mirror of
https://github.com/NanmiCoder/cc-haha
synced 2026-07-16 13:03:31 +08:00
Desktop auth was reporting stale local token files as logged in, could inherit a parent OAuth token after logout, and kept polling even when browser launch failed. This change validates stored tokens through the refresh path, clears inherited OAuth env before spawning the CLI, fetches subscription metadata on initial login, and moves polling start until after the browser opens. Regression tests cover the server and desktop store paths. Constraint: Desktop CLI must bypass macOS Keychain by injecting env OAuth when available Rejected: Keep status endpoint file-based only | reports expired sessions as logged in Confidence: high Scope-risk: moderate Directive: Official desktop auth state must be derived from ensureFreshTokens rather than oauth.json presence alone Tested: bun test src/server/__tests__/conversation-service.test.ts src/server/__tests__/haha-oauth-service.test.ts src/server/__tests__/haha-oauth-api.test.ts Tested: cd desktop && bun run lint Tested: cd desktop && bun run test Not-tested: Manual end-to-end desktop OAuth flow against the live provider