Skip to content

fix(app): discard stale Den cloud snapshots#2689

Draft
reachjalil wants to merge 1 commit into
different-ai:devfrom
reachjalil:codex/den-cloud-sync-identity
Draft

fix(app): discard stale Den cloud snapshots#2689
reachjalil wants to merge 1 commit into
different-ai:devfrom
reachjalil:codex/den-cloud-sync-identity

Conversation

@reachjalil

Copy link
Copy Markdown
Collaborator

Problem

Desktop cloud sync captured the active Den organization before requesting its resource snapshot, but it did not verify that the same Den session was still active after the request completed. A slow organization A response could therefore be applied to the workspace after the user had already switched to organization B.

State and ordering contract

A fetched Den snapshot may reach workspace sync only while the exact request identity is still current:

  • Den base URL is unchanged
  • authentication token identity is unchanged
  • active organization is unchanged
  • authentication is still present

If any part changes while the request is in flight, the response is stale and is discarded. A later sync for the current identity remains responsible for applying current state.

Implementation

  • Capture a small in-memory identity before loading the snapshot.
  • Re-read that identity immediately before applying the result.
  • Centralize the equality and identity-bound apply behavior in testable helpers.
  • Keep credentials opaque: the token is compared in memory and is never logged or newly persisted.
  • Preserve the existing serialized desktop cloud sync queue and missing-auth no-op behavior.

Regression proof

  • Added a delayed-promise test that starts organization A, switches to B before A resolves, and proves apply is never called.
  • Added the positive counterpart proving an unchanged identity still applies normally.
  • Added coverage for base URL, token, organization, and missing-auth identity changes.
  • Added an approved voiceover and an internal fraimz flow for the ordering contract.

Validation

  • pnpm --filter @openwork/app test:desktop-cloud-sync — 11 passed, 0 failed
  • pnpm --filter @openwork/app typecheck — passed
  • pnpm --filter @openwork/app build — passed (existing bundle-size and module-directive warnings only)
  • pnpm fraimz --flow den-cloud-sync-identity — Passed, 4 proof frames plus voiceover coverage

Evidence limitations

The fraimz run is an internal, test-backed ordering proof. It does not claim to be a live UI recording or a real multi-organization Den session. No production Den credentials or tenant data were used.

Human review still required

This draft is intentionally not ready to merge until a human reviewer confirms:

  • comparing the full opaque token in memory is the desired session-identity boundary;
  • discarding a stale response, rather than automatically scheduling another sync here, composes correctly with the existing event/interval triggers;
  • the narrow check immediately before workspace apply is sufficient for the intended session-switch semantics;
  • a manual desktop pass with two real test organizations shows no temporary cross-organization provider/plugin/config state;
  • the branch is still appropriate against the latest dev head when reviewed.

Scope and mergeability

This is an independent fix based on dev. It has no ordering dependency on the other remote-workspace or Den-state reliability drafts and should be reviewed and merged on its own merits.

@vercel

vercel Bot commented Jul 12, 2026

Copy link
Copy Markdown
Contributor

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
openwork-landing Ready Ready Preview, Comment, Open in v0 Jul 12, 2026 4:42pm

@vercel

vercel Bot commented Jul 12, 2026

Copy link
Copy Markdown
Contributor

@reachjalil is attempting to deploy a commit to the Different AI Team on Vercel.

A member of the Team first needs to authorize it.

@reachjalil

Copy link
Copy Markdown
Collaborator Author

Review map: independent state and sync reliability drafts

These drafts address separate ownership/order boundaries and are intended to be reviewed independently against dev:

There is no required merge order. Each PR body includes its own validation, evidence limitations, and a Human review still required checklist. Internal fraimz proofs in this set are test-backed ordering evidence, not live UI recordings.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant