fix(corezoid): allow login/logout to switch environments mid-session#9
Open
Starushenko wants to merge 2 commits into
Open
fix(corezoid): allow login/logout to switch environments mid-session#9Starushenko wants to merge 2 commits into
Starushenko wants to merge 2 commits into
Conversation
The login handler refused to apply `account_url`, `workspace_id`, and `stage_id` arguments whenever the corresponding in-memory variable was already populated (`v != "" && accountURL == ""` etc.). Combined with logout only resetting `apiToken`, this meant that once the MCP process started with one set of credentials, the user could not actually switch to a different environment without restarting Claude Code: the args were silently ignored, `.env` changes were ignored, and every tool call kept hitting the host captured at startup. Changes: - login: after `findAndLoadDotEnv()`, unconditionally refresh `accountURL`, `workspaceID`, `stageID`, `apiURL` from env so a swapped `.env` actually takes effect. `apiToken` keeps its conditional refresh so a freshly-issued OAuth token is not clobbered by a stale value. - login: apply `account_url`, `workspace_id`, `stage_id` arguments unconditionally — these express explicit caller intent and should always win over any cached state. When `account_url` changes, clear the derived `COREZOID_API_URL` so it is re-fetched for the new host. - login: derive `COREZOID_API_URL` whenever a token is present but `apiURL` is empty, not only inside the OAuth-success branch. This handles the common case where `ACCESS_TOKEN` is supplied directly in `.env` (browser OAuth is broken on private on-prem instances, see corezoid#7) and the case where `account_url` just changed. - logout: clear `accountURL`, `workspaceID`, `stageID`, `apiURL` in addition to `apiToken` so a follow-up `login` starts from a clean slate. 🤖 Generated with [Claude Code](https://claude.com/claude-code)
The MCP tool `pull-folder` is advertised as exporting "a Corezoid
folder/stage" and takes a generic `folder_id`, but internally
`downloadStageRecursively` hardcoded `obj_type=stage` for every ID.
On the server, `stage` (root container of a project) and `folder`
(any sub-container) are distinct object types and the wrong one is
rejected:
- sub-folder ID with `obj_type=stage` -> proc:error,
"Object stage with id N does not exist"
- stage ID with `obj_type=folder` -> proc:error,
"This object does not exist or is in the trash"
`PullZip` only inspects `request_proc` and `ops[0].download_url`, so
this inner error is swallowed and re-emitted as the generic
"failed to export process: no download_url in response". The result
is that `pull-folder` works against a stage ID but appears
mysteriously broken for every regular sub-folder ID a user might
hand it from the Corezoid UI. Same root cause produced the
plugin-side timeouts and `unexpected end of JSON input` errors
reported in the env-switch debugging session that preceded this
commit.
Fix: in `downloadStageRecursively` try `obj_type=folder` first and
fall back to `obj_type=stage` on any error. One redundant request
only in the rare case the caller passed a real stage ID; no
behaviour change on the success path; no public API change; the
auto-pull triggered from the `login` flow continues to work because
the retry covers stage IDs.
Verified by direct curl against an on-prem AZ dev instance
(`corezoid-tst.unibank.lan`) -- folder ID 29245 returns a
`download_url` with `obj_type=folder` and the previous "no
download_url" error with `obj_type=stage`; stage ID 21194 returns
`download_url` with `obj_type=stage` and the "does not exist or is
in the trash" error with `obj_type=folder`.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The login handler refused to apply
account_url,workspace_id, andstage_idarguments whenever the corresponding in-memory variable was already populated (v != "" && accountURL == ""etc.). Combined with logout only resettingapiToken, this meant that once the MCP process started with one set of credentials, the user could not actually switch to a different environment without restarting Claude Code: the args were silently ignored,.envchanges were ignored, and every tool call kept hitting the host captured at startup.Changes:
findAndLoadDotEnv(), unconditionally refreshaccountURL,workspaceID,stageID,apiURLfrom env so a swapped.envactually takes effect.apiTokenkeeps its conditional refresh so a freshly-issued OAuth token is not clobbered by a stale value.account_url,workspace_id,stage_idarguments unconditionally — these express explicit caller intent and should always win over any cached state. Whenaccount_urlchanges, clear the derivedCOREZOID_API_URLso it is re-fetched for the new host.COREZOID_API_URLwhenever a token is present butapiURLis empty, not only inside the OAuth-success branch. This handles the common case whereACCESS_TOKENis supplied directly in.env(browser OAuth is broken on private on-prem instances, see OAuth PKCE login fails on private on-prem instances #7) and the case whereaccount_urljust changed.accountURL,workspaceID,stageID,apiURLin addition toapiTokenso a follow-uploginstarts from a clean slate.🤖 Generated with Claude Code