Skip to content

trunk-merge/pr-3444/57d4367b-916f-4bcd-b079-be621025eb73#3479

Closed
trunk-io[bot] wants to merge 16 commits into
mainfrom
trunk-merge/pr-3444/57d4367b-916f-4bcd-b079-be621025eb73
Closed

trunk-merge/pr-3444/57d4367b-916f-4bcd-b079-be621025eb73#3479
trunk-io[bot] wants to merge 16 commits into
mainfrom
trunk-merge/pr-3444/57d4367b-916f-4bcd-b079-be621025eb73

Conversation

@trunk-io

@trunk-io trunk-io Bot commented Jul 15, 2026

Copy link
Copy Markdown
Trunk Merge Pull Request Banner

This pull request was created and is being managed by Trunk Merge.

This pull request is based on the main branch at SHA e338415983a09302cecb424fe03599692163fe9e.

See more details about each PR in the batch here:

When CI completes, this pull request will be closed automatically.

Pull Requests Being Tested

This pull request is testing a batch with the changes from pull requests 3444 and 3467 - batching documentation.

gantoine and others added 16 commits July 14, 2026 15:21
IAuthTokenCipher.encrypt/decrypt become Promise-returning so a host can
back them with an async primitive (e.g. the browser's Web Crypto, which is
async). Thread await through the AuthService call sites; the desktop adapter
wraps its existing synchronous node:crypto cipher in Promise.resolve, so
desktop behavior is unchanged.

Enabling change for the browser web host, but self-contained and useful on
its own.

Generated-By: PostHog Code
Task-Id: 77d13a30-444d-4045-9d80-5e2a9f2e68ae
commitSessionState mutated this.session and saved the project preference
before awaiting persistSession. Now that encryption is async and can
reject, a failure left the service on the new project in memory (and in the
saved preference) while the stored session and published state stayed on
the old one — a partial, inconsistent commit the caller saw only as a
rejected promise.

Build the next session locally, await the persist first (the only fallible
step), then assign this.session, save the preference, and publish state —
so a rejection leaves every layer on the prior session. Add a regression
test that fails encryption mid-selectProject and asserts nothing moved.

Generated-By: PostHog Code
Task-Id: 77d13a30-444d-4045-9d80-5e2a9f2e68ae
Making getSessionInputForRefresh async put an await (stored-token
decryption) between ensureValidSession's `if (this.refreshPromise)` guard
and the `this.refreshPromise = ...` assignment. Two concurrent callers
could both observe a null refreshPromise, both decrypt, then both start a
refresh — spending the rotating refresh token twice, so the second request
fails with auth_error and clears the session the first one established,
logging the user out.

Move the decryption inside refreshAndSync so refreshPromise is assigned
synchronously right after the guard, restoring single-flight dedup. Add a
regression test firing two concurrent refreshAccessToken() calls and
asserting one underlying token request.

Generated-By: PostHog Code
Task-Id: 77d13a30-444d-4045-9d80-5e2a9f2e68ae
With async encryption, two overlapping project selections could interleave
across the await in commitSessionState: an earlier selection completing
last would overwrite the newer stored session and published state (and
persistSession's own read of the prior selection could race), leaving the
committed selection stale — not the one the user picked last.

Serialize commits onto a promise chain so each commit's persist-then-publish
runs to completion before the next begins; the latest selection now wins
consistently across the in-memory session, storage, and subscribers. The
stored chain swallows rejections so a failed commit can't wedge later ones,
while the returned promise still rejects for the caller. Add a regression
test that overlaps two selections, drains encryption newest-first, and
asserts the latest selection wins everywhere.

Generated-By: PostHog Code
Task-Id: 77d13a30-444d-4045-9d80-5e2a9f2e68ae
Translate Codex /goal commands to native app-server goal RPCs and advertise the command alongside skills.

Add regression coverage for reading, setting, clearing, pausing, and resuming goals without starting a model turn.

Generated-By: PostHog Code
Task-Id: f8939190-58a1-493b-904c-457c7859b3d6
Generated-By: PostHog Code
Task-Id: f8939190-58a1-493b-904c-457c7859b3d6
Generated-By: PostHog Code
Task-Id: f8939190-58a1-493b-904c-457c7859b3d6
Generated-By: PostHog Code
Task-Id: f8939190-58a1-493b-904c-457c7859b3d6
Generated-By: PostHog Code
Task-Id: f8939190-58a1-493b-904c-457c7859b3d6
Generated-By: PostHog Code
Task-Id: f67230a6-4c1c-4433-91cc-ee487135fead
@github-actions

Copy link
Copy Markdown

React Doctor found no issues in the changed files. 🎉

Reviewed by React Doctor for commit 8125481.

@trunk-io trunk-io Bot closed this Jul 15, 2026
@trunk-io trunk-io Bot deleted the trunk-merge/pr-3444/57d4367b-916f-4bcd-b079-be621025eb73 branch July 15, 2026 14:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants