CS-11658: boot assembly from trusted servers via _realm-auth#5285
CS-11658: boot assembly from trusted servers via _realm-auth#5285lukemelia wants to merge 3 commits into
Conversation
Replace the "account data is the realm list" boot path with "account data is the list of trusted servers; ask each server which realms the user has." Builds on CS-11655 which introduced the new `app.boxel.realm-servers` account-data event type. - realm-server: new fetchUserRealmsFromTrustedServers() iterates the trusted-server URLs, POSTs _realm-auth on each, and returns the union of realm URLs. Preserves the single-server invariant by calling assertOwnRealmServer() — multi-realm-server federation is out of scope for v1. - matrix-service start(): reads APP_BOXEL_REALM_SERVERS_EVENT_TYPE in parallel with favorites and assembles user realms via the new helper. Hands the result to setAvailableRealmIdentifiers and initSlidingSync (replacing the direct read of app.boxel.realms). fetchCatalogRealms() is unchanged. - Transition fallback: when app.boxel.realm-servers is absent or empty, the boot falls back to reading the legacy app.boxel.realms key so existing users aren't broken before CS-11659's lazy migration has run on their account. The fallback is clearly marked for removal once that migration ships. - Tests: boot populates the realm list from the trusted-servers path; direct unit coverage of the new method (round-trip, empty input short-circuit, non-own server rejection); fallback module verifies the legacy path still works when realm-servers is empty. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Issue per-server _realm-auth requests concurrently via Promise.all, then union the returned realm URLs. Failure semantics unchanged: the first rejection still surfaces (graceful degradation is CS-11667). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
[Codex] Finding:
The new test does not catch this because its mock legacy |
Addresses the Codex review on PR #5285. The matrix sync triggered by `startClient()` re-emits the existing `app.boxel.realms` AccountData event, and the listener bound during `bindEventListeners` was overwriting the trusted-servers boot result with the legacy key's content. - matrix-service: track `trustedRealmServersAuthoritative`. Boot sets it true when `app.boxel.realm-servers` has entries; the new realm-servers listener flips it on at runtime if the key gains content. - Legacy `app.boxel.realms` listener: skip `setAvailableRealmIdentifiers` while the flag is true. Login side effects (loginToRealms, loadMoreAuthRooms) still run so authentication for new realms isn't dropped. - New `app.boxel.realm-servers` listener: re-fetch via _realm-auth, call setAvailableRealmIdentifiers, then loginToRealms / loadMoreAuthRooms post-login. Natural runtime counterpart to the new boot path. - Regression test: a setup where mock activeRealms = [] but realmPermissions advertises two realms via _realm-auth verifies both _realm-auth realms survive `startClient`'s synthetic event. Without the listener gating the test fails. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
Good catch — fixed in 4bb2b12. The legacy Changes:
|
Preview deploymentsHost Test Results 1 files 1 suites 1h 40m 57s ⏱️ Results for commit 4bb2b12. For more details on these errors, see this check. Realm Server Test Results 1 files 1 suites 11m 55s ⏱️ Results for commit 4bb2b12. |
1 participant
Summary
Replaces the "account data is the realm list" boot path with "account data is the list of trusted servers; ask each server which realms the user has." Stacked on top of #5284 (CS-11655) which introduced the
app.boxel.realm-serversevent type — this PR's base is the CS-11655 branch, so review only the diff added on top.realm-server.ts— newfetchUserRealmsFromTrustedServers(serverURLs). Iterates the trusted-server URLs, POSTs_realm-authon each, returns the union of realm URLs. CallsassertOwnRealmServer()to preserve the single-server invariant; multi-realm-server federation stays out of scope.matrix-service.tsstart()— readsAPP_BOXEL_REALM_SERVERS_EVENT_TYPEin parallel with favorites, hands the result tofetchUserRealmsFromTrustedServers, and pipes the URLs intosetAvailableRealmIdentifiersandinitSlidingSync.fetchCatalogRealms()is unchanged.app.boxel.realm-serversis empty/absent, the boot falls back to readingapp.boxel.realmsso existing users aren't broken before CS-11659's lazy migration runs on their account. The fallback is clearly marked for removal once that migration ships.Acceptance criteria (from CS-11658)
_realm-authwhen the new key is populated.fetchCatalogRealms()is untouched).assertOwnRealmServer()) is preserved.Notes
mainautomatically.app.boxel.realm-serversfrom the legacy key is CS-11659.matrix-service.ts:393still reads fromapp.boxel.realms— out of scope for this issue (boot only).Test plan
matrix-service-boot-assembly-test.ts— boot from trusted servers,fetchUserRealmsFromTrustedServersunit behaviour (round-trip, empty input, non-own server rejection), and the legacy fallback.🤖 Generated with Claude Code