@xera-ai/skills 0.23.0 → 0.24.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +18 -0
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,23 @@
|
|
|
1
1
|
# @xera-ai/skills
|
|
2
2
|
|
|
3
|
+
## 0.24.0
|
|
4
|
+
|
|
5
|
+
### Patch Changes
|
|
6
|
+
|
|
7
|
+
- [#239](https://github.com/xera-ai/xera/pull/239) [`01bbd81`](https://github.com/xera-ai/xera/commit/01bbd81a95a90a868405ff59a78952721859fdf0) Thanks [@thanhtrinity](https://github.com/thanhtrinity)! - feat: auth refresh for reuse-web-session (closes [#221](https://github.com/xera-ai/xera/issues/221))
|
|
8
|
+
|
|
9
|
+
Two complementary refresh mechanisms eliminate the "auth expired mid-suite" failure mode for reuse-web-session projects:
|
|
10
|
+
|
|
11
|
+
**Pre-flight refresh (automatic, always on):** `xera-internal exec` and `xera-internal stage-auth` check the http auth file at Step 0. If it's within `http.auth.refreshBuffer` of expiring AND the web auth file is still fresh, they auto-re-derive the http file from the still-valid web `storageState`. No IDP calls; just a fresh AES-encrypted file. Covers ~80% of pain (single-ticket runs under 15 minutes).
|
|
12
|
+
|
|
13
|
+
**Mid-suite refresh (opt-in):** new `reuseWebSession.refresh: { endpoint, method, csrfHeader? }` config block enables a runtime proxy on `newAuthedContext`. The proxy auto-refreshes via your configured endpoint before each request that would arrive after expiry. Updates cookies in place via `Set-Cookie` parsing, persists encrypted, re-lifts CSRF header per request. Generic IDP-agnostic — works with any endpoint that returns 2xx with a new access cookie via `Set-Cookie` (Microsoft Entra, Okta). Auth0 (body-returned tokens) falls back to pre-flight only.
|
|
14
|
+
|
|
15
|
+
Concurrent refreshes guarded by a process-local mutex. Single attempt; failure throws typed `RefreshFailedError` with response status + endpoint. Includes in-house `parseSetCookie` (RFC 6265 minimal), mock IDP fixture for integration testing.
|
|
16
|
+
|
|
17
|
+
New env vars: `XERA_REFRESH_BUFFER_MS` (default 60_000), `XERA_REFRESH_TTL_MS` (default 900_000).
|
|
18
|
+
|
|
19
|
+
Backwards-compat: projects without `refresh` config behave exactly as v0.23.
|
|
20
|
+
|
|
3
21
|
## 0.23.0
|
|
4
22
|
|
|
5
23
|
### Patch Changes
|