feat(auth): dev-gated password login + MCP-driven CCW agent workflow #86exrkrra#28
Merged
Conversation
Enhance Practice Now Features and Save Modal Improvements with Dashboard Deep-Linking
# [1.12.0](v1.11.2...v1.12.0) (2026-05-26) ### Bug Fixes * **save-modal:** break circular import to console-crane store ([ab00130](ab00130)) * **save-modal:** refetch bundle options so post-save chip shows title ([25499da](25499da)) ### Features * announce extension presence on dashboard origins for install nudge [#86](https://github.com/codebridger/subturtle-extension-apps/issues/86)exkh0z3 ([69dcf1b](69dcf1b)), closes [#86exkh0z3](https://github.com/codebridger/subturtle-extension-apps/issues/86exkh0z3) * **console-crane:** practice + flashcard-preview pages, near-translation actions ([224b9da](224b9da)) * **practice-now:** emphasize practiced phrase + cover login flows ([8ff3408](8ff3408)) * **practice-now:** open config to logged-out users + clearer CTAs ([2f09e05](2f09e05)) * **practice-now:** voice session config + dashboard deep-link ([db1a3fc](db1a3fc)) * **save-modal:** chunk highlights, AI advice chat, bundle suggestion ([9954c22](9954c22)) * **save-modal:** in-field bundle chips with dirty-aware save + inline removal ([374cbb4](374cbb4)) * **save-modal:** per-chunk definitions, merged pronunciation, reorder save ([f766040](f766040)) * **saved-phrase:** DB-first lookup, reuse stored translation, no AI re-call ([1315cc8](1315cc8))
Unblocks cloud Claude agents (Claude Code on the Web) from developing on the extension by adding a username/password login path that doesn't need Google OAuth, plus a chrome-extension-tester-mcp config so the agent can load the unpacked extension, drive the popup, and screenshot results. The new email/password form in LoginView is build-flag gated by ENABLE_PASSWORD_AUTH. Stable + dev release builds keep it off (form stays hidden, real users continue to use OAuth); CCW + verify-job builds enable it. The flow reuses the existing handleTokenLogin path so the JWT lands in chrome.storage.sync["token"] indistinguishable from an OAuth token — no downstream consumer (modular-rest client, profile store, translate service, ConsoleCrane) sees the difference. Coverage: - tests/login-password.test.ts + login-password-disabled.test.ts — Vitest, form rendering / validation / success+failure paths. - tests/e2e/password-login.spec.ts — Playwright, end-to-end against stubbed /user/login and /verify/token via the existing fixture. The agent path uses only the MCP; tests/e2e/ stays the testing ground and the two share no code. CLAUDE.md documents the one-time CCW setup (network access, env vars, setup script) plus the curl + token-inject sequence — including the gotcha that the password must be base64-encoded in the /user/login body since modular-rest's client lib does this internally and raw curl doesn't. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Collaborator
Author
navidshad
changed the title
Collaborator
Author
Automated PR ReviewPrimary Task: CU-86exrkrra — Implement an headless environment for agentic development Task alignment
All four task requirements are addressed in this PR. Commit messages
Prior review follow-upNo prior reviews or requested changes on this PR. Convention check
VerdictAPPROVE Implementation fully satisfies the task requirements. Code is well-structured, security trade-offs are sound, test coverage is thorough (unit flag-on/flag-off + E2E success/failure paths), and the CLAUDE.md agent guide is detailed enough for a cold-start agent to use without extra context. Generated by Claude Code |
|
🎉 This PR is included in version 1.13.0-dev.1 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
|
🎉 This PR is included in version 1.13.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🏷️ PR Title:
feat(auth): add dev-gated password login + MCP-driven CCW agent workflow
📋 Summary
This PR introduces a development-gated password login feature and implements an MCP-driven CCW agent workflow, enhancing authentication processes and agent task management.
🔗 Related Tasks
#86exrkrra - Add dev-gated password login and MCP-driven CCW agent workflow
📝 Additional Details
The changes focus on improving security and workflow automation for agents, tailored for development environments and integrated with MCP triggers.
📜 Commit List
b4b6e46 feat(auth): add dev-gated password login + MCP-driven CCW agent workflow
cbc26fd chore(release): 1.12.0 [skip ci]
a271aff Merge pull request #27 from codebridger/dev