Skip to content

fix(cli): platform-specific keychain store hints after login (#235)#265

Open
adriannoes wants to merge 2 commits into
devfrom
fix/cli-macos-keychain-hint-235
Open

fix(cli): platform-specific keychain store hints after login (#235)#265
adriannoes wants to merge 2 commits into
devfrom
fix/cli-macos-keychain-hint-235

Conversation

@adriannoes

@adriannoes adriannoes commented Jun 1, 2026

Copy link
Copy Markdown
Collaborator

Summary

  • Add auth_keychain_hints.py with platform-specific remediation text when pipefy auth login succeeds at OAuth but store_session fails.
  • On macOS, surface errSecParam (-25244) and the Terminal.app + Always Allow ACL workaround instead of the headless Linux Secret Service hint.
  • Keep the existing Linux Secret Service / PIPEFY_KEYCHAIN_BACKEND=file hint and add a Windows Credential Manager variant.
  • Document the macOS first-run keychain ACL flow in docs/cli/auth.md.

Closes #235.

@adriannoes
adriannoes requested a review from gbrlcustodio June 1, 2026 18:12
@adriannoes adriannoes self-assigned this Jun 1, 2026
Comment thread docs/cli/auth.md Outdated
Comment thread packages/cli/tests/test_auth_keychain_hints.py Outdated
Comment thread packages/cli/src/pipefy_cli/commands/_auth_keychain_hints.py
gbrlcustodio
gbrlcustodio previously approved these changes Jun 2, 2026

@gbrlcustodio gbrlcustodio left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Inline notes are all non-blocking; nothing here blocks merge.

Base automatically changed from dev to main June 2, 2026 14:39
@gbrlcustodio
gbrlcustodio changed the base branch from main to dev June 2, 2026 15:18
Branch error messages on macOS, Linux, and Windows when OAuth succeeds
but store_session fails. Document the macOS errSecParam (-25244) ACL
workaround in docs/cli/auth.md.
Qualify the macOS ACL note for uvx path churn, tighten platform hint
tests with required/forbidden fragments, and rename the helper to
_auth_keychain_hints.py. Align the MCP README with the same diagnosis.
@adriannoes

Copy link
Copy Markdown
Collaborator Author

@gbrlcustodio — thanks again for the earlier approval and the non-blocking notes.

I missed the review comments at the time; just caught up and addressed them after rebasing onto current dev:

  • Docs: qualified the macOS ACL note so uvx path churn vs stable installs (uv tool install / wheel) is clear; aligned packages/mcp/README.md with the same diagnosis.
  • Tests: one row per platform with required / forbidden fragments in test_auth_keychain_hints.py.
  • Naming: renamed the helper to _auth_keychain_hints.py to match the commands/ convention.

Also confirmed the change is still needed on dev: the post-login store_session failure path still surfaces the Linux Secret Service hint on every OS, so #235 remains open.

CI is green after the rebase. Could you take another look when you have a moment? Happy to adjust anything.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants