Fix/vulkan node mcp#57
Merged
Merged
Conversation
* Adds installer scripts and configuration
* Remove installer directory
* changes installer to zip file
* removes installer folder
* updates installer to work with empty .installer_state.env file
* Driver check for cuda and rocm.
* Adds --mount flag to mount folder to project without rebuilding
* Makes sure folder is mounted before opening localhost
* test run of installers
* changes compose files for arm64 builds
* Stores login token for mount authentication
* Mount to notbook within project, and unmount
* Add CliAuthSession entity, DbSet, model config, and EF migration
Persistence layer for the new CLI device-code authorization flow.
Adds CliAuthSession entity with SessionId (PK), DeviceSecretHash,
Status enum (Pending/Approved/Consumed), nullable UserId FK to User,
CreatedAt, and ExpiresAt. Includes ExpiresAt index for cleanup queries
and cascade delete from User.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
* Add optional lifetimeOverride to JwtTokenService.IssueToken
Support caller-specified JWT lifetimes for the CLI device-code flow,
which needs short-lived (~10 min) tokens. When lifetimeOverride is null,
behavior is unchanged (uses configured LifetimeMinutes). Non-positive
overrides throw ArgumentOutOfRangeException.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
* Add CliAuthService for secure CLI device-code auth flow
Implement ICliAuthService with CreateSessionAsync, ApproveAsync, and
IssueTokenAsync driving the CLI device-code authorization flow. The
device secret is hashed (SHA256) before storage and verified with
constant-time comparison before any status branching, preventing
session-ID-only callers from learning approval state. Tokens are
single-use (Consumed on issuance). Includes DI registration and 14
unit tests covering creation, cleanup, approval, secret verification,
token issuance, single-use enforcement, and JWT claim validation.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
* Add CliAuth HTTP endpoints and remove insecure on-disk token write
Expose ICliAuthService over three endpoints (POST /api/cli/sessions,
POST /{sessionId}/approve, GET /{sessionId}/token) for the browser
device-code approval flow. Remove the .cli-auth-token file write and
unused IStoragePathResolver parameter from the login handler. Add nine
integration tests covering the full happy path and security negatives.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
* Add CliAuthorize page, protected route, and api.ts approve call
Implements the browser-side CLI authorization flow: a new CliAuthorize
page where logged-in users approve command-line mount requests, a
protected route at /cli/authorize, and the api.cli.approveSession()
method. Includes component tests covering all states (missing session,
approve success, 404/410 errors, generic errors, deny).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
* Replace installer on-disk-token auth with browser device-code flow
Rewrites acquire_token() to use the POST /api/cli/sessions +
browser-approval + polling pattern instead of reading a token file
from disk. The token is held only in a shell variable (AUTH_TOKEN)
and never written to disk. Also generalizes open_browser() to accept
an optional URL argument, removes the CLI_TOKEN_FILE variable, and
adds .gitignore entries for the token file.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
* Require admin to approve CLI auth sessions
Mount creation requires admin, so allowing any approved user to approve a
CLI session led to a 403 dead-end after the browser approval. Tighten the
/api/cli/sessions/{id}/approve endpoint to RequireAdmin and add a
non-admin -> 403 integration test.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
* Doc for secure CLI authentication and authorization window close after approval
* Mount folder to project root.
* fixes on windows
* Fix windows bugs
* update README.md
* updates installer.zip
* tests
* update installer.zip
---------
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.