feat(auth): /accounts routes — list, switch, remove (slice 3, PR 2/3)#116
Merged
Conversation
Backend for quick-switch over the persisted account registry (PR 1). New
src/routes/settings/accounts.ts:
- GET /settings/api/accounts — roster + active_key. Tokens are never
returned (only login/host/added_via/obtained_at/active).
- POST /accounts/switch {key} — pre-flights the target token against Copilot
BEFORE flipping the pointer (the token is in-registry, so a bad switch
would otherwise cost a full reboot to discover) → specific 422 on failure;
the shell reboots into the new active config on 2xx.
- POST /accounts/remove {key} — deletes maximal's OWN copy from the registry
(gh untouched, isolation invariant); clears activeKey if it was active.
settings-types: AccountSummary + AccountsListResponse (snake_case, no token).
preflightCopilotError moved out of routes/settings/gh.ts into the new
src/lib/copilot-preflight.ts now that two routes (gh-reuse adopt + accounts
switch) share it — routes stay thin HTTP wrappers, the reusable check lives
in lib (/simplify altitude finding).
No UI yet (PR 3) — endpoints are inert until the picker is wired. +10 route
tests (mock the registry storage + the getCopilotUsage leaf, NOT the gh
module, so gh-preflight coverage of the real preflight is preserved).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
PR 2 of 3 for slice 3 — multi-account persistence + quick-switch. The backend for quick-switch over the registry that PR 1 (#115) introduced. No UI yet — these endpoints are inert until PR 3 wires the picker.
New
src/routes/settings/accounts.ts(under the existing/settings/apiauth gate):GET /settings/api/accounts— the roster +active_key. Tokens are never returned (AccountSummaryexposes onlylogin/host/added_via/obtained_at/active; a test asserts no token leaks).POST /accounts/switch {key}— pre-flights the target token against Copilot before flippingactiveKey(the token's already in the registry, so a bad switch would otherwise cost a full reboot to discover) → specific 422 on a revoked/no-Copilot account; the shell reboots into the new active config on a 2xx.POST /accounts/remove {key}— deletes maximal's own copy from the registry (gh untouched — HARD ISOLATION invariant); clearsactiveKeyif it was the active one.settings-types.ts:AccountSummary+AccountsListResponse(snake_case, no token).Refactor (from
/simplify)preflightCopilotErrormoved out ofroutes/settings/gh.tsintosrc/lib/copilot-preflight.tsnow that two routes share it (gh-reuse adopt + accounts switch) — routes stay thin HTTP wrappers, the reusable check lives in lib.Testing
bun test— 850 pass / 0 fail (+10 route tests). The tests mock the registry storage boundary + thegetCopilotUsageleaf (not the whole gh module), sogh-preflight.test.ts's coverage of the realpreflightCopilotErroris preserved (avoids the documented cross-filemock.moduleleak).bun run check:fastclean;knipno new unused; shelltscclean./simplify— applied the one actionable finding (the cross-route helper move above); confirmed no token leak + correct mock seam.Stacked on #115 (merged); rebased onto main.