Skip to content

feat: prefer canonical awaiting-input contract#20

Open
masnwilliams wants to merge 5 commits into
mainfrom
hypeship/canonical-awaiting-input
Open

feat: prefer canonical awaiting-input contract#20
masnwilliams wants to merge 5 commits into
mainfrom
hypeship/canonical-awaiting-input

Conversation

@masnwilliams

Copy link
Copy Markdown
Contributor

Summary

  • Adds protocol types for canonical managed-auth awaiting input: top-level fields and choices.
  • Normalizes canonical state into the existing UI rendering model, preferring canonical values when present.
  • Keeps falling back to legacy discovered_fields, pending_sso_buttons, mfa_options, and sign_in_options so old API responses keep working during the deprecation window.
  • Adds a patch changeset.

Notes

This PR is forward-compatible with the API dual-contract migration. It does not remove legacy support and it still submits through the existing legacy submit helpers until the API accepts canonical submit payloads.

Test plan

  • bun run typecheck
  • bun run build

Made with Cursor

Read top-level fields/choices from managed-auth state events and responses when
present, mapping them into the existing form rendering model. Keep falling back
to legacy discovered_fields/pending_sso_buttons/mfa_options/sign_in_options so
older API responses remain supported during the deprecation window.

Co-authored-by: Cursor <cursoragent@cursor.com>
@vercel

vercel Bot commented Jun 25, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
managed-auth-react-demo Ready Ready Preview, Comment Jul 13, 2026 9:09pm

Comment thread packages/managed-auth-react/src/session/useManagedAuthSession.ts
Comment thread packages/managed-auth-react/src/session/useManagedAuthSession.ts Outdated
When canonical fields/choices are present, submit field_values by canonical field
ID and selected_choice_id by canonical choice ID. Continue supporting legacy
fields, SSO selectors, MFA option IDs, and sign-in option IDs when canonical data
is absent.

Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Comment thread packages/managed-auth-react/src/session/useManagedAuthSession.ts Outdated
() =>
button.id
? submitSelectedChoice(sessionId, jwt, button.id, options)
: submitSSOButton(sessionId, jwt, button.selector, options),

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

MFA ignores canonical choice submit

Medium Severity

MFA options built from canonical mfa_method choices still submit via mfa_option_id, while SSO clicks with button.id use selected_choice_id. If the server expects canonical choice ids on submit, MFA selection can fail even when the UI was rendered from choices.

Additional Locations (1)
Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 30a2d0b. Configure here.

Comment on lines +67 to +73
fields: ev.fields ?? base.fields ?? null,
choices: ev.choices ?? base.choices ?? null,
discovered_fields: ev.discovered_fields ?? base.discovered_fields ?? null,
pending_sso_buttons:
ev.pending_sso_buttons ?? base.pending_sso_buttons ?? null,
mfa_options: ev.mfa_options ?? base.mfa_options ?? null,
sign_in_options: ev.sign_in_options ?? base.sign_in_options ?? null,

@vercel vercel Bot Jun 30, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

mergeStateEvent's ?? base.* fallback on the canonical/legacy input arrays leaks a previous AWAITING_INPUT step's content (e.g. login SSO buttons rendering on the MFA step) because canonical snapshots express "category no longer applies" by omission.

Fix on Vercel

Co-authored-by: Cursor <cursoragent@cursor.com>
State events are complete snapshots: the server omits fields/choices when
the current step has none, so retaining the prior values leaks a previous
step's inputs (e.g. login SSO buttons rendering on the MFA step).

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes using high effort and found 2 potential issues.

There are 3 total unresolved issues (including 1 from previous review).

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit aa4d14b. Configure here.

.map((choice) => ({
type: normalizeMFAChoiceId(choice.id),
label: choice.label,
description: choice.description ?? undefined,

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

MFA canonical mapping drops display text

Medium Severity

mfaOptionsFromCanonical only copies description from each MFA choice, while signInOptionsFromCanonical also falls back to context and display_text. Masked phone numbers or similar MFA hints often live in those fields, so canonical MFA steps can show labels without the extra detail legacy target used to provide.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit aa4d14b. Configure here.

ssoButtonsFromCanonical(state.choices) ?? state.pending_sso_buttons,
mfa_options: mfaOptionsFromCanonical(state.choices) ?? state.mfa_options,
sign_in_options:
signInOptionsFromCanonical(state.choices) ?? state.sign_in_options,

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Legacy fallback ignores canonical presence

Medium Severity

normalizeManagedAuthState treats a failed or empty canonical conversion as “no canonical data” and falls back to legacy discovered_fields, pending_sso_buttons, mfa_options, and sign_in_options. When the response includes a non-null fields or choices key (including [] or choices with only some types), legacy arrays on the same payload can still render, so a step can show inputs the canonical contract meant to omit.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit aa4d14b. Configure here.

@dcruzeneil2 dcruzeneil2 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The final shape is close and the hard parts are right: canonical-first with legacy fallback is the correct migration posture, the client only sends canonical submit payloads after the server has sent canonical data first (so rollout ordering is safe), and the snapshot-replace fix in mergeStateEvent landed on the correct semantics. CI is green.

I checked the types and submit payloads here against the upcoming API behavior and most of it lines up: the field and choice type enums match, field_values keyed by canonical field id round-trips correctly, and SSO submit via selected_choice_id works. Two things don't line up, and one behavioral gap will show up as soon as the API starts emitting canonical data. Requesting changes on the first two, the rest are non-blocking.

Blocking

  1. The submit strategy is split down the middle, and the MFA half loses information. Fields and SSO now submit canonically, but MFA and sign-in selections rendered from canonical choices still go through the legacy helpers. For MFA this is lossy: mfaOptionsFromCanonical squashes choice.id through normalizeMFAChoiceId, and since MFAOption has no id, the original choice id is gone by submit time. Anything unrecognized collapses to "other", so two unfamiliar MFA methods become indistinguishable to the server. This happens to work right now because of how the server currently builds these ids, but that's a coincidence, not a contract. The fix I'd like to see: add an optional id to MFAOption (and SignInOption) and submit selected_choice_id whenever the option came from canonical data, same as submitSSO already does. If we'd rather not do that yet, then revert fields/SSO to legacy submits too so the switch happens as one coherent change. Half-and-half is the one state we shouldn't ship. Also worth noting the PR description still says everything submits through legacy helpers, which stopped being true a few commits ago.

  2. ManagedAuthChoice.display_text and context don't exist in the API contract. The fallback chain in signInOptionsFromCanonical (description ?? context ?? display_text) can never fire, and the type definitions will convince the next reader that the wire carries fields it doesn't. Please drop both, or hold this until they actually exist on the API side if that's the plan.

Should fix

  1. MFA options rendered from canonical lose the masked destination. Legacy MFAOption.target carries hints like ***-***-5678, the canonical choice has no slot for it, and this PR prefers canonical when present. So the moment the API ships canonical data, MFA steps stop showing the masked phone/email even though the legacy arrays in the same payload still have it. This is deterministic, not an edge case. A reasonable client-side fix while the dual contract exists: carry target over from the matching legacy mfa_options entry during normalization.

  2. The legacy fallback should key off whether canonical data is present, not whether the conversion produced anything. Right now a payload with canonical choices containing only SSO buttons plus a stale legacy mfa_options array would render both, mixing content from two different steps. Not reachable with the current server since both views come from the same source, but the fix is one line per category: if choices is non-null, derive every choice-based category from canonical only, and same for fields.

Nits

  1. The snapshot-vs-merge question took three review rounds to settle and the answer now lives only in a comment. mergeStateEvent and the *FromCanonical helpers are pure functions, so a small test file would lock in "absent key means cleared" before someone re-adds the ?? base.fields fallback because it looks like the safe thing to do.

  2. ManagedAuthResponse is exported and now references ManagedAuthField and ManagedAuthChoice, which aren't exported from index.ts, so consumers can see the shape but can't name it. And given the new public type surface and new submit behavior, this feels like a minor rather than a patch.

Happy to take another look as soon as 1 and 2 are in. Everything else here is small.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants