First time login error#13
Merged
seekdavidlee merged 6 commits intomainfrom Feb 22, 2026
Merged
Conversation
…r first-time login
33 tasks
WilliamBerryiii
added a commit
to microsoft/hve-core
that referenced
this pull request
Mar 2, 2026
…tness reviewer (#733) # Pull Request ## Description <!-- Provide a clear description of the changes in this PR --> Pre-PR branch diff reviewer for functional correctness, error handling, edge cases, and testing gaps ## Related Issue(s) Closes #646 ## Type of Change Select all that apply: **Code & Documentation:** - [ ] Bug fix (non-breaking change fixing an issue) - [X] New feature (non-breaking change adding functionality) - [ ] Breaking change (fix or feature causing existing functionality to change) - [ ] Documentation update **Infrastructure & Configuration:** - [ ] GitHub Actions workflow - [ ] Linting configuration (markdown, PowerShell, etc.) - [ ] Security configuration - [ ] DevContainer configuration - [ ] Dependency update **AI Artifacts:** - [X] Reviewed contribution with `prompt-builder` agent and addressed all feedback - [ ] Copilot instructions (`.github/instructions/*.instructions.md`) - [ ] Copilot prompt (`.github/prompts/*.prompt.md`) - [X] Copilot agent (`.github/agents/*.agent.md`) - [ ] Copilot skill (`.github/skills/*/SKILL.md`) > **Note for AI Artifact Contributors**: > > - **Agents**: Research, indexing/referencing other project (using standard VS Code GitHub Copilot/MCP tools), planning, and general implementation agents likely already exist. Review `.github/agents/` before creating new ones. > - **Skills**: Must include both bash and PowerShell scripts. See [Skills](../docs/contributing/skills.md). > - **Model Versions**: Only contributions targeting the **latest Anthropic and OpenAI models** will be accepted. Older model versions (e.g., GPT-3.5, Claude 3) will be rejected. > - See [Agents Not Accepted](../docs/contributing/custom-agents.md#agents-not-accepted) and [Model Version Requirements](../docs/contributing/ai-artifacts-common.md#model-version-requirements). **Other:** - [ ] Script/automation (`.ps1`, `.sh`, `.py`) - [ ] Other (please describe): ## Sample Prompts (for AI Artifact Contributions) <!-- If you checked any boxes under "AI Artifacts" above, provide a sample prompt showing how to use your contribution --> <!-- Delete this section if not applicable --> **User Request:** <!-- What natural language request would trigger this agent/prompt/instruction? --> Pls code review **Execution Flow:** <!-- Step-by-step: what happens when invoked? Include tool usage, decision points --> **Output Artifacts:** <!-- What files/content are created? Show first 10-20 lines as preview --> ```txt --- title: "Functional Code Review: first-time-login-error" description: "Pre-PR functional code review for first-time-login-error against origin/main" ms.date: 2026-02-22 branch: first-time-login-error base: origin/main total_issues: 2 severity_counts: critical: 1 high: 0 medium: 1 low: 0 --- # Functional Code Review: `first-time-login-error` → `origin/main` ## Executive Summary | Metric | Value | |---|---| | Files changed | 3 | | Lines added | 41 | | Lines removed | 59 | | Critical issues | 1 | | High issues | 0 | | Medium issues | 1 | | Low issues | 0 | ## Changed Files Overview | File | Lines Changed | Risk Level | Issues Found | |---|---|---|---| | `Eklee.KeyVault.UI/src/auth/useAuthToken.ts` | –36 (deleted) | Low | 0 | | `Eklee.KeyVault.UI/src/main.tsx` | +22 / –12 | High | 0 | | `Eklee.KeyVault.UI/src/services/apiClient.ts` | +19 / –3 | High | 2 | --- ## Critical Issues ### Issue 1: `acquireTokenSilent` failure in the interceptor is unhandled — every API call will throw an unrecoverable error **Severity**: Critical **Category**: Error Handling **File**: `Eklee.KeyVault.UI/src/services/apiClient.ts` **Lines**: 26-36 #### Problem `acquireTokenSilent` can reject with an `InteractionRequiredAuthError` (expired refresh token, revoked consent, new MFA requirement, etc.). The deleted `useAuthToken.ts` hook handled this by falling back to `acquireTokenRedirect`. The new interceptor has no error handling at all — a silent-token failure will bubble as an unhandled promise rejection and fail **every** subsequent API call with a cryptic MSAL error instead of redirecting the user to re-authenticate. ... ``` **Success Indicators:** <!-- How does user know it worked correctly? What validation should they perform? --> A summary of code review changes should be generated. For detailed contribution requirements, see: - **Common Standards**: [docs/contributing/ai-artifacts-common.md](../docs/contributing/ai-artifacts-common.md) - Shared standards for XML blocks, markdown quality, RFC 2119, validation, and testing - **Agents**: [docs/contributing/custom-agents.md](../docs/contributing/custom-agents.md) - Agent configurations with tools and behavior patterns - **Prompts**: [docs/contributing/prompts.md](../docs/contributing/prompts.md) - Workflow-specific guidance with template variables - **Instructions**: [docs/contributing/instructions.md](../docs/contributing/instructions.md) - Technology-specific standards with glob patterns - **Skills**: [docs/contributing/skills.md](../docs/contributing/skills.md) - Task execution utilities with cross-platform scripts ## Testing <!-- Describe how you tested these changes --> I used this for running code reviews in these 2 PRs * seekdavidlee/eklee-keyvault#12 * seekdavidlee/eklee-keyvault#13 ## Checklist ### Required Checks - [ ] Documentation is updated (if applicable) - [ ] Files follow existing naming conventions - [ ] Changes are backwards compatible (if applicable) - [ ] Tests added for new functionality (if applicable) ### AI Artifact Contributions <!-- If contributing an agent, prompt, instruction, or skill, complete these checks --> - [x] Used `/prompt-analyze` to review contribution - [x] Addressed all feedback from `prompt-builder` review - [ ] Verified contribution follows common standards and type-specific requirements ### Required Automated Checks The following validation commands must pass before merging: - [ ] Markdown linting: `npm run lint:md` - [ ] Spell checking: `npm run spell-check` - [ ] Frontmatter validation: `npm run lint:frontmatter` - [ ] Skill structure validation: `npm run validate:skills` - [ ] Link validation: `npm run lint:md-links` - [ ] PowerShell analysis: `npm run lint:ps` - [ ] Plugin freshness: `npm run plugin:generate` ## Security Considerations <!--⚠️ WARNING: Do not commit sensitive information such as API keys, passwords, or personal data --> - [x] This PR does not contain any sensitive or NDA information - [ ] Any new dependencies have been reviewed for security issues - [ ] Security-related scripts follow the principle of least privilege ## Additional Notes <!-- Any additional information that reviewers should know --> --------- Co-authored-by: Bill Berry <WilliamBerryiii@users.noreply.github.com> Co-authored-by: Bill Berry <wbery@microsoft.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.