fix: align CLI and Desktop local runtimes#799
Open
bheemreddy-samsara wants to merge 1 commit into
Open
Conversation
bheemreddy-samsara
force-pushed
the
fix/cli-authenticated-base-url
branch
from
7e4b055 to
c0aaa50
Compare
bheemreddy-samsara
changed the title
bheemreddy-samsara
force-pushed
the
fix/cli-authenticated-base-url
branch
2 times, most recently
from
3f19183 to
8770b6d
Compare
bheemreddy-samsara
force-pushed
the
fix/cli-authenticated-base-url
branch
from
8770b6d to
2646a85
Compare
Author
|
@RhysSullivan thoughts here ? |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
CLI commands and Executor Desktop now avoid split-brain local runtimes in both startup orders.
If Desktop is already running, CLI commands can target its authenticated sidecar with
--base-urlorEXECUTOR_BASE_URL. Credentials embedded in that URL are sent as Basic-auth headers and stripped from display output. If a local endpoint returns401 Unauthorized, the CLI now explains that credentials are required instead of treating the occupied port as unavailable and starting a second daemon.If a compatible CLI daemon is already running first, Desktop discovers it from the CLI daemon pointer files and attaches only when Desktop auth is disabled and the daemon serves the shared
~/.executor-globalscope. Authenticated, stale, malformed, or different-scope listeners are skipped so Desktop does not attach to an unrelated runtime or bypass its configured auth settings.Desktop uses
~/.executor-globalas its default shared scope so MCPs configured for CLI/agent usage are visible in Desktop too. Desktop settings are also initialized lazily after Electron sets itsuserDatapath, preventing Desktop from reading stale settings from Electron's default app-data location and accidentally spawning on the CLI port.Testing
bunx vitest run tests/desktop-server-discovery.test.ts tests/daemon-bootstrap.test.tsbun run --cwd apps/desktop typecheckbun run --cwd apps/cli typecheckbun run format:checkbun run lintbunx --bun electron-vite buildfromapps/desktopCSC_IDENTITY_AUTO_DISCOVERY=false bunx electron-builder --mac dir --arm64 --config electron-builder.config.tsfromapps/desktop~/.executor-globalscope and syncs the MCP sources from~/.executor-global/executor.jsonc./api/scopereturns401and authenticated/api/scopereturns200on the Desktop sidecar when it owns port4789.daemon status --base-url http://executor:secret@...probe confirmed Basic auth headers are sent and output hides credentials.