You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
V48 Gate 3 (specification-implementation): surface why GitHub token regeneration failed instead of a bare Invalid badge (V48-Gate3-F34)
Retested after the F33 fix (deployed and confirmed live by timestamp):
Refresh still shows "Invalid." With env vars confirmed present and no way
to pull historical Vercel logs for this project, the remaining causes
(installation actually revoked on GitHub's side vs. some other bug in the
regeneration chain) were indistinguishable from the UI alone.
Rather than keep guessing blind, make the failure diagnosable: persist a
source-safe last_regeneration_error (GitHub's own API error text, or a
plain reason like missing app credentials) on the connection row every
time installation-token regeneration is attempted, cleared on success.
It flows through the existing metadata sanitizer with no other route
changes needed. VCSConnectionCard now shows this reason under the Invalid
badge, with a plain-language note that a 401/403/404 means the GitHub App
installation was removed — which only a reinstall (not Refresh) can fix.
This turns the next occurrence of "Refresh doesn't fix Invalid" into
something checkable at a glance instead of another investigation.
Also noted (not fixed here): components/base/bitcode/vcs/__tests__/
VCSConnectionCard.test.tsx tests a superseded version of this component
and isn't in jest.config.cjs's testMatch, so it silently never runs.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Copy file name to clipboardExpand all lines: BITCODE_V48_QA.md
+7Lines changed: 7 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -533,6 +533,13 @@ Track 3-4 scripts (BTD ledger, settlement, pack journaling) get added when those
533
533
- Cause (a real bug, found by inspection): the expiry check that decides whether to regenerate reads `connectionData.installation_token_expires_at` (line ~193) — the field `_callback-handler.ts` writes at initial install. But the regeneration's own persistence call, `this.updateTokens(...)`, only ever wrote `token_expires_at` — a DIFFERENT field, never read by that check. So every regeneration attempt "succeeded" (fresh token minted, `validateToken` passes for that one request) yet the field the NEXT check reads never moved off its original, already-past value — forcing a full re-regeneration on every single subsequent call (every Refresh click, every repo/branch/commit fetch that reaches this path) forever. Separately, `GET /api/vcs/[provider]/connection` built the returned status from the `connection` row fetched BEFORE `validateStoredConnection` ran, so even a successful in-request regeneration wouldn't show its fresh `expiresAt`/metadata until a subsequent call.
534
534
- Repair: `VCSConnections.updateTokens` now writes `installation_token_expires_at` alongside `token_expires_at` (its only caller is this one GitHub-App regeneration path, so this is safe with no other call sites to consider). `GET /api/vcs/[provider]/connection` now re-fetches the connection after a successful `validateStoredConnection` before building the response, so a same-request regeneration is reflected immediately instead of one Refresh click behind. Note: if the GitHub App installation itself was actually revoked/uninstalled on GitHub's side (not just an expired token), regeneration will keep failing and Disconnect+reinstall genuinely is required then — check https://github.com/settings/installations (or the org's) to tell the two apart. Verified: `tsc --noEmit` 0 (both packages); new `packages/vcs/src/__tests__/connections.test.ts` (2/2, pins both fields moving together and that a fresh token skips re-regeneration); full uapi jest suite 639/640 green (1 pre-existing skip).
535
535
536
+
### V48-Gate3-F34 — Refreshing GitHub still showed bare "Invalid" after the F33 fix, no way to tell why (FIXED)
537
+
538
+
- Severity: high (live-confirmed, 2026-07-08: clicked Refresh after the F33 deploy went live — same "Invalid" badge in Auxillaries, same reconnect-required banner on `/deposits`. Confirmed deploy timing: commit `dbef719e` (F33) pushed 11:24:50, its Preview build was `Ready` by ~11:27, the retest screenshot is 11:46 — the fix WAS live when retested, so F33's fix, while a real and necessary bug, was not the reason THIS specific connection stayed Invalid).
539
+
- Investigation: with F33 confirmed deployed and env vars confirmed present (F33), the only two remaining explanations are (a) the GitHub App installation was genuinely revoked/uninstalled on GitHub's side (only a real reinstall fixes that), or (b) a different bug in the regeneration call chain. Neither was distinguishable from the UI or from `vercel logs` (historical logs aren't retrievable after the fact for this project's plan/log-drain setup — confirmed by trying).
540
+
- Repair (turns the black box into a source-safe diagnostic instead of resolving blind): `VCSConnections` now persists a `last_regeneration_error` (and `last_regeneration_at`) onto the connection row every time installation-token regeneration is attempted — the actual reason on failure (GitHub's own API error text, e.g. a 404 meaning the installation was removed; or `github_app_credentials_not_configured` if the env gate itself was skipped), or cleared to `null` on success. This flows through the existing `sanitizeConnectionMetadata` pass-through into `connectionStatus.metadata` with no other route changes needed (the new keys aren't in the token/secret blocklist). `VCSConnectionCard.tsx` now renders this reason under the badge when `!valid`, with a plain-language hint that a 401/403/404 means reinstalling the GitHub App is the only fix Refresh can't provide. This makes the NEXT occurrence of "Refresh doesn't fix Invalid" immediately diagnosable from the card itself — for this user or anyone — without needing server log access. Verified: `tsc --noEmit` 0 (both packages); new `uapi/tests/vcsConnectionCard.test.tsx` (4/4: no extra UI when valid, reason + reinstall hint on a 404, missing-credentials reason mapped to plain language with no reinstall hint, no extra UI when invalid but no diagnostic recorded yet); full uapi jest suite 643/644 green (1 pre-existing skip); `packages/vcs` suite 7/7 green.
541
+
- Noted but out of scope here: `uapi/components/base/bitcode/vcs/__tests__/VCSConnectionCard.test.tsx` is a pre-existing test file for an entirely superseded implementation of this component (mocks `@supabase/auth-helpers-nextjs` directly, expects copy/icons that no longer exist) — it isn't in `jest.config.cjs`'s `testMatch` allowlist, so it silently never runs and was not caught by this drift. Left as-is; a follow-up should either delete it or rewrite it against the current component.
542
+
536
543
## Track 1 — Identity / Authentication / Auxillaries — COMPLETE 2026-06-12 (email deferred by decision; F2/F9 and legacy eradication queued for gates)
537
544
538
545
-[x] Sign up / sign in via Connect Wallet (nav CTA → SignUpWindow → wallet signature on testnet4 → `custom:bitcode-bitcoin` session → `/tps/supabase/callback`) — verified 2026-06-12 after F5 fix; lands on `/packs`. Re-verified from fully nuked state (purged user + cleared site data): created 19:29:21 → session 19:29:25 → binding auto-written 19:29:29 by the bridge on `/packs` mount with no Auxillaries visit; UI consistent across nav, Wallet, and Profile panes.
0 commit comments