the test fails if the component fails to
clear the deep-link state.

app/src/components/oauth/OAuthProviderButton.tsx (1)

89-109: ⚡ Quick win

Use the frontend logger for these new probes.

These new console.warn/console.debug calls bypass the repo’s namespaced logging pattern, so they won’t get the usual filtering/correlation behavior during pnpm dev.

As per coding guidelines, "Use namespaced debug function in TypeScript frontend with dev-only detail logging."

Also applies to: 183-187

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@app/src/components/oauth/OAuthProviderButton.tsx` around lines 89 - 109,
Replace the raw console calls in the checkBackendHealthy promise handler inside
OAuthProviderButton (the block referencing checkBackendHealthy, provider.id,
label, and setStartupError) with the repo's namespaced frontend logger: use the
dev-only namespaced debug function for debug-level messages and the namespaced
logger/warn equivalent for warnings so these probes participate in the app's
logging/filtering; do the same for the other occurrences mentioned (the similar
console.* calls around lines 183-187) and ensure you import/instantiate the same
debug/logger symbol used elsewhere in the frontend.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@app/src/components/oauth/OAuthProviderButton.tsx`:
- Around line 194-196: The new preflight call to prepareOAuthLoginLaunch()
inside the OAuthProviderButton flow can throw a user-facing
readiness/app-version message that is currently swallowed by the generic catch;
update the catch in the OAuthProviderButton click/launch path to preserve and
surface the original error message from prepareOAuthLoginLaunch() (e.g., capture
err.message or the error object) instead of always replacing it with “Google
sign-in could not start.” Ensure the code paths that set the provider banner (or
call showProviderBanner) use the preserved error text when
prepareOAuthLoginLaunch() fails so the actionable guidance is visible to the
user.
- Around line 181-191: The deep-link lifecycle isn't cleared on the successful
handoff path, leaving the global isProcessing/skipDuringDeepLink state set if
the user cancels or never returns; after triggering the browser handoff in the
OAuth flow (the branches that call openUrl(...) or assign window.location.href),
call completeDeepLinkAuthProcessing() immediately (and ensure this is done in
both places identified around beginDeepLinkAuthProcessing()) so
skipDuringDeepLink() stops suppressing focus/visibility/timeout handling; apply
the same fix in the other similar block (lines around the second
openUrl/window.location.href usage referenced in the review).

---

Nitpick comments:
In `@app/src/components/oauth/__tests__/OAuthProviderButton.test.tsx`:
- Around line 82-84: The test currently only asserts
beginDeepLinkAuthProcessing/prepareOAuthLoginLaunch/checkBackendHealthy but
never verifies the deep-link flag is cleared; update the test to cover the full
lifecycle by either making the getDeepLinkAuthState() mock stateful (so it
returns "processing" after beginDeepLinkAuthProcessing() and "not processing"
after completeDeepLinkAuthProcessing()) or simply add an assertion that
completeDeepLinkAuthProcessing() is called after the click; target the functions
beginDeepLinkAuthProcessing, completeDeepLinkAuthProcessing, and
getDeepLinkAuthState in your changes so the test fails if the component fails to
clear the deep-link state.

In `@app/src/components/oauth/OAuthProviderButton.tsx`:
- Around line 89-109: Replace the raw console calls in the checkBackendHealthy
promise handler inside OAuthProviderButton (the block referencing
checkBackendHealthy, provider.id, label, and setStartupError) with the repo's
namespaced frontend logger: use the dev-only namespaced debug function for
debug-level messages and the namespaced logger/warn equivalent for warnings so
these probes participate in the app's logging/filtering; do the same for the
other occurrences mentioned (the similar console.* calls around lines 183-187)
and ensure you import/instantiate the same debug/logger symbol used elsewhere in
the frontend.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: fa9b58ef-fd79-42ee-b14f-32d567b01d14

📥 Commits

Reviewing files that changed from the base of the PR and between bc45e27 and 6f42d64.

📒 Files selected for processing (8)

• app/src/components/oauth/OAuthProviderButton.tsx
• app/src/components/oauth/__tests__/OAuthProviderButton.test.tsx
• app/src/utils/__tests__/configPersistence.test.ts
• app/src/utils/configPersistence.ts
• app/test/OAuthDiscord.test.tsx
• app/test/OAuthGitHub.test.tsx
• app/test/OAuthLoginSection.test.tsx
• app/test/OAuthTwitter.test.tsx

[YOMXXX]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[YOMXXX]

@senamakel #2267 已更新到最新 main，冲突已解决，CI 全部通过（22 success / 2 expected skipped），CodeRabbit 最新 review 已 approved 且无未解决 thread。麻烦再看一下。

[YOMXXX]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[YOMXXX]

@senamakel #2267 已再次同步最新 main，冲突已解决；当前 head 3367058b145a37566dcd377198b2881a977ce3cd，GitHub checks 22 success / 2 skipped / 0 pending / 0 failure，CodeRabbit 最新 review approved，review threads 0 unresolved。麻烦再看一下。

[graycyrus]

Good work stabilizing the first-launch OAuth flow and CI. The deep-link readiness gate in desktopDeepLinkListener.ts is solid — it properly checks the result and blocks when not ready. Test coverage is thorough. However, the button-click path has a critical gap where the readiness check silently no-ops.

Area	Files	Verdict
OAuth readiness	oauthAuthReadiness.ts, OAuthProviderButton.tsx	1 critical
Deep-link listener	desktopDeepLinkListener.ts	Clean
Config persistence	configPersistence.ts	Clean
E2E helpers	deep-link-helpers.ts	Clean
Legacy OAuth tests	OAuth*.test.tsx	Clean (mock plumbing correct)
Tauri CEF SHA	.github/tauri-cef-expected-sha	Trivial newline fix

[YOMXXX]

@graycyrus addressed both review threads in cdf0ed9 and replied inline with details. Ready for another pass when you have a chance.

[senamakel]

huge thanks @YOMXXX 🙌 nailing the first-launch oauth flow while keeping the readiness gate intact is super clean work. really appreciate you stabilizing those legacy provider tests too, this one's a solid unblock 🚀