@openparachute/hub 0.5.13-rc.45 → 0.5.13-rc.47

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openparachute/hub",
-  "version": "0.5.13-rc.45",
+  "version": "0.5.13-rc.47",
   "description": "parachute — the local hub for the Parachute ecosystem (discovery, ports, lifecycle, soon OAuth).",
   "license": "AGPL-3.0",
   "publishConfig": {

package/src/__tests__/grants.test.ts

@@ -5,7 +5,9 @@ import { join } from "node:path";
 import { registerClient } from "../clients.ts";
 import {
   findGrant,
+  findGrantByClientName,
   isCoveredByGrant,
+  isCoveredByGrantForClientName,
   listGrantsForUser,
   recordGrant,
   revokeGrant,
@@ -162,3 +164,144 @@ describe("grants module (#75)", () => {
     }
   });
 });
+
+describe("findGrantByClientName / isCoveredByGrantForClientName (hub#409)", () => {
+  test("returns the most recent grant across any client_id with the matching name", async () => {
+    // Closes hub#409: CLI MCP clients re-DCR each session, each landing
+    // fresh client_ids. Operator approves once by name; future DCRs of
+    // the same name should auto-trust.
+    const h = await harness();
+    try {
+      // First DCR: client_name="claude-code", scope a+b
+      const reg1 = registerClient(h.db, {
+        redirectUris: ["https://app.example/cb"],
+        clientName: "claude-code",
+      });
+      recordGrant(h.db, h.userId, reg1.client.clientId, ["a", "b"], new Date("2026-04-10T00:00:00Z"));
+      // Second DCR: same client_name="claude-code", fresh client_id, no grant yet
+      const reg2 = registerClient(h.db, {
+        redirectUris: ["https://app.example/cb"],
+        clientName: "claude-code",
+      });
+      // findGrantByClientName should return the prior grant
+      const grant = findGrantByClientName(h.db, h.userId, "claude-code");
+      expect(grant).not.toBeNull();
+      expect(grant?.clientId).toBe(reg1.client.clientId);
+      expect(grant?.scopes).toEqual(["a", "b"]);
+    } finally {
+      h.cleanup();
+    }
+  });
+
+  test("returns null when no client with that name has any grant", async () => {
+    const h = await harness();
+    try {
+      registerClient(h.db, {
+        redirectUris: ["https://app.example/cb"],
+        clientName: "claude-code",
+      });
+      // No grants recorded
+      expect(findGrantByClientName(h.db, h.userId, "claude-code")).toBeNull();
+    } finally {
+      h.cleanup();
+    }
+  });
+
+  test("returns null when client_name is empty string", async () => {
+    const h = await harness();
+    try {
+      expect(findGrantByClientName(h.db, h.userId, "")).toBeNull();
+    } finally {
+      h.cleanup();
+    }
+  });
+
+  test("returns null for a different user (per-user isolation)", async () => {
+    const h = await harness();
+    try {
+      const reg = registerClient(h.db, {
+        redirectUris: ["https://app.example/cb"],
+        clientName: "claude-code",
+      });
+      recordGrant(h.db, h.userId, reg.client.clientId, ["a"]);
+      // Another user — should NOT see the grant. (hub is single-user-by-
+      // default; pass allowMulti for the test.)
+      const other = await createUser(h.db, "other-user", "pw", { allowMulti: true });
+      expect(findGrantByClientName(h.db, other.id, "claude-code")).toBeNull();
+    } finally {
+      h.cleanup();
+    }
+  });
+
+  test("picks the most recent when multiple clients share the name", async () => {
+    const h = await harness();
+    try {
+      const reg1 = registerClient(h.db, {
+        redirectUris: ["https://app.example/cb"],
+        clientName: "claude-code",
+      });
+      const reg2 = registerClient(h.db, {
+        redirectUris: ["https://app.example/cb"],
+        clientName: "claude-code",
+      });
+      const reg3 = registerClient(h.db, {
+        redirectUris: ["https://app.example/cb"],
+        clientName: "claude-code",
+      });
+      recordGrant(h.db, h.userId, reg1.client.clientId, ["a"], new Date("2026-04-01T00:00:00Z"));
+      recordGrant(h.db, h.userId, reg3.client.clientId, ["a", "c"], new Date("2026-04-15T00:00:00Z"));
+      recordGrant(h.db, h.userId, reg2.client.clientId, ["a", "b"], new Date("2026-04-10T00:00:00Z"));
+      const grant = findGrantByClientName(h.db, h.userId, "claude-code");
+      // Most recent = reg3's grant (2026-04-15)
+      expect(grant?.clientId).toBe(reg3.client.clientId);
+      expect(grant?.scopes).toEqual(["a", "c"]);
+    } finally {
+      h.cleanup();
+    }
+  });
+
+  test("isCoveredByGrantForClientName: subset of stored scopes → true", async () => {
+    const h = await harness();
+    try {
+      const reg = registerClient(h.db, {
+        redirectUris: ["https://app.example/cb"],
+        clientName: "claude-code",
+      });
+      recordGrant(h.db, h.userId, reg.client.clientId, ["vault:default:read", "vault:default:write"]);
+      expect(isCoveredByGrantForClientName(h.db, h.userId, "claude-code", ["vault:default:read"])).toBe(true);
+      expect(isCoveredByGrantForClientName(h.db, h.userId, "claude-code", ["vault:default:read", "vault:default:write"])).toBe(true);
+    } finally {
+      h.cleanup();
+    }
+  });
+
+  test("isCoveredByGrantForClientName: superset of stored scopes → false", async () => {
+    const h = await harness();
+    try {
+      const reg = registerClient(h.db, {
+        redirectUris: ["https://app.example/cb"],
+        clientName: "claude-code",
+      });
+      recordGrant(h.db, h.userId, reg.client.clientId, ["vault:default:read"]);
+      // Asking for write — not previously granted
+      expect(isCoveredByGrantForClientName(h.db, h.userId, "claude-code", ["vault:default:write"])).toBe(false);
+      expect(isCoveredByGrantForClientName(h.db, h.userId, "claude-code", ["vault:default:read", "vault:default:write"])).toBe(false);
+    } finally {
+      h.cleanup();
+    }
+  });
+
+  test("isCoveredByGrantForClientName: empty scopes → false (matches isCoveredByGrant contract)", async () => {
+    const h = await harness();
+    try {
+      const reg = registerClient(h.db, {
+        redirectUris: ["https://app.example/cb"],
+        clientName: "claude-code",
+      });
+      recordGrant(h.db, h.userId, reg.client.clientId, ["a"]);
+      expect(isCoveredByGrantForClientName(h.db, h.userId, "claude-code", [])).toBe(false);
+    } finally {
+      h.cleanup();
+    }
+  });
+});

package/src/__tests__/oauth-handlers.test.ts

@@ -13,6 +13,7 @@ import {
   setSetting,
 } from "../hub-settings.ts";
 import { findTokenRowByJti, validateAccessToken } from "../jwt-sign.ts";
+import { findGrant, recordGrant } from "../grants.ts";
 import {
   authorizationServerMetadata,
   buildServicesCatalog,
@@ -6392,3 +6393,198 @@ describe("handleAuthorizeGet — stale assignment gates both fast-paths (hub#284
     }
   });
 });
+
+describe("handleAuthorizeGet — trust-by-client_name auto-approve (hub#409)", () => {
+  test("happy path: session + same-origin + prior grant for client_name → 302 to redirect_uri with code", async () => {
+    // The exact scenario hub#409 closes: operator approved "claude-code"
+    // last session; this session, Claude re-DCRs a fresh client_id with
+    // the same client_name; operator should NOT see the approve-pending
+    // screen — the flow goes straight to the authorize-code redirect.
+    const { db, cleanup } = await makeDb();
+    try {
+      const user = await createUser(db, "owner", "pw");
+      const session = createSession(db, { userId: user.id });
+      // 1. Prior client + grant (the "previously approved" state)
+      const prior = registerClient(db, {
+        redirectUris: ["https://app.example/cb"],
+        status: "approved",
+        clientName: "claude-code",
+      });
+      recordGrant(db, user.id, prior.client.clientId, ["vault:default:read"]);
+      // 2. Fresh DCR — same client_name, fresh client_id, status=pending
+      const fresh = registerClient(db, {
+        redirectUris: ["https://app.example/cb"],
+        status: "pending",
+        clientName: "claude-code",
+      });
+      const { challenge } = makePkce();
+      const req = new Request(
+        authorizeUrl({
+          client_id: fresh.client.clientId,
+          redirect_uri: "https://app.example/cb",
+          response_type: "code",
+          code_challenge: challenge,
+          code_challenge_method: "S256",
+          scope: "vault:default:read",
+          state: "trust-by-name",
+        }),
+        {
+          headers: {
+            cookie: `${CSRF_COOKIE}; ${buildSessionCookie(session.id, Math.floor(SESSION_TTL_MS / 1000))}`,
+            origin: ISSUER,
+          },
+        },
+      );
+      const res = handleAuthorizeGet(db, req, {
+        issuer: ISSUER,
+        loadServicesManifest: fixtureLoadServicesManifest,
+      });
+      // 302 to redirect_uri with code — NOT a 403 with approve-pending HTML.
+      expect(res.status).toBe(302);
+      const loc = new URL(res.headers.get("location") ?? "");
+      expect(loc.origin + loc.pathname).toBe("https://app.example/cb");
+      expect(loc.searchParams.get("code")?.length).toBeGreaterThan(20);
+      expect(loc.searchParams.get("state")).toBe("trust-by-name");
+      // The fresh client_id is now approved
+      const after = getClient(db, fresh.client.clientId);
+      expect(after?.status).toBe("approved");
+      // A grant was recorded for the new client_id
+      expect(findGrant(db, user.id, fresh.client.clientId)).not.toBeNull();
+    } finally {
+      cleanup();
+    }
+  });
+
+  test("falls through to approve-pending when requested scope is NOT covered by prior grant (superset)", async () => {
+    const { db, cleanup } = await makeDb();
+    try {
+      const user = await createUser(db, "owner", "pw");
+      const session = createSession(db, { userId: user.id });
+      const prior = registerClient(db, {
+        redirectUris: ["https://app.example/cb"],
+        status: "approved",
+        clientName: "claude-code",
+      });
+      // Prior grant covers READ only
+      recordGrant(db, user.id, prior.client.clientId, ["vault:default:read"]);
+      const fresh = registerClient(db, {
+        redirectUris: ["https://app.example/cb"],
+        status: "pending",
+        clientName: "claude-code",
+      });
+      const { challenge } = makePkce();
+      // Asking for WRITE — not in prior grant
+      const req = new Request(
+        authorizeUrl({
+          client_id: fresh.client.clientId,
+          redirect_uri: "https://app.example/cb",
+          response_type: "code",
+          code_challenge: challenge,
+          code_challenge_method: "S256",
+          scope: "vault:default:write",
+        }),
+        {
+          headers: {
+            cookie: `${CSRF_COOKIE}; ${buildSessionCookie(session.id, Math.floor(SESSION_TTL_MS / 1000))}`,
+            origin: ISSUER,
+          },
+        },
+      );
+      const res = handleAuthorizeGet(db, req, {
+        issuer: ISSUER,
+        loadServicesManifest: fixtureLoadServicesManifest,
+      });
+      // Approve-pending render — 403 — because the new scope wasn't trusted
+      expect(res.status).toBe(403);
+      expect(await res.text()).toContain("App not yet approved");
+      // The fresh client_id stays pending
+      expect(getClient(db, fresh.client.clientId)?.status).toBe("pending");
+    } finally {
+      cleanup();
+    }
+  });
+
+  test("falls through when no session (unauthenticated client re-DCR can't ride a session's trust)", async () => {
+    const { db, cleanup } = await makeDb();
+    try {
+      const user = await createUser(db, "owner", "pw");
+      const prior = registerClient(db, {
+        redirectUris: ["https://app.example/cb"],
+        status: "approved",
+        clientName: "claude-code",
+      });
+      recordGrant(db, user.id, prior.client.clientId, ["vault:default:read"]);
+      const fresh = registerClient(db, {
+        redirectUris: ["https://app.example/cb"],
+        status: "pending",
+        clientName: "claude-code",
+      });
+      const { challenge } = makePkce();
+      // No session cookie
+      const req = new Request(
+        authorizeUrl({
+          client_id: fresh.client.clientId,
+          redirect_uri: "https://app.example/cb",
+          response_type: "code",
+          code_challenge: challenge,
+          code_challenge_method: "S256",
+          scope: "vault:default:read",
+        }),
+        { headers: { origin: ISSUER } },
+      );
+      const res = handleAuthorizeGet(db, req, {
+        issuer: ISSUER,
+        loadServicesManifest: fixtureLoadServicesManifest,
+      });
+      expect(res.status).toBe(403);
+      expect(await res.text()).toContain("App not yet approved");
+      expect(getClient(db, fresh.client.clientId)?.status).toBe("pending");
+    } finally {
+      cleanup();
+    }
+  });
+
+  test("falls through when client_name is missing/empty (can't match a prior grant)", async () => {
+    const { db, cleanup } = await makeDb();
+    try {
+      const user = await createUser(db, "owner", "pw");
+      const session = createSession(db, { userId: user.id });
+      const prior = registerClient(db, {
+        redirectUris: ["https://app.example/cb"],
+        status: "approved",
+        clientName: "claude-code",
+      });
+      recordGrant(db, user.id, prior.client.clientId, ["vault:default:read"]);
+      // Fresh DCR omits client_name
+      const fresh = registerClient(db, {
+        redirectUris: ["https://app.example/cb"],
+        status: "pending",
+      });
+      const { challenge } = makePkce();
+      const req = new Request(
+        authorizeUrl({
+          client_id: fresh.client.clientId,
+          redirect_uri: "https://app.example/cb",
+          response_type: "code",
+          code_challenge: challenge,
+          code_challenge_method: "S256",
+          scope: "vault:default:read",
+        }),
+        {
+          headers: {
+            cookie: `${CSRF_COOKIE}; ${buildSessionCookie(session.id, Math.floor(SESSION_TTL_MS / 1000))}`,
+            origin: ISSUER,
+          },
+        },
+      );
+      const res = handleAuthorizeGet(db, req, {
+        issuer: ISSUER,
+        loadServicesManifest: fixtureLoadServicesManifest,
+      });
+      expect(res.status).toBe(403);
+      expect(getClient(db, fresh.client.clientId)?.status).toBe("pending");
+    } finally {
+      cleanup();
+    }
+  });
+});

package/src/__tests__/services-manifest.test.ts

@@ -8,6 +8,7 @@ import {
   type UiSubUnit,
   findService,
   readManifest,
+  readManifestLenient,
   removeService,
   upsertService,
   writeManifest,
@@ -1395,3 +1396,95 @@ describe("retired-module row de-dupe (hub#334)", () => {
     }
   });
 });
+
+describe("readManifestLenient — skips bad entries instead of throwing (hub#406)", () => {
+  test("returns the healthy entries when one row has port=0 (the rc.4 app bug)", () => {
+    // Reproduces what hub saw 2026-05-26: a fresh deploy installed
+    // @openparachute/app@0.2.0-rc.4 which wrote a row with name="app"
+    // (wrong) + port=0 (wrong). Strict readManifest threw on the bad
+    // entry — every request to every service 500'd, not just app.
+    // Lenient reader skips the bad row + keeps routing healthy ones.
+    const { path, cleanup } = makeTempPath();
+    try {
+      writeFileSync(
+        path,
+        JSON.stringify({
+          services: [
+            { name: "parachute-vault", port: 1940, paths: ["/vault/default"], health: "/vault/default/health", version: "0.4.8-rc.10" },
+            { name: "parachute-app", port: 1946, paths: ["/app"], health: "/app/healthz", version: "0.2.0-rc.13" },
+            { name: "app", port: 0, paths: ["/app"], health: "/app/healthz", version: "0.2.0-rc.4" },
+          ],
+        }),
+      );
+      const warnings: string[] = [];
+      const log = { warn: (m: string) => warnings.push(m) };
+      const m = readManifestLenient(path, log);
+      const names = m.services.map((s) => s.name).sort();
+      expect(names).toEqual(["parachute-app", "parachute-vault"]);
+      expect(warnings.some((w) => w.includes("port") && w.includes("integer"))).toBe(true);
+    } finally {
+      cleanup();
+    }
+  });
+
+  test("returns empty services when the file is malformed JSON, logs the parse error", () => {
+    const { path, cleanup } = makeTempPath();
+    try {
+      writeFileSync(path, "{not valid json");
+      const warnings: string[] = [];
+      const m = readManifestLenient(path, { warn: (msg) => warnings.push(msg) });
+      expect(m.services).toEqual([]);
+      expect(warnings.some((w) => w.includes("failed to parse"))).toBe(true);
+    } finally {
+      cleanup();
+    }
+  });
+
+  test("returns empty services when the file is missing", () => {
+    const { path, cleanup } = makeTempPath();
+    try {
+      // path not yet written
+      const m = readManifestLenient(path, { warn: () => {} });
+      expect(m.services).toEqual([]);
+    } finally {
+      cleanup();
+    }
+  });
+
+  test("drops duplicate-port entries with a warning instead of throwing", () => {
+    const { path, cleanup } = makeTempPath();
+    try {
+      writeFileSync(
+        path,
+        JSON.stringify({
+          services: [
+            { name: "first", port: 1940, paths: ["/x"], health: "/x/health", version: "1.0.0" },
+            { name: "second", port: 1940, paths: ["/y"], health: "/y/health", version: "1.0.0" },
+          ],
+        }),
+      );
+      const warnings: string[] = [];
+      const m = readManifestLenient(path, { warn: (msg) => warnings.push(msg) });
+      expect(m.services).toHaveLength(1);
+      expect(m.services[0]?.name).toBe("first");
+      expect(warnings.some((w) => w.includes("duplicate-port"))).toBe(true);
+    } finally {
+      cleanup();
+    }
+  });
+
+  test("strict readManifest still throws on the same bad entry (contract preserved)", () => {
+    const { path, cleanup } = makeTempPath();
+    try {
+      writeFileSync(
+        path,
+        JSON.stringify({
+          services: [{ name: "app", port: 0, paths: ["/app"], health: "/app/healthz", version: "0.2.0-rc.4" }],
+        }),
+      );
+      expect(() => readManifest(path)).toThrow(ServicesManifestError);
+    } finally {
+      cleanup();
+    }
+  });
+});

package/src/__tests__/setup-wizard.test.ts

@@ -30,6 +30,7 @@ import { writeManifest } from "../services-manifest.ts";
 import { SESSION_COOKIE_NAME } from "../sessions.ts";
 import {
   deriveWizardState,
+  detectAutoExposeMode,
   handleSetupAccountPost,
   handleSetupExposePost,
   handleSetupGet,
@@ -172,6 +173,62 @@ describe("deriveWizardState", () => {
     }
   });
 
+  test("auto-skips expose step when RENDER_EXTERNAL_URL is set (hub#406 follow-up)", async () => {
+    // Aaron's UX concern: on Render the "How will this hub be reached?"
+    // step asks the operator to pick between localhost / tailnet /
+    // public-with-custom-domain — none of which describe the actual
+    // setup. The platform owns the public URL via RENDER_EXTERNAL_URL.
+    // deriveWizardState now auto-seeds `setup_expose_mode = "public"`
+    // when that env var is present, so the wizard skips straight to
+    // the done screen instead of surfacing an irrelevant choice.
+    const db = openHubDb(hubDbPath(h.dir));
+    try {
+      await createUser(db, "owner", "pw");
+      writeManifest(
+        {
+          services: [
+            {
+              name: "parachute-vault",
+              version: "0.1.0",
+              port: 1940,
+              paths: ["/vault/default"],
+              health: "/health",
+            },
+          ],
+        },
+        h.manifestPath,
+      );
+      // Simulate Render env. detectAutoExposeMode reads RENDER_EXTERNAL_URL.
+      const renderEnv = { RENDER_EXTERNAL_URL: "https://parachute-hub.onrender.com" };
+      const s = deriveWizardState({ db, manifestPath: h.manifestPath, env: renderEnv });
+      expect(s.step).toBe("done");
+      expect(s.hasExposeMode).toBe(true);
+    } finally {
+      db.close();
+    }
+  });
+
+  test("does NOT auto-skip expose when RENDER_EXTERNAL_URL is unset (local install path)", async () => {
+    const db = openHubDb(hubDbPath(h.dir));
+    try {
+      await createUser(db, "owner", "pw");
+      writeManifest(
+        {
+          services: [
+            { name: "parachute-vault", version: "0.1.0", port: 1940, paths: ["/vault/default"], health: "/health" },
+          ],
+        },
+        h.manifestPath,
+      );
+      const s = deriveWizardState({ db, manifestPath: h.manifestPath, env: {} });
+      // Local install path — the operator still gets to choose
+      expect(s.step).toBe("expose");
+      expect(s.hasExposeMode).toBe(false);
+    } finally {
+      db.close();
+    }
+  });
+
   test("done step once admin + vault + expose mode all exist", async () => {
     const db = openHubDb(hubDbPath(h.dir));
     try {
@@ -2944,3 +3001,31 @@ describe("done screen — 'Start using your vault' tile (hub#342)", () => {
     }
   });
 });
+
+describe("detectAutoExposeMode — Render env detection edge cases (hub#407 nit)", () => {
+  test("returns 'public' for a real https Render URL", () => {
+    expect(detectAutoExposeMode({ RENDER_EXTERNAL_URL: "https://parachute-hub.onrender.com" })).toBe("public");
+  });
+
+  test("returns 'public' for an http:// URL (defensive — if Render ever emits one)", () => {
+    expect(detectAutoExposeMode({ RENDER_EXTERNAL_URL: "http://local.test:1939" })).toBe("public");
+  });
+
+  test("returns undefined when RENDER_EXTERNAL_URL is absent", () => {
+    expect(detectAutoExposeMode({})).toBeUndefined();
+  });
+
+  test("returns undefined when RENDER_EXTERNAL_URL is empty", () => {
+    expect(detectAutoExposeMode({ RENDER_EXTERNAL_URL: "" })).toBeUndefined();
+  });
+
+  test("returns undefined for a non-http scheme (httpx://, ftp://, etc.)", () => {
+    expect(detectAutoExposeMode({ RENDER_EXTERNAL_URL: "httpx://foo.example" })).toBeUndefined();
+    expect(detectAutoExposeMode({ RENDER_EXTERNAL_URL: "ftp://foo.example" })).toBeUndefined();
+    expect(detectAutoExposeMode({ RENDER_EXTERNAL_URL: "javascript:alert(1)" })).toBeUndefined();
+  });
+
+  test("returns undefined when value is non-string (defensive)", () => {
+    expect(detectAutoExposeMode({ RENDER_EXTERNAL_URL: undefined })).toBeUndefined();
+  });
+});

package/src/grants.ts

@@ -117,6 +117,77 @@ export function isCoveredByGrant(
   return true;
 }
 
+/**
+ * Find the most-recent grant for a user across any client matching the
+ * given client_name. Used to support "trust an app by name" — once a
+ * user approves a `client_name` like `"claude-code"`, future DCRs with
+ * the same name auto-trust without re-asking. Returns null when no
+ * grant exists for any client of this name.
+ *
+ * Why: CLI MCP clients (Claude Code et al.) re-DCR on every `mcp add`
+ * (or every session), each landing a fresh `client_id`. Strict
+ * (user, client_id) grants force re-approval every time even though
+ * the operator has approved the same app many times before. Matching
+ * by client_name reflects the operator's actual mental model — "I
+ * approved Claude" — not the protocol's mental model — "I approved
+ * this specific client_id."
+ *
+ * Tradeoff: an attacker who can register a client with a known-trusted
+ * name (e.g. `"claude-code"`) gets auto-trust on first authorize. The
+ * defenses we kept:
+ *   1. Admin-scope flows still show consent (handled by the caller,
+ *      not this helper).
+ *   2. The audit log records each auto-trust event with both client_ids
+ *      (the original trusted one + the freshly auto-trusted one).
+ *   3. The Permissions admin SPA shows trusted client_names so the
+ *      operator can revoke trust by name.
+ *
+ * Closes hub#409 (Aaron 2026-05-26: "asking for approval every time…
+ * once we've approved something like Claude once it should not need
+ * admin approval every other time").
+ */
+export function findGrantByClientName(
+  db: Database,
+  userId: string,
+  clientName: string,
+): Grant | null {
+  if (!clientName) return null;
+  const row = db
+    .prepare(
+      `SELECT g.user_id, g.client_id, g.scopes, g.granted_at
+       FROM grants g
+       JOIN clients c ON g.client_id = c.client_id
+       WHERE g.user_id = ? AND c.client_name = ?
+       ORDER BY g.granted_at DESC
+       LIMIT 1`,
+    )
+    .get(userId, clientName) as GrantRow | undefined;
+  return row ? rowToGrant(row) : null;
+}
+
+/**
+ * Test whether `requestedScopes` is covered by ANY grant for the given
+ * client_name + user. The client_name-keyed counterpart to
+ * `isCoveredByGrant`. Used by /oauth/authorize to skip BOTH the
+ * approve-pending screen + the consent screen when the operator has
+ * previously approved a same-named client with sufficient scopes.
+ */
+export function isCoveredByGrantForClientName(
+  db: Database,
+  userId: string,
+  clientName: string,
+  requestedScopes: readonly string[],
+): boolean {
+  if (requestedScopes.length === 0) return false;
+  const grant = findGrantByClientName(db, userId, clientName);
+  if (!grant) return false;
+  const granted = new Set(grant.scopes);
+  for (const s of requestedScopes) {
+    if (!granted.has(s)) return false;
+  }
+  return true;
+}
+
 /** All grants for a user, ordered most-recent first. Used by `parachute auth list-grants`. */
 export function listGrantsForUser(db: Database, userId: string): Grant[] {
   const rows = db

package/src/hub-server.ts

@@ -177,7 +177,7 @@ import {
   effectivePublicExposure,
   shortNameForManifest,
 } from "./service-spec.ts";
-import { type ServiceEntry, readManifest } from "./services-manifest.ts";
+import { type ServiceEntry, readManifest, readManifestLenient } from "./services-manifest.ts";
 import { findActiveSession } from "./sessions.ts";
 import {
   type SetupWizardDeps,
@@ -582,16 +582,19 @@ export function findServiceUpstream(
  * Returns `undefined` when no service claims the pathname; caller 404s.
  */
 async function proxyToService(req: Request, manifestPath: string): Promise<Response | undefined> {
-  let services: readonly ServiceEntry[];
-  try {
-    services = readManifest(manifestPath).services;
-  } catch (err) {
-    const msg = err instanceof Error ? err.message : String(err);
-    return new Response(JSON.stringify({ error: `service routing failed: ${msg}` }), {
-      status: 500,
-      headers: { "content-type": "application/json" },
-    });
-  }
+  // Lenient read on the hot-path — a single malformed services.json
+  // entry (e.g. a module installed at a buggy version that wrote
+  // `port: 0`) used to cascade into 500s for every route on this hub
+  // because the strict throw bailed BEFORE we could dispatch to the
+  // healthy entries. `readManifestLenient` skips + logs bad rows so
+  // unrelated services keep working. The strict `readManifest` is
+  // still used by write paths + admin surfaces that want errors
+  // surfaced immediately. See hub#406.
+  //
+  // The default `log` is `console`, which under Render's container
+  // routing surfaces in the Logs panel — operators see the warning
+  // about the skipped entry.
+  const services = readManifestLenient(manifestPath).services;
   const url = new URL(req.url);
   const match = findServiceUpstream(services, url.pathname);
   if (!match) return undefined;

package/src/oauth-handlers.ts

@@ -44,7 +44,7 @@ import {
   verifyClientSecret,
 } from "./clients.ts";
 import { CSRF_FIELD_NAME, ensureCsrfToken, verifyCsrfToken } from "./csrf.ts";
-import { isCoveredByGrant, recordGrant } from "./grants.ts";
+import { isCoveredByGrant, isCoveredByGrantForClientName, recordGrant } from "./grants.ts";
 import { consumeFirstClientAutoApproveWindow } from "./hub-settings.ts";
 import { VAULT_VERBS, inferAudience } from "./jwt-audience.ts";
 import {
@@ -506,6 +506,73 @@ function pendingClientResponse(
   const requestedVault = vaultParam && vaultParam.length > 0 ? vaultParam : undefined;
   const session = findActiveSession(db, req, deps.now ?? (() => new Date()));
   const sameOrigin = isSameOriginRequest(req, resolveBoundOrigins(deps));
+
+  // Trust-by-client_name auto-approve (closes hub#409). When the requesting
+  // user has previously approved a client with the SAME client_name AND the
+  // current request's scopes are covered by that prior grant, auto-promote
+  // this pending client to approved + carry on as if status had been
+  // approved from the start.
+  //
+  // Motivation: CLI MCP clients (Claude Code et al.) re-DCR each session,
+  // each landing a fresh client_id. Strict (user, client_id) approval forces
+  // the operator to click Approve every single time even though they
+  // already approved the same client by name on every prior session. Aaron
+  // 2026-05-26: "once we've approved something like claude once it should
+  // not need admin approval every other time."
+  //
+  // Constraints (security guardrails kept):
+  //   1. Requires an active operator session — anonymous DCR can't ride
+  //      another operator's prior trust.
+  //   2. Requires same-origin — defends against an attacker registering a
+  //      malicious "claude-code" client on a different hub and tricking
+  //      the operator into authorizing it.
+  //   3. Requires a non-empty client_name — DCR allows omitting it, in
+  //      which case the prior-grant lookup has nothing to match against.
+  //   4. Requires scope coverage — a strict superset (the new request asks
+  //      for scopes the prior grant didn't cover) falls through to the
+  //      approve-pending screen so the operator explicitly approves the
+  //      addition.
+  //   5. Non-admin scopes only — `*:admin` scopes (hub:admin, vault:*:admin
+  //      if it ever becomes requestable) require explicit per-session
+  //      consent. This guard mirrors the same-hub-auto-trust gate's
+  //      treatment of admin scopes (handleAuthorizeGet ~line 854).
+  //      NOTE: `scopeIsAdmin` has a documented blind spot for
+  //      module-declared admin scopes (e.g. a hypothetical `runner:admin`
+  //      registered via a module manifest's scopes.defines). See
+  //      `src/scope-explanations.ts:191`. A future module that makes a
+  //      module-admin scope requestable via public DCR would silently
+  //      bypass this guard. Worth a tighter scope-classification helper
+  //      when that becomes a real risk.
+  if (
+    session &&
+    sameOrigin &&
+    client.clientName &&
+    requestedScopes.length > 0 &&
+    !requestedScopes.some(scopeIsAdmin) &&
+    isCoveredByGrantForClientName(db, session.userId, client.clientName, requestedScopes)
+  ) {
+    console.log(
+      `[oauth] auto-approved pending client by prior client_name trust client_id=${client.clientId} client_name=${JSON.stringify(client.clientName)} user_id=${session.userId} scopes=${requestedScopes.join(" ")} (hub#409)`,
+    );
+    approveClient(db, client.clientId);
+    // Re-record the grant for this fresh client_id so the standard
+    // (user, client_id) consent-skip path also fires on the IMMEDIATE
+    // continuation below — without this, the very next /oauth/authorize
+    // dispatch would re-enter the "is grant covered?" check against the
+    // new client_id, find nothing (we matched by name, not id), and
+    // render the consent screen anyway.
+    recordGrant(db, session.userId, client.clientId, requestedScopes, deps.now?.() ?? new Date());
+    // Fall through to the standard approved-client flow: re-fetch the
+    // refreshed row + let handleAuthorizeGet continue past the
+    // status-check + into the consent-skip / same-hub auto-trust path.
+    const refreshed = getClient(db, client.clientId);
+    if (refreshed && refreshed.status === "approved") {
+      return handleAuthorizeGet(db, req, deps);
+    }
+    // If for some reason the refresh failed, fall through to render the
+    // approve-pending page (defensive — should never happen given the
+    // approveClient call just above).
+  }
   const csrf = ensureCsrfToken(req);
   const extra: Record<string, string> = csrf.setCookie ? { "set-cookie": csrf.setCookie } : {};
   // Hub-relative URL of the original `/oauth/authorize?...` request. Used in

package/src/services-manifest.ts

@@ -405,6 +405,88 @@ function validateManifest(raw: unknown, where: string): ServicesManifest {
   return { services: entries };
 }
 
+/**
+ * Lenient counterpart to `readManifest` — used by hub's hot-path service
+ * routing (`proxyToService`). The strict `readManifest` throws when ANY
+ * entry fails validation; an entire bad row (e.g. an installed module
+ * that wrote `port: 0` to its services.json row before the module's
+ * own selfRegister gained validation) takes down ALL routing because
+ * the routing call site catches the throw and returns 500.
+ *
+ * This lenient reader:
+ *   - parses the file the same way (JSON parse + cleanup passes)
+ *   - validates each entry independently
+ *   - skips entries that fail validation, logging a warning per skip
+ *   - returns the validated remainder
+ *
+ * The trade-off: strict callers (admin SPA write paths, init flows,
+ * tests) keep the throw — they want bugs surfaced immediately. The
+ * routing path uses this so a single bad row doesn't cascade into
+ * "the whole hub appears broken to users." Operators see the rest
+ * of their services keep working + a warning in the logs pointing at
+ * the offending entry.
+ *
+ * Caught 2026-05-26 (hub#406) when @openparachute/app@0.2.0-rc.4 wrote
+ * a row with `name: "app"` (instead of `parachute-app`) + `port: 0`
+ * (instead of bound port). Hub's routing throw on services.json read
+ * meant every request to every service 500'd — not just app — because
+ * one row's bad shape took out the whole manifest read.
+ *
+ * One behavioral difference from strict `readManifest`: this function
+ * does NOT write cleanup mutations back to disk. The bad row persists
+ * on disk until a write-path call (upsertService, etc.) exercises the
+ * strict path. That's intentional — a hot-path read should not mutate
+ * state — but worth knowing: a fix upstream (e.g. app@rc.13 overwriting
+ * the bad row on its next selfRegister) is what finally clears it.
+ */
+export function readManifestLenient(
+  path: string = SERVICES_MANIFEST_PATH,
+  log: { warn?: (msg: string) => void } = console,
+): ServicesManifest {
+  if (!existsSync(path)) return { services: [] };
+  let raw: unknown;
+  try {
+    raw = JSON.parse(readFileSync(path, "utf8"));
+  } catch (err) {
+    log.warn?.(
+      `[services-manifest] failed to parse ${path}: ${err instanceof Error ? err.message : String(err)} — treating as empty`,
+    );
+    return { services: [] };
+  }
+  const afterRetired = dropRetiredModuleRows(raw, path);
+  const cleaned = dropLegacyShortNameRows(afterRetired.raw, path);
+  // `typeof null === "object"` in JS, so the `!cleaned.raw` part of this
+  // guard is load-bearing for the null case — not a typo or redundancy.
+  if (!cleaned.raw || typeof cleaned.raw !== "object") return { services: [] };
+  const services = (cleaned.raw as Record<string, unknown>).services;
+  if (!Array.isArray(services)) return { services: [] };
+  const valid: ServiceEntry[] = [];
+  for (let i = 0; i < services.length; i++) {
+    try {
+      valid.push(validateEntry(services[i], `${path} services[${i}]`));
+    } catch (err) {
+      log.warn?.(
+        `[services-manifest] skipping bad entry: ${err instanceof Error ? err.message : String(err)}`,
+      );
+    }
+  }
+  // Best-effort duplicate-port detection — log + drop the duplicate
+  // rather than throw.
+  const seenPorts = new Set<number>();
+  const dedup: ServiceEntry[] = [];
+  for (const e of valid) {
+    if (seenPorts.has(e.port)) {
+      log.warn?.(
+        `[services-manifest] dropping duplicate-port entry: name=${JSON.stringify(e.name)} port=${e.port}`,
+      );
+      continue;
+    }
+    seenPorts.add(e.port);
+    dedup.push(e);
+  }
+  return { services: dedup };
+}
+
 export function readManifest(path: string = SERVICES_MANIFEST_PATH): ServicesManifest {
   if (!existsSync(path)) return { services: [] };
   let raw: unknown;

package/src/setup-wizard.ts

@@ -141,12 +141,21 @@ export const FIRST_VAULT_SHORT: CuratedModuleShort = "vault";
 
 /**
  * Read DB + services.json to decide which step the wizard should render.
- * Pure, idempotent — re-running the wizard after partial setup picks up
- * where it left off.
+ * Idempotent — re-running after partial setup picks up where it left
+ * off. Mostly read-only, with one specific write: on Render (or any
+ * platform `detectAutoExposeMode` recognizes), the first call auto-
+ * seeds `setup_expose_mode = "public"` so the wizard skips the expose
+ * step. Subsequent calls find the setting present and are read-only.
  */
 export function deriveWizardState(deps: {
   db: Database;
   manifestPath: string;
+  /**
+   * Optional env-override. When undefined, falls through to `process.env`.
+   * Used by tests + by handleSetupGet which threads through the full
+   * SetupWizardDeps.env.
+   */
+  env?: Record<string, string | undefined>;
 }): DerivedWizardState {
   const hasAdmin = userCount(deps.db) > 0;
   // The wizard's first-vault provisioning uses the curated `vault` short,
@@ -156,7 +165,19 @@ export function deriveWizardState(deps: {
   const hasVault = vaultEntry !== undefined;
   // Expose-mode is the operator's "how will this hub be reached?" answer
   // (hub#268 Item 2). Stored as a hub_setting; the wizard's expose step
-  // sets it; absence means we should still ask.
+  // sets it; absence means we should still ask. EXCEPT — if we're
+  // running on a platform where the answer is pre-determined (e.g.
+  // Render exposes the service at $RENDER_EXTERNAL_URL automatically),
+  // auto-seed `setup_expose_mode = "public"` so the wizard skips the
+  // expose step entirely. The operator landed here through a deploy
+  // path that already answered the question; asking again wastes a
+  // click and surfaces irrelevant options (localhost, tailnet).
+  if (
+    getSetting(deps.db, "setup_expose_mode") === undefined &&
+    detectAutoExposeMode(deps.env ?? process.env) === "public"
+  ) {
+    setSetting(deps.db, "setup_expose_mode", "public");
+  }
   const hasExposeMode = getSetting(deps.db, "setup_expose_mode") !== undefined;
   let step: WizardStep;
   // Note: `"account"` is a visual-only step in the progress header —
@@ -200,6 +221,43 @@ export interface SetupWizardDeps {
   registry?: OperationsRegistry;
   /** Test seam: stub `bun add` / `bun remove` runner. */
   run?: (cmd: readonly string[]) => Promise<number>;
+  /**
+   * Test seam: override the process env that `detectAutoExposeMode`
+   * consults. Production omits this and the helper reads `process.env`
+   * directly. Setting in tests lets the auto-skip branch be exercised
+   * without mutating the real process env.
+   */
+  env?: Record<string, string | undefined>;
+}
+
+/**
+ * Returns `"public"` when the runtime env indicates the hub is deployed
+ * on a platform where the "how will this hub be reached?" answer is
+ * pre-determined by the platform. Today: Render (sets RENDER_EXTERNAL_URL
+ * for any web service). Returns `undefined` otherwise — the wizard's
+ * expose step asks the operator.
+ *
+ * Why this matters: on Render, none of the three radio options
+ * (localhost, tailnet, public-with-custom-domain) match the actual
+ * setup. The hub is reached at `*.onrender.com` automatically. Asking
+ * the operator wastes a click and surfaces three options that don't
+ * speak to their situation. Auto-pinning `public` skips the step.
+ *
+ * Add more platforms here when we encounter them — e.g. Fly.io
+ * (FLY_APP_NAME), Railway (RAILWAY_ENVIRONMENT), etc. Each only auto-
+ * detects when the platform clearly owns the public URL.
+ */
+export function detectAutoExposeMode(env: Record<string, string | undefined>): "public" | undefined {
+  // Render always sets `RENDER_EXTERNAL_URL` to a real `https://` URL on
+  // any web service. `startsWith("https://")` is the precise shape; we
+  // also accept `http://` as a defensive fallback in case Render ever
+  // changes the scheme on some plan tier. Anything else (empty, weird,
+  // not a URL) → don't auto-skip; let the operator choose.
+  const url = env.RENDER_EXTERNAL_URL;
+  if (typeof url === "string" && (url.startsWith("https://") || url.startsWith("http://"))) {
+    return "public";
+  }
+  return undefined;
 }
 
 // --- rendering -----------------------------------------------------------