feat: storage consolidation resilience (OAuth session, project binding, gitignore)#512
Closed
kelsonpw wants to merge 0 commit into
Closed
feat: storage consolidation resilience (OAuth session, project binding, gitignore)#512kelsonpw wants to merge 0 commit into
kelsonpw wants to merge 0 commit into
Conversation
Contributor
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix prepared a fix for the issue found in the latest run.
- ✅ Fixed: Stale OAuth data returned after failed credential clear
- Removed the try/catch around the primary (canonical) file write in writeConfig so failures propagate to callers, preventing the inconsistent state where stale tokens remain in the primary file after a failed clear while the legacy file is successfully wiped.
Or push these changes by commenting:
@cursor push 81c4c96bba
Preview (81c4c96bba)
diff --git a/src/utils/ampli-settings.ts b/src/utils/ampli-settings.ts
--- a/src/utils/ampli-settings.ts
+++ b/src/utils/ampli-settings.ts
@@ -104,15 +104,9 @@
}
const primaryPath = getOAuthSettingsFile();
const legacyPath = getLegacyAmpliHomeOAuthPath();
+ ensureDir(getCacheRoot());
+ atomicWriteJSON(primaryPath, data, 0o600);
try {
- ensureDir(getCacheRoot());
- atomicWriteJSON(primaryPath, data, 0o600);
- } catch (err) {
- log.warn('writeConfig: failed to write canonical OAuth session file', {
- 'error message': err instanceof Error ? err.message : String(err),
- });
- }
- try {
atomicWriteJSON(legacyPath, data, 0o600);
} catch (err) {
log.debug('writeConfig: legacy OAuth mirror write failed (non-fatal)', {You can send follow-ups to the cloud agent here.
Reviewed by Cursor Bugbot for commit ef9a654. Configure here.
ef9a654 to
e3af45a
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.


Summary
Consolidates wizard-owned storage under predictable paths: OAuth/session persistence, canonical project binding under
.amplitude/project-binding.json, dual-read from legacy rootampli.json, and a narrowed.gitignoreso only intended artifacts are ignored.Includes a fix to narrow
AmpliConfigParseResultbefore reading.errorso TypeScript discriminated unions are respected inreadAmpliConfigmerge/migrate logic.Coordination
This branch may touch the same areas as #237, #504, #498, #207, and #209 — worth a quick overlap check before merge.
Made with Cursor
Note
Medium Risk
Touches credential/session persistence and project binding files, so regressions could affect login continuity or selecting the correct Amplitude project across runs, but changes are scoped and mostly additive/migration-focused.
Overview
Improves wizard storage resilience by consolidating persisted state under predictable paths (including OAuth/session data) and introducing a canonical per-repo binding file at
.amplitude/project-binding.json, while still dual-reading legacy rootampli.jsonfor backward compatibility.Hardens auth/config handling by tightening
readAmpliConfig’s discriminated-union narrowing, addingclearAuthFieldsInAmpliConfigto strip auth-scoped fields fromampli.jsonon logout/reset, and makinggetStoredTokenzone-aware (and rejecting tokens with mismatched issuer/audience) to avoid reusing wrong-region sessions.Narrows
.gitignorerules so only intended wizard artifacts are ignored (anchoring patterns and explicitly allowing shipped.claude/skills).Reviewed by Cursor Bugbot for commit e3af45a. Bugbot is set up for automated code reviews on this repo. Configure here.