Fix Foundry auth: migrate to Better Auth adapter, fix access token retrieval

- Remove @ts-nocheck from better-auth.ts, auth-user/index.ts, app-shell.ts and fix all type errors - Fix getAccessTokenForSession: read GitHub token directly from account record instead of calling Better Auth's internal /get-access-token endpoint which returns 403 on server-side calls - Re-implement workspaceAuth helper functions (workspaceAuthColumn, normalizeAuthValue, workspaceAuthClause, workspaceAuthWhere) that were accidentally deleted - Remove all retry logic (withRetries, isRetryableAppActorError) - Implement CORS origin allowlist from configured environment - Document cachedAppWorkspace singleton pattern - Add inline org sync fallback in buildAppSnapshot for post-OAuth flow - Add no-retry rule to CLAUDE.md Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-20 05:04:49 +00:00 · 2026-03-13 14:27:56 -07:00 · 2026-03-13 14:27:56 -07:00 · 99c5b3eb5d
commit 99c5b3eb5d
parent ae191d1ae1
33 changed files with 3224 additions and 1104 deletions
--- a/52
+++ b/52
@ -127,75 +127,35 @@ foundry-check:
 foundry-dev:
 	pnpm install
 	mkdir -p foundry/.foundry/logs
-	HF_DOCKER_UID="$(id -u)" HF_DOCKER_GID="$(id -g)" docker compose -f foundry/compose.dev.yaml up --build --force-recreate -d
+	HF_DOCKER_UID="$(id -u)" HF_DOCKER_GID="$(id -g)" docker compose --env-file .env -f foundry/compose.dev.yaml up --build --force-recreate -d

 [group('foundry')]
 foundry-preview:
 	pnpm install
 	mkdir -p foundry/.foundry/logs
-	HF_DOCKER_UID="$(id -u)" HF_DOCKER_GID="$(id -g)" docker compose -f foundry/compose.preview.yaml up --build --force-recreate -d
-
-[group('foundry')]
-foundry-frontend-dev host='127.0.0.1' port='4173' backend='http://127.0.0.1:7741/api/rivet':
-	pnpm install
-	VITE_HF_BACKEND_ENDPOINT="{{backend}}" pnpm --filter @sandbox-agent/foundry-frontend dev -- --host {{host}} --port {{port}}
-
-[group('foundry')]
-foundry-dev-mock host='127.0.0.1' port='4173':
-	pnpm install
-	FOUNDRY_FRONTEND_CLIENT_MODE=mock pnpm --filter @sandbox-agent/foundry-frontend dev -- --host {{host}} --port {{port}}
-
-[group('foundry')]
-foundry-dev-turbo:
-	pnpm exec turbo run dev --parallel --filter=@sandbox-agent/foundry-*
+	HF_DOCKER_UID="$(id -u)" HF_DOCKER_GID="$(id -g)" docker compose --env-file .env -f foundry/compose.preview.yaml up --build --force-recreate -d

 [group('foundry')]
 foundry-dev-down:
-	docker compose -f foundry/compose.dev.yaml down
+	docker compose --env-file .env -f foundry/compose.dev.yaml down

 [group('foundry')]
 foundry-dev-logs:
-	docker compose -f foundry/compose.dev.yaml logs -f --tail=200
+	docker compose --env-file .env -f foundry/compose.dev.yaml logs -f --tail=200

 [group('foundry')]
 foundry-preview-down:
-	docker compose -f foundry/compose.preview.yaml down
+	docker compose --env-file .env -f foundry/compose.preview.yaml down

 [group('foundry')]
 foundry-preview-logs:
-	docker compose -f foundry/compose.preview.yaml logs -f --tail=200
+	docker compose --env-file .env -f foundry/compose.preview.yaml logs -f --tail=200

 [group('foundry')]
 foundry-format:
 	prettier --write foundry

-[group('foundry')]
-foundry-backend-start host='127.0.0.1' port='7741':
-	pnpm install
-	pnpm --filter @sandbox-agent/foundry-backend build
-	pnpm --filter @sandbox-agent/foundry-backend start -- --host {{host}} --port {{port}}
-
-[group('foundry')]
-foundry-hf *ARGS:
-	@echo "CLI package is disabled in this repo; use frontend workflows instead." >&2
-	@exit 1
-
 [group('foundry')]
 foundry-docker-build tag='foundry:local':
 	docker build -f foundry/docker/backend.Dockerfile -t {{tag}} .

-[group('foundry')]
-foundry-desktop-dev:
-	pnpm --filter @sandbox-agent/foundry-desktop dev
-
-[group('foundry')]
-foundry-desktop-build:
-	pnpm --filter @sandbox-agent/foundry-desktop build:all
-
-[group('foundry')]
-foundry-railway-up:
-	npx -y @railway/cli up --detach
-
-[group('foundry')]
-foundry-railway-status:
-	npx -y @railway/cli status --json