feat: dashboard OAuth management, session pagination & analytics cleanup (salvage #9058)#9171
Merged
feat: dashboard OAuth management, session pagination & analytics cleanup (salvage #9058)#9171
Conversation
Add OAuth provider management to the Hermes dashboard with full
lifecycle support for Anthropic (PKCE), Nous and OpenAI Codex
(device-code) flows.
## Backend (hermes_cli/web_server.py)
- 6 new API endpoints:
GET /api/providers/oauth — list providers with connection status
POST /api/providers/oauth/{id}/start — initiate PKCE or device-code
POST /api/providers/oauth/{id}/submit — exchange PKCE auth code
GET /api/providers/oauth/{id}/poll/{session} — poll device-code
DELETE /api/providers/oauth/{id} — disconnect provider
DELETE /api/providers/oauth/sessions/{id} — cancel pending session
- OAuth constants imported from anthropic_adapter (no duplication)
- Blocking I/O wrapped in run_in_executor for async safety
- In-memory session store with 15-minute TTL and automatic GC
- Auth token required on all mutating endpoints
## Frontend
- OAuthLoginModal — PKCE (paste auth code) and device-code (poll) flows
- OAuthProvidersCard — status, token preview, connect/disconnect actions
- Toast fix: createPortal to document.body for correct z-index
- App.tsx: skip animation key bump on initial mount (prevent double-mount)
- Integrated into the Env/Keys page
- Wrap module-level import from agent.anthropic_adapter in try/except so hermes web still starts if the adapter is unavailable; Phase 2 PKCE endpoints return 501 in that case. - Change authorize URL from console.anthropic.com to claude.ai to match the canonical adapter code.
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Salvage of PR #9058 by @kshitijk4poor — cherry-picked onto current main with two fixes.
What's included
Dashboard — OAuth Provider Management (backend + frontend):
OAuthLoginModal— handles both PKCE and device-code flows in-browserOAuthProvidersCard— connection status, token preview, connect/disconnect actionsDashboard — Session Pagination:
GET /api/sessionsnow acceptslimitandoffsetquery params{sessions, total, limit, offset}envelopeDashboard — Analytics Cleanup:
Frontend Fixes:
Toast.tsx— render viacreatePortalfor correct z-indexApp.tsx— skip animation key bump on initial mount (prevents duplicate API calls)main.tsx— removeStrictModewrapperFixes applied during salvage
Guarded module-level import: The bare
from agent.anthropic_adapter import (...)at module scope would crashhermes webif the adapter was unavailable. Now wrapped in try/except with a flag; Phase 2 PKCE endpoints return 501 when the adapter is missing.Authorize URL: Changed from
console.anthropic.com/oauth/authorizetoclaude.ai/oauth/authorizeto match the canonical adapter code.Test plan
Closes #9058