fix: dashboard command missing token hint in headless/WSL (#72081)#73227
fix: dashboard command missing token hint in headless/WSL (#72081)#73227ztexydt-cqh wants to merge 2 commits intoopenclaw:mainfrom
Conversation
Greptile SummaryThis PR adds a manual-auth fallback hint for headless/WSL environments where both clipboard copy and browser launch fail, and suppresses the redundant
Confidence Score: 3/5Not safe to merge — contains a test assertion that references an unimplemented message, guaranteeing a test failure. A P1 finding: one of the new test assertions expects a hint string that is never produced by the implementation. The test will always fail, breaking the test suite. The production logic change itself appears sound for the described use cases. src/commands/dashboard.links.test.ts (line 122-124) and src/commands/dashboard.ts (the --no-open hint branch, line 80) need to be reconciled. Prompt To Fix All With AIThis is a comment left during a code review.
Path: src/commands/dashboard.links.test.ts
Line: 122-124
Comment:
**Test assertion expects an unimplemented message**
This assertion will always fail. The string `"Browser launch disabled (--no-open). Token-authenticated URL copied to clipboard."` does not exist anywhere in `dashboard.ts`; the `--no-open` branch unconditionally sets `hint = "Browser launch disabled (--no-open). Use the URL above."` (line 80) regardless of clipboard outcome. Since clipboard succeeds in this test (`copyToClipboardMock.mockResolvedValue(true)`) and `fallbackToManualAuth` is `false` (because `copied = true`), `suppressNoOpenHint` is also `false` and the old hint is logged — but it never matches the expected string.
Either the expected string needs to be updated to match the actual message, or `dashboard.ts` needs a new conditional branch that produces a clipboard-success variant of the `--no-open` hint.
How can I resolve this? If you propose a fix, please make it concise.Reviews (1): Last reviewed commit: "fix: dashboard command missing token hin..." | Re-trigger Greptile |
| expect(runtime.log).toHaveBeenCalledWith( | ||
| "Browser launch disabled (--no-open). Token-authenticated URL copied to clipboard.", | ||
| ); |
There was a problem hiding this comment.
This assertion will always fail. The string "Browser launch disabled (--no-open). Token-authenticated URL copied to clipboard." does not exist anywhere in dashboard.ts; the --no-open branch unconditionally sets hint = "Browser launch disabled (--no-open). Use the URL above." (line 80) regardless of clipboard outcome. Since clipboard succeeds in this test (copyToClipboardMock.mockResolvedValue(true)) and fallbackToManualAuth is false (because copied = true), suppressNoOpenHint is also false and the old hint is logged — but it never matches the expected string.
Either the expected string needs to be updated to match the actual message, or dashboard.ts needs a new conditional branch that produces a clipboard-success variant of the --no-open hint.
Prompt To Fix With AI
This is a comment left during a code review.
Path: src/commands/dashboard.links.test.ts
Line: 122-124
Comment:
**Test assertion expects an unimplemented message**
This assertion will always fail. The string `"Browser launch disabled (--no-open). Token-authenticated URL copied to clipboard."` does not exist anywhere in `dashboard.ts`; the `--no-open` branch unconditionally sets `hint = "Browser launch disabled (--no-open). Use the URL above."` (line 80) regardless of clipboard outcome. Since clipboard succeeds in this test (`copyToClipboardMock.mockResolvedValue(true)`) and `fallbackToManualAuth` is `false` (because `copied = true`), `suppressNoOpenHint` is also `false` and the old hint is logged — but it never matches the expected string.
Either the expected string needs to be updated to match the actual message, or `dashboard.ts` needs a new conditional branch that produces a clipboard-success variant of the `--no-open` hint.
How can I resolve this? If you propose a fix, please make it concise.|
Thanks for the context here. I swept through the related work, and this is now duplicate or superseded. Close as superseded by #72802. Current main still lacks the manual-auth fallback, but #72802 is the earlier open canonical PR for the same linked bug, contains the same So I’m closing this here and keeping the remaining discussion on the canonical linked item. Review detailsBest possible solution: Use #72802 as the canonical implementation path, rebase/validate it if needed, and land one CVE-safe dashboard fix with the changelog entry rather than merging two equivalent PRs. Do we have a high-confidence way to reproduce the issue? Yes. Configure a literal gateway token, force clipboard copy to fail, and run in a headless/SSH/WSL path where browser open is unavailable; current main logs only the bare URL plus SSH/no-open guidance, while the PR adds regression coverage for that combined-failure path. Is this the best way to solve the issue? The code direction is the right narrow fix, but merging this duplicate is not the best repository outcome because #72802 already tracks the same implementation more completely with changelog and addressed review context. Security review: Security review cleared: The diff touches only dashboard CLI logging/tests, adds no dependencies or code-execution surfaces, and preserves bearer-token plus What I checked:
Likely related people:
Codex review notes: model gpt-5.5, reasoning high; reviewed against 46888f5afbe9. |
Problem
在 headless/WSL 环境下,dashboard 命令的 clipboard 复制和浏览器打开均会失败,导致用户无法获得 gateway token,进而无法完成认证。
Solution
当两种自动交付渠道(clipboard、浏览器)均失败且 token 已配置时,向用户输出手动认证提示,指导其将 token 以
#token=...的 URL fragment 形式附加到裸 URL 上。同时抑制冗余的--no-open回退提示,避免 UX 噪音。测试覆盖确保日志中不会泄露真实 token 值。Verification
Closes #72081.