Skip to content

fix(login): build the device-code approval URL from the CLI's own app base#36

Closed
hbrooks wants to merge 1 commit into
mainfrom
fix/login-app-host-from-api-base
Closed

fix(login): build the device-code approval URL from the CLI's own app base#36
hbrooks wants to merge 1 commit into
mainfrom
fix/login-app-host-from-api-base

Conversation

@hbrooks

@hbrooks hbrooks commented Jul 11, 2026

Copy link
Copy Markdown
Member

What

agent login printed the approval URL verbatim from the server's verification_uri_complete. The backend builds that from ELLIPSIS_APP_BASE_URL, which is unset in every environment and defaults to https://app.ellipsis.dev. So a login against beta-api.ellipsis.dev (or dev) sends you to the prod dashboard, where a device code minted in beta Aurora can never be approved — login hangs until it times out.

Repro:

export ELLIPSIS_API_BASE_URL=https://beta-api.ellipsis.dev
agent login
# -> To authenticate, open this URL ...
#      https://app.ellipsis.dev/cli-auth?code=XXXX-XXXX   <- prod, wrong

Fix

Build the approval URL client-side from the app base derived from our API base, not the server's copy:

  • New urls.cliAuthUrl(appBase, userCode) (unit-tested, same pattern as sessionUrl/configUrl).
  • login feeds it resolveAppBase(), which already maps the configured API base to the app host (beta-api. -> beta-app., api. -> app.) off the existing config.json apiBase chain.

No new env var, no new config field — the host now always tracks the environment the CLI is pointed at.

Notes

  • The backend still returns a wrong verification_uri_complete for non-prod; that is a separate, lower-urgency config fix (set ELLIPSIS_APP_BASE_URL per env and consolidate the three divergent app-host helpers). The CLI no longer depends on it.

Test plan

  • bun run typecheck clean; bun run test green (189 passed, incl. new cliAuthUrl cases).
  • Manual: ELLIPSIS_API_BASE_URL=https://beta-api.ellipsis.dev agent login now prints a beta-app.ellipsis.dev approval URL.

The device-code approval URL was taken verbatim from the server's verification_uri_complete. The backend fills that from ELLIPSIS_APP_BASE_URL, which is unset in every environment and defaults to https://app.ellipsis.dev — so a login against beta-api (or dev) prints a prod approval URL, and a code minted in beta Aurora can never be approved on the prod dashboard, hanging login forever.

Build the URL client-side instead: new urls.cliAuthUrl(appBase, userCode) fed by resolveAppBase(), which already derives the app host from the configured API base (beta-api. -> beta-app.). The host now always matches the environment the CLI talks to. No new env var or config field — reuses the existing config.json apiBase chain.
@hbrooks

hbrooks commented Jul 11, 2026

Copy link
Copy Markdown
Member Author

Superseded by #37, which folds this login-URL fix into the agent host multi-instance feature (login now builds the approval URL from the active host's app base). Closing in favor of that.

@hbrooks hbrooks closed this Jul 11, 2026
@hbrooks hbrooks deleted the fix/login-app-host-from-api-base branch July 11, 2026 14:25
hbrooks added a commit that referenced this pull request Jul 11, 2026
…te) (#37)

Adds an `agent host` command group so the CLI can target Ellipsis Cloud, a preview environment, or a self-hosted deployment, and switch between them without re-exporting env vars. Config becomes a named set of hosts + an active pointer; each host keeps its own token (switching doesn't re-auth) and its own dashboard/app URL.

The app/dashboard URL is derived from the API URL (api. -> app.) or set explicitly per host (--app-base) for self-hosted instances whose dashboard isn't a mechanical swap. `login` builds the device-code approval URL from the active host's app base, not the server's verification_uri_complete (which the backend defaults to prod) — this fixes beta/dev/self-hosted login and supersedes #36.

Precedence unchanged (arg -> env -> active host -> prod default), so sandbox env injection still works. A pre-hosts v1 config is migrated in place on first load. Closes #36.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant