feat: pluggable embed onboarding + external auth framework#60
Open
Mingholy wants to merge 1 commit into
Open
Conversation
Generic, enterprise-agnostic extension-base additions so external SSO login
and fully custom onboarding UIs can be implemented in a drop-in provider
extension, with zero platform-specific logic in core:
- OnboardingView gains `kind:"embed"` → rendered as a no-sandbox srcdoc iframe
(same-origin, so relative /api calls carry the session cookie). The provider
returns the onboarding UI as an HTML string; the gate stays host-enforced.
- ExternalAuth framework: GET /api/auth/external/{status,start} + a callback
interceptor before the SPA fallback; auth.ts findUserByOAuth/createOAuthUser.
Provider declares {callbackPath,tokenParam,buildLoginUrl,verify}; AuthPage
renders the SSO button from the status endpoint (no hardcoded provider names).
- POST /api/settings/personal/mount — write a file into the personal vault mount.
- mcp-auth/start: loopId optional + serverConfig, enabling MCP OAuth during
onboarding (no loop yet). Loop-context error message preserved.
- seedDefaults ctx gains optional `token` (provisioning token pass-through).
- Generic fixture-provider + extension-base tests (no enterprise strings).
github provider behavior unchanged. All new capabilities optional.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Mingholy
force-pushed
the
feat/embed-onboarding
branch
from
57bd26a to
3c12d4e
Compare
Mingholy
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
这是什么
按
plans/2026-06-10-loopat-extension-base.md设计文档实现的通用、企业无关的 extension 基座扩展 PoC,支撑「外部 SSO 登录 + 完全自定义的 onboarding UI」,把全部企业逻辑挡在核心之外(不同于 upstream PR #20 把bailian-fe-default//bailian-mate:check-env写进核心)。改了什么(全部通用、可上游、github provider 不变、新能力全 optional)
OnboardingView新增kind:"embed"→ 渲染为无 sandbox 的 srcdoc iframe(同源,相对/api自动带 session cookie)。provider 把 onboarding UI 作为 HTML 字符串返回;门禁仍由宿主 Layout 强制。GET /api/auth/external/{status,start}+ SPA fallback 前的 callback 拦截;auth.ts加findUserByOAuth/createOAuthUser。provider 声明{callbackPath,tokenParam,buildLoginUrl,verify};登录页按钮文案来自 status 接口,无任何硬编码平台名。POST /api/settings/personal/mount— 写文件进个人 vault mount。mcp-auth/start:loopId可选 +serverConfig,支持 onboarding 阶段(无 loop)的 MCP OAuth;loop 上下文报错信息保留。seedDefaultsctx 加可选token(provisioning token 透传)。fixture-provider+extension-base测试(零企业串)。验证
server/webtypecheck:✅ cleanextension-base.test.ts12/12 ✅;api-mcp/mcp-oauth✅(修复了一处自身引入的报错文案回归)server bun test与未改动的main逐一 diff,本分支独有失败仅 1 条(已修复);其余失败在 main 上完全相同,均为本机环境所致(~/.loopat内置 provider 的 onboarding 门禁、podman、git-sync),与本 PR 无关。已知集成待办(端到端联调时对齐)
GET /api/personal/status需向 iframe 暴露vaultEnvs(检测已配置的 vault token)与 ssh 公钥字段。POST /api/onboarding/done是否写config.onboarding.{status,wizardCompleted}以加速下次onboarding()返回 done(与现有 dismiss marker 二选一,需统一)。.ts须先落LOOPAT_HOME/extensions/providers/再启动(懒加载、无热重载)。Reviewer 重点
verify());callback 中间件顺序(在 SPA fallback 之前、放行/api·/ws)。🤖 Generated with Claude Code