Skip to content

Rewrite COOKIES.md for App-Bound Encryption reality (SOU-155)#36

Merged
tsouth89 merged 3 commits into
mainfrom
tsouth2/sou-155-cookies-abe
Jul 16, 2026
Merged

Rewrite COOKIES.md for App-Bound Encryption reality (SOU-155)#36
tsouth89 merged 3 commits into
mainfrom
tsouth2/sou-155-cookies-abe

Conversation

@tsouth89

@tsouth89 tsouth89 commented Jul 16, 2026

Copy link
Copy Markdown
Owner

Addresses the documentation core of SOU-155.

What was wrong

docs/COOKIES.md claimed Chrome/Edge cookie import is "✅ Automatic" and that cookies are held "in-memory". Runtime reality (verified in rust/src/browser/cookies.rs + rust/src/settings.rs):

  • Chromium App-Bound Encryption (Chrome/Edge 127+, v20 cookies) blocks automatic import for most profiles; the code surfaces a specific AppBoundEncryption error.
  • The default cookie source is manual for every provider except Cursor (which stays automatic via the signed-in IDE session).
  • Manual cookies persist encrypted with DPAPI in the ManualCookies store (user-only ACL), not in memory.

Changes

  • Rewrote docs/COOKIES.md around ABE reality, the manual/Cursor-auto defaults, Firefox's unencrypted path, and DPAPI persistence.
  • Scrubbed the residual CodexBar string in useTrayPanelLayout.ts's console warning.

Remaining SOU-155 sub-tasks (follow-up, not in this PR)

  • Rename the TrayOpenCodexBar locale key (touches the i18n key list + locale value defs).
  • Make the Settings cookie-import empty state explicitly call out App-Bound Encryption.

The AboutTab links to Win-CodexBar / CodexBar are intentional upstream attribution and are left as-is.

Summary by CodeRabbit

  • Bug Fixes

    • Updated the tray panel auto-resize failure warning text to better reflect the failing operation; the existing fallback behavior remains unchanged.
  • Documentation

    • Reworked the cookie import guide to explain browser cookie source defaults.
    • Clarified Windows automatic cookie import behavior, including App-Bound Encryption impacts.
    • Added more detailed manual cookie extraction steps, encrypted-at-rest storage notes, and updated troubleshooting guidance, including WSL limitations.

@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Preview URL Updated (UTC)
✅ Deployment successful!
View logs
ceiling fc8ca3c Commit Preview URL

Branch Preview URL
Jul 16 2026, 09:29 AM

@coderabbitai

coderabbitai Bot commented Jul 16, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: f0ba788f-4015-4793-a096-f6c4775ade71

📥 Commits

Reviewing files that changed from the base of the PR and between 9fb83cf and fc8ca3c.

📒 Files selected for processing (1)
  • docs/COOKIES.md
🚧 Files skipped from review as they are similar to previous changes (1)
  • docs/COOKIES.md

📝 Walkthrough

Walkthrough

The tray resize warning now uses the Ceiling product name. Cookie documentation covers browser source defaults, Windows automatic import behavior, manual Chromium extraction, encrypted persistence, and troubleshooting.

Changes

Tray panel warning

Layer / File(s) Summary
Update tray resize warning
apps/desktop-tauri/src/hooks/useTrayPanelLayout.ts
The resize failure warning changes to “Ceiling tray panel resize failed”; fallback panel reveal behavior is unchanged.

Cookie import guidance

Layer / File(s) Summary
Document cookie import workflows
docs/COOKIES.md
Documentation now covers provider source defaults, Windows App-Bound Encryption and automatic imports, manual Chromium cookie extraction, DPAPI-backed persistent storage, and troubleshooting.

Estimated code review effort: 2 (Simple) | ~10 minutes

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the main change: rewriting COOKIES.md to reflect App-Bound Encryption behavior.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch tsouth2/sou-155-cookies-abe

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/COOKIES.md`:
- Line 28: Update the manual-cookie storage documentation near the ManualCookies
description to qualify guarantees by platform: state that Windows uses DPAPI
encryption and a user-only ACL, while non-Windows platforms store contents
unencrypted with restrictive 0600 file permissions. Preserve the statement that
cookies persist across restarts.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: f81fa501-dcd8-4e1a-a779-737a2d387115

📥 Commits

Reviewing files that changed from the base of the PR and between 61aa541 and 9fb83cf.

📒 Files selected for processing (2)
  • apps/desktop-tauri/src/hooks/useTrayPanelLayout.ts
  • docs/COOKIES.md

Comment thread docs/COOKIES.md Outdated
@tsouth89
tsouth89 merged commit dfc0dec into main Jul 16, 2026
6 checks passed
@tsouth89
tsouth89 deleted the tsouth2/sou-155-cookies-abe branch July 16, 2026 09:33
tsouth89 added a commit that referenced this pull request Jul 17, 2026
…OU-155)

- Remove the unused TrayOpenCodexBar locale key. It carried stale
  CodexBar branding and was never rendered; the live tray item uses
  TrayPopOutDashboard (tray_menu.rs). Dropped from keys.ts, locale.rs,
  and all 7 .ftl locales, keeping TS<->Rust key parity.
- Reword the browser-cookie empty state so it sets expectations up
  front: on Chrome/Edge/Brave, App-Bound Encryption usually blocks
  automatic import, so pasting the cookie header is the reliable path.

COOKIES.md already reflects ABE reality (SOU-155 PR #36). Remaining
"CodexBar" strings are intentional upstream attribution in About.
tsouth89 added a commit that referenced this pull request Jul 17, 2026
Two v1-readiness cleanups. **Both change visual/user-facing surfaces
that can't be pixel-verified headlessly — needs an eyeball on Windows
before merge.**

## 1. Native-control theming audit (extends SOU-224)

The dropdown fix (#38) removed native `<select>`. Same WebView2 root
cause remained on **checkboxes**: `.provider-detail-toggle`
(Claude/Codex credential toggles) and `.providers-sidebar__checkbox`
(provider enable/disable) were raw native `<input type="checkbox">` with
only margin set, so the OS drew them in its own theme (light checkbox
inside the dark UI).

- Folded both onto the existing custom `.toggle` styling:
`appearance:none` + CSS checkmark + accent fill + explicit
`[data-theme="light"]` overrides. Every checkbox now matches the app
theme in both modes.
- Audited the rest: **range sliders** (`.settings-field`,
`.menu-surface__footer-zoom-slider`) and **scrollbars** already carry
per-theme styling — no change needed. Number-spinner arrows are OS-drawn
but minor.

## 2. SOU-155 leftovers

- **Removed the dead `TrayOpenCodexBar` locale key** — stale CodexBar
branding, never rendered (the live tray item uses `TrayPopOutDashboard`
in `tray_menu.rs`). Dropped from `keys.ts`, `locale.rs`, and all 7
`.ftl` locales; TS↔Rust key parity preserved (`check-locale` green).
- **Clarified the browser-cookie empty state**: it now states up front
that App-Bound Encryption usually blocks automatic import on
Chrome/Edge/Brave, so pasting the cookie header is the reliable path.
- COOKIES.md already reflects ABE reality (PR #36). Remaining `CodexBar`
strings are intentional upstream attribution in the About tab.

## Verification
- `pnpm test` — 45 files / 226 tests pass
- `pnpm run build` — check-locale + tsc + vite green
- `cargo check` (shared crate) — green after the locale enum change

## Eyeball checklist (Windows, both themes)
- Credential toggles (Settings → Providers → Claude/Codex) and the
sidebar provider checkboxes: box + checkmark match the theme, accent
fill when checked
- Browser-cookie empty state reads clearly

Partially addresses SOU-155; native-control audit extends SOU-224.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

- **User Interface**
- Unified macOS-style checkbox visuals across provider and settings
controls.
- Enhanced interaction states (hover, focus, checked, disabled) with
consistent light-theme behavior.

- **Localization**
  - Updated the tray “pop out” dashboard label to “Open Ceiling.”
  - Removed an outdated tray translation entry.

- **Bug Fixes**
- Clarified browser cookie import empty-state guidance when automatic
import is blocked for unsupported scenarios.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: tsouth89 <tsouth89@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant