Skip to content

fix: 401 token refresh silently skipped when refreshToken is null #325

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
xinhuagu merged 8 commits into from
Mar 21, 2026
Merged

fix: 401 token refresh silently skipped when refreshToken is null #325

Changes from 1 commit
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
10ed41c
fix: 401 token refresh silently skipped when refreshToken is null (#324)
xinhuagu Mar 21, 2026
219998b
fix: ensureRefreshToken always checks Keychain for fresher credentials
xinhuagu Mar 21, 2026
0b211e6
test: add unit tests for ensureRefreshToken and 401 recovery
xinhuagu Mar 21, 2026
b3f04cd
test: comprehensive ensureRefreshToken tests + testability refactor
xinhuagu Mar 21, 2026
42a08e0
fix: 401 recovery now retries with fresh access token even without re…
xinhuagu Mar 21, 2026
3002c8c
fix: synchronize recoverCredentials to prevent race on token compare-…
xinhuagu Mar 21, 2026
9f809c2
chore: enhance CodeRabbit config with stricter pre-merge checks
xinhuagu Mar 21, 2026
30b4163
chore: remove unsupported CodeRabbit config sections (tools, finishin…
xinhuagu Mar 21, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
chore: enhance CodeRabbit config with stricter pre-merge checks 
- Add auto-labeling (security, breaking-change, needs-tests)
- Add path filters to skip non-essential files (docs, images, scripts)
- Add pre-merge checks: test coverage for new logic, API breaking changes
- Enable commit_status, fail_commit_status, PMD, docstrings, unit tests
- Restructure path_instructions for readability

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
  • Loading branch information
@xinhuagu @claude
xinhuagu and claude committed Mar 21, 2026
commit 9f809c29b6e206d8146d5fc4a0924ff981de1985
90 changes: 85 additions & 5 deletions .coderabbit.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,47 @@
# Docs: https://docs.coderabbit.ai/reference/configuration

language: en

# --- Review Settings ---
reviews:
profile: chill
request_changes_workflow: true
high_level_summary: true
poem: false
review_status: true
commit_status: true
fail_commit_status: true
auto_apply_labels: true

# Auto-labeling rules
labeling_instructions:
- label: "security"
instructions: "Apply when the PR touches auth, permissions, crypto, or secrets."
- label: "breaking-change"
instructions: "Apply when the PR changes public API signatures."
- label: "needs-tests"
instructions: "Apply when the PR adds logic in src/main but has no matching test changes in src/test."

# Skip non-essential files to reduce rate-limit pressure
path_filters:
- "!**/*.md"
- "!**/*.json"
- "!**/*.png"
- "!**/*.gif"
- "!**/*.svg"
- "!docs/**"
- "!.github/**"
- "!gradle/wrapper/**"
- "!**/test-fixtures/**"
- "!scripts/**/*.sh"

# Pre-merge quality gate
pre_merge_checks:
issue_assessment:
mode: error
docstrings:
mode: warning
threshold: 80
custom_checks:
- name: "Block major correctness and security risks"
mode: error
Expand All @@ -21,24 +55,70 @@ reviews:
- unsafe error handling that can hide failures
- missing tests for high-risk behavioral changes
If no such issues exist, pass this check.

- name: "Require test coverage for new logic"
mode: error
instructions: |
Fail if the PR adds or modifies business logic in src/main
but does not include corresponding test changes in src/test.
Pure refactors with no behavioral change may pass.

- name: "No API breaking changes without version bump"
mode: error
instructions: |
Fail if the PR changes a public API signature (method rename,
parameter change, removal) without updating the version number
or adding a migration note.

# Auto-review configuration
auto_review:
enabled: true
drafts: false

# Per-module review instructions
path_instructions:
- path: "aceclaw-security/**"
instructions: "Review security module changes with extra scrutiny. Check for permission bypasses, HMAC integrity issues, and unsafe defaults."
instructions: >
Review security module changes with extra scrutiny.
Check for permission bypasses, HMAC integrity issues, and unsafe defaults.

- path: "aceclaw-memory/**"
instructions: "Verify HMAC signing is maintained, check for memory tier ordering issues, and ensure workspace isolation."
instructions: >
Verify HMAC signing is maintained, check for memory tier ordering issues,
and ensure workspace isolation.

- path: "aceclaw-core/**"
instructions: "Focus on agent loop correctness, tool execution safety, and LLM client error handling."
instructions: >
Focus on agent loop correctness, tool execution safety,
and LLM client error handling.

- path: "aceclaw-tools/**"
instructions: "Check cross-platform compatibility (Windows/macOS/Linux). Verify ProcessBuilder commands work on all platforms."
instructions: >
Check cross-platform compatibility (Windows/macOS/Linux).
Verify ProcessBuilder commands work on all platforms.

- path: "aceclaw-daemon/**"
instructions: "Check UDS listener lifecycle, shutdown ordering, and thread safety with virtual threads."
instructions: >
Check UDS listener lifecycle, shutdown ordering,
and thread safety with virtual threads.

# --- Chat Settings ---
chat:
auto_reply: true

# --- Tools ---
tools:
pmd:
enabled: true

# --- Finishing Touches ---
finishing_touches:
docstrings:
enabled: true
unit_tests:
enabled: true

@coderabbitai coderabbitai Bot Mar 21, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

tools and finishing_touches are at incorrect nesting level and will be ignored.

Per the schema, both tools and finishing_touches must be nested under reviews, not at the root level. The current placement will cause these configurations to have no effect since the schema uses additionalProperties: true at root (allows but ignores unknown keys).

🔧 Proposed fix to correct the nesting

Move these sections under reviews: (before or after path_instructions):

   path_instructions:
     # ... existing path_instructions ...

+  # --- Tools ---
+  tools:
+    pmd:
+      enabled: true
+
+  # --- Finishing Touches ---
+  finishing_touches:
+    docstrings:
+      enabled: true
+    unit_tests:
+      enabled: true

 # --- Chat Settings ---
 chat:
   auto_reply: true

-# --- Tools ---
-tools:
-  pmd:
-    enabled: true
-
-# --- Finishing Touches ---
-finishing_touches:
-  docstrings:
-    enabled: true
-  unit_tests:
-    enabled: true
-
 # --- Knowledge Base ---
 knowledge_base:
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.coderabbit.yaml around lines 109 - 119, The `tools` and `finishing_touches`
blocks are incorrectly placed at the root and should be nested under `reviews`;
move the entire `tools:` (including `pmd:` and its `enabled`) and
`finishing_touches:` (including `docstrings:` and `unit_tests:`) sections so
they are children of the `reviews:` mapping (you can place them before or after
`path_instructions`), preserving proper YAML indentation and structure.


# --- Knowledge Base ---
knowledge_base:
learnings:
scope: auto
Loading