fix(cli-auth): provision /cli-auth route (was 404 on instanode.dev)#129
Merged
Conversation
User reported "That page is not provisioned" when CLI device-flow emitted `https://instanode.dev/cli-auth?cli_session=…`. The route wasn't defined on the marketing site — it had to be either on the dashboard OR a redirect from instanode.dev to the dashboard. Fix: defensive redirect route `/cli-auth` → `/login?cli_session=<id>`. Details: - The api currently emits the canonical `/login?cli_session=<id>` path (cli_auth.go since commit 0c7991c, B13-P0-F1 2026-05-20). - `/cli-auth` was never a real route — but it appears in `cli/cmd/testapi_test.go` (the hermetic test mock writes `https://instanode.dev/cli-auth?s=test`) and in any stale terminal scrollback / chat transcript a user pastes. - Without a route, `/cli-auth` fell through to the catch-all NotFoundPage → 404. Implementation: - New `CliAuthRedirect` component in App.tsx normalizes both query shapes: `?cli_session=<id>` and `?s=<id>` (test-mock shape) → canonical `/login?cli_session=<id>`. Bare `/cli-auth` → `/login`. - Route registered in App.tsx alongside the legacy /resources, /vault, /team, /billing redirects. - `scripts/prerender.mjs` adds `/cli-auth` to authShellRoutes so `dist/cli-auth/index.html` is written at build time — otherwise GH Pages would 404 before the SPA shell could boot the Navigate. - `ROUTE_META['/cli-auth']` adds a sensible <title> for the brief moment before the redirect runs. - 5 unit tests in `src/App.cli-auth.test.tsx` lock in the contract: param preservation, ?s→cli_session rewrite, bare-fallback, URL encoding of reserved characters, cli_session-wins-over-s when both are present. Does NOT touch the working `/login?cli_session=...` flow that the api emits — that path remains canonical. This is purely a defensive redirect for the legacy URL shape. Verification: - `npx tsc --noEmit`: clean - `npx vitest run`: 769 passed, 3 skipped, 0 failed (full suite) - `npm run build`: SSR prerender wrote 4 auth SPA shells (was 3); `dist/cli-auth/index.html` exists with title "Signing in CLI… · instanode" Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
size-limit report 📦
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
https://instanode.dev/cli-authreturns "That page is not provisioned." The api emits the canonical/login?cli_session=<id>since commit 0c7991c (B13-P0-F1, 2026-05-20), but/cli-authstill surfaces incli/cmd/testapi_test.go(hermetic test mock) and in any stale terminal scrollback / chat transcript a user pastes./cli-authfell through to the catch-allNotFoundPage→ 404./cli-auth?cli_session=<id>and/cli-auth?s=<id>(test-mock shape) to canonical/login?cli_session=<id>. Bare/cli-authredirects to/login.Why this fix
api/internal/handlers/cli_auth.go) has always emitted/login?cli_session=<id>— confirmed bygit log --all -pof that file. So the broken/cli-authURL is NOT being emitted by the api today.auth_url, so a redirect on instanode.dev is the right defensive fallback regardless of where the stale URL came from./login?cli_session=...flow that the api currently emits.What changed
src/App.tsx— newCliAuthRedirectcomponent + route registrationscripts/prerender.mjs—/cli-authadded toauthShellRoutes(sodist/cli-auth/index.htmlis written; GH Pages must serve a real file for the SPA shell to boot the redirect) +ROUTE_META['/cli-auth']entry for a sensible <title> during the brief redirect windowsrc/App.cli-auth.test.tsx— 5 unit tests pinning the contractTest plan
npx tsc --noEmit— cleannpx vitest run— 769 passed, 3 skipped, 0 failed (full suite)npm run build— prerender wrote 4 auth SPA shells (was 3);dist/cli-auth/index.htmlexists, title "Signing in CLI… · instanode"src/App.cli-auth.test.tsx: 5 tests pass?cli_session=<id>→/login?cli_session=<id>?s=<id>(test-mock shape) →/login?cli_session=<id>/cli-auth→/login(no param)cli_sessionwins overswhen both presentcurl -I https://instanode.dev/cli-auth?cli_session=testreturns 200 (SPA shell), and browser-loading the URL redirects to/login?cli_session=test🤖 Generated with Claude Code