feat: add e auto-roll#869
Merged
Merged
Conversation
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
jkleinsc
approved these changes
May 27, 2026
dsanders11
changed the title
e auto-roll (blocked on agent-workflows#11)e auto-roll
dsanders11
requested changes
May 28, 2026
dsanders11
requested changes
May 28, 2026
dsanders11
approved these changes
May 28, 2026
Adds an `e auto-roll` command that lists the Chromium auto-rolls produced by the agent-workflows service (agents.electronjs.org), lets you pick one, downloads its git bundle, and applies the proposed commits on top of the local roller/chromium/main branch (fast-forward when the branch is at the roll's base, otherwise cherry-pick). The service is behind Cloudflare Access. Rather than depend on the `cloudflared` binary, src/utils/cf-access.ts ports the browser-login token-transfer flow: it discovers the Access app, opens the login page, long-polls the transfer service, and decrypts the returned token (NaCl box, via tweetnacl). The token is cached under ~/.cloudflared and sent in the Cf-Access-Token header on each request.
- cf-access: a per-poll fetch timeout now falls through to the retry loop instead of bubbling an abort error out of runTransfer; use AbortSignal.timeout and catch the TimeoutError. - e-auto-roll: drop the unnecessary bundle.meta type assertion (the guard + fatal() already narrows base/head to string). - e-auto-roll: pipe the fetch web stream straight into pipeline and drop the now-unused node:stream import.
MarshallOfSound
force-pushed
the
sam/e-auto-roll
branch
from
87e7bee to
3e6f445
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Adds
e auto-roll— list the Chromium auto-rolls produced by theagent-workflows service, pick one interactively, download its git bundle,
and apply the proposed commits on top of your local
roller/chromium/main.time; token cached under
~/.cloudflared, reused after).base → head, andasks before doing anything.
branch is exactly at the roll's base, otherwise cherry-picks the commits on
top. Conflicts stop with the bundle ref left at
refs/auto-roll/<run>so youcan resolve and
git cherry-pick --continue.How the Cloudflare Access auth works (no
cloudflareddependency)src/utils/cf-access.tsports cloudflared's browser-login token-transfer flow:discover the Access app via the login redirect, open the login URL, long-poll
login.cloudflareaccess.orgfor the encrypted token, and decrypt it (NaCl box,via
tweetnacl). The token is sent in theCf-Access-Tokenheader, and cachedin
~/.cloudflaredso it interops with the real binary if present.Notes
tweetnacl(audited, zero-dep, no install scripts) for theNaCl box decryption — Node's
cryptohas X25519 but not XSalsa20/Poly1305.git-level apply mechanics (bundle verify, fetch-by-sha, fast-forward vscherry-pick) were validated against synthetic repos locally.