Add SESSION_INJECTION_SECRET to Environment type definition #1348
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Co-authored-by: damsleth <7300548+damsleth@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Refactor Docker scripts for improved management
Add SESSION_INJECTION_SECRET to Environment type definition
Feb 4, 2026
damsleth
added a commit
that referenced
this pull request
Feb 4, 2026
* Refactor Docker scripts and enhance session management - Replaced docker-dev.sh with a unified docker.sh script for improved Docker management. - Removed docker-quickstart.sh and validate-docker.sh as they are no longer needed. - Introduced agent-setup.sh and agent-teardown.sh for hands-off Docker environment setup for agent worktrees. - Updated package.json to reflect new script paths and commands. - Added session injection endpoint in auth.ts for testing purposes, allowing agents to authenticate without OAuth. - Enhanced logging and error handling across scripts for better debugging and user feedback. * fix: session injection env handling * Security hardening and robustness fixes for Docker scripts and session injection (#1345) * Initial plan * fix: apply security and robustness improvements from code review Co-authored-by: damsleth <7300548+damsleth@users.noreply.github.com> * fix: add timing-safe comparison and handle edge cases Co-authored-by: damsleth <7300548+damsleth@users.noreply.github.com> * fix: add buffer length check and improve .env parsing robustness Co-authored-by: damsleth <7300548+damsleth@users.noreply.github.com> * refactor: use case-insensitive header lookup and DRY principle Co-authored-by: damsleth <7300548+damsleth@users.noreply.github.com> * fix: correct quote stripping pattern and use consistent session indexing * Add SESSION_INJECTION_SECRET to Environment type definition (#1348)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Your checklist for this pull request
npm run watchReview checklist
Review theme song
Remove section if you think this is stupid.
🎵 Artist - Song 🎵
Description
Resolves TypeScript compilation failure where
SESSION_INJECTION_SECRETwas referenced inserver/routes/auth.tsbut missing from theEnvironmenttype definition.Changes:
SESSION_INJECTION_SECRET: stringto theEnvironmenttype inserver/utils/environment.tsThe environment variable is used for timing-safe validation of session injection requests in the development-only endpoint added in the parent PR.
How to test
npm run build:serverRelated issues
Use e.g.
Closes #1000to link issue 1000 to the PR. Remove section if no related issues.Related discussions
Remove section if no related discussions.
Related PRs
Parent PR: #1342
Related smoke tests
Remove section if no related smoke tests.
💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.