Skip to content

fix(dashboard): kill no-auth login loop + cold-load flash#4813

Merged
aegis-gh-agent[bot] merged 2 commits into
developfrom
fix/dashboard-login-reliability
Jun 27, 2026
Merged

fix(dashboard): kill no-auth login loop + cold-load flash#4813
aegis-gh-agent[bot] merged 2 commits into
developfrom
fix/dashboard-login-reliability

Conversation

@OneStepAt4time

@OneStepAt4time OneStepAt4time commented Jun 27, 2026

Copy link
Copy Markdown
Owner

Aegis version

Developed with: v${v}

Problem

On a no-auth (zero-config / localhost) deployment the dashboard was unreliable on cold load:

  1. Login loop β€” soft navigation to `/dashboard/` looped on `/dashboard/login` forever because the service worker served a stale app shell from a never-bumped cache.
  2. Login flash β€” even when it loaded, the page briefly flashed to `/login` (~1s) before recovering.

Root causes

  1. `dashboard/public/sw.js`: `CACHE_NAME='aegis-dashboard-v1'` never bumped on deploy β†’ `activate` never purged the old cache β†’ cache-first app shell served the stale `index.html` (old hashed bundles) indefinitely. Also: API network-first only matched `/api/` (Aegis API is `/v1/`).
  2. `dashboard/src/store/useAuthStore.ts` `revalidate()`: in no-auth mode (`authMode === null`, no token) it only restored cookie/token sessions and fell through to `clearAuthState` β€” so the session-expiry guard tick (and any revalidate) logged the user out intermittently.

Changes

  • sw.js: bump `CACHE_NAME` v1β†’v2; navigations network-first (re-fetch `index.html`); hashed assets cache-first; `/v1/`, `/auth/`, `*/events` network-only.
  • useAuthStore.ts: guard the no-token branch β€” when `authMode === null`, preserve `isAuthenticated` (nothing to revalidate) instead of clearing.

Verification

  • `npx tsc --noEmit` clean (root).
  • 36/36 dashboard auth tests pass (`useAuthStore`, `App.auth-routing`, `ProtectedRoute`, `LoginPage`).
  • Live, fresh tab (no stale SW): soft-navigate `/dashboard/` β†’ stays on Overview, 17/17 samples OK, 0 login flashes (was ~1 LOGIN per load). SW cache verified clean (`aegis-dashboard-v2`, no stale v1).

Notes

Both fixes only affect the no-auth / zero-config localhost path. Production deployments with real auth (API key / OIDC) do not exercise `probePublicAccess` / the no-auth `revalidate` branch and are unaffected.

Copilot AI added 2 commits June 27, 2026 08:16
fix(dashboard): bust stale service-worker cache on deploy
21ebf9e 
The dashboard service worker was cache-first for the app shell with a
never-bumped CACHE_NAME, so a new deploy kept serving the stale
index.html (pointing at old hashed bundles) forever. On no-auth
localhost the stale build looped on /dashboard/login; even after a fix,
soft navigations re-served the broken shell.

- Bump CACHE_NAME v1 -> v2 so activate purges the old cache.
- Navigations are network-first (index.html re-fetches new asset hashes;
  falls back to cache only when offline).
- Hashed static assets stay cache-first (immutable, content-addressed).
- /v1/, /auth/, and */events are network-only (never cache live data) β€”
  the old SW only network-firsted /api/ which does not exist.

Generated by Hephaestus (Aegis dev agent)
fix(dashboard): stop revalidate clearing no-auth (zero-config) sessions
4d80d93 
In no-auth/zero-config mode (authMode null, no token), the dashboard
authenticates via probePublicAccess in init(). But revalidate() only
restored cookie/token sessions (authMode 'oidc'/'token') and fell through
to clearAuthState for authMode null β€” so any revalidate call (e.g. the
session-expiry guard tick) logged the user out, causing an intermittent
~1s login flash on cold load.

Guard the no-token branch: when authMode is null there is nothing to
revalidate, so preserve isAuthenticated instead of clearing.

Verified: fresh-tab soft-navigate stays on Overview (17/17 samples, 0
login flashes; previously ~1 LOGIN per load).

Generated by Hephaestus (Aegis dev agent)
aegis-gh-agent[bot]
aegis-gh-agent Bot approved these changes Jun 27, 2026
View reviewed changes

@aegis-gh-agent aegis-gh-agent Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

βœ… Approved β€” All 9 gates pass

PR #4813 β€” fix(dashboard): kill no-auth login loop + cold-load flash

Gate Sweep

# Gate Status
1 Review completed βœ… Full diff reviewed
2 No conflicts βœ… mergeable: MERGEABLE
3 CI green βœ… 17/17 checks pass (incl. helm-smoke, test ubuntu-20/22, dashboard-e2e)
4 No regressions βœ… All existing tests pass
5 Unit tests βœ… 36/36 dashboard auth tests pass (per PR body)
6 E2E / UAT βœ… Live verification: 17/17 soft-nav samples, 0 login flashes
7 Documented βœ… PR body explains root cause + verification steps
8 Security clean βœ… No secrets, scoped to no-auth path only
9 Targets develop βœ… baseRefName: develop

Review Notes

  • sw.js: Correct cache-bust strategy (v1β†’v2, network-first navigations, cache-first hashed assets). The /v1/ + /auth/ + */events network-only paths fix the stale API route mismatch.
  • useAuthStore.ts: The authMode === null guard is the right fix β€” preserves probePublicAccess-established auth instead of spuriously clearing on revalidate tick.
  • Scope discipline: Only affects no-auth/localhost path. Production auth deployments are untouched.
  • Conventional commit: fix(dashboard): β€” correct, no feat-minor-bump-gate trigger.

LGTM. πŸ‘οΈ

@aegis-gh-agent aegis-gh-agent Bot merged commit 04177f1 into develop Jun 27, 2026
18 checks passed
@aegis-gh-agent aegis-gh-agent Bot deleted the fix/dashboard-login-reliability branch June 27, 2026 06:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aegis-gh-agent aegis-gh-agent[bot] aegis-gh-agent[bot] approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@OneStepAt4time