fix(cli): validate cloud login URL before auto-open

[hyperb1iss]

Motivation

• The CLI previously passed the daemon-provided verification_uri(_complete) directly to open::that_detached, which can invoke arbitrary OS protocol handlers if the daemon/auth response contains a non-HTTP(S) scheme.

Description

• Add URL parsing and scheme validation before auto-opening the verification URL in the CLI login path by introducing is_allowed_browser_uri which accepts only http/https schemes and using reqwest::Url::parse to validate the value.
• Refuse to auto-open non-HTTP(S) verification URIs and emit a clear warning instructing the user to open the URL manually or use --no-open if trusted, preserving existing outputs otherwise.
• Add an integration test cloud_login_refuses_auto_open_for_non_http_uri to crates/hypercolor-cli/tests/request_shape_tests.rs that exercises a hypercolor-test:// verification URI and asserts the refusal warning appears.
• Files changed: crates/hypercolor-cli/src/commands/cloud.rs and crates/hypercolor-cli/tests/request_shape_tests.rs.

Testing

• Added the new integration test cloud_login_refuses_auto_open_for_non_http_uri (included in crates/hypercolor-cli/tests/request_shape_tests.rs).
• Attempted to run just test-crate hypercolor-cli but just is not available in this environment, so it was not executed here.
• Launched cargo test -p hypercolor-cli; the build/test run was started in the environment but did not complete within the session constraints (compilation is large), so a full test run could not be observed here.

---

Codex Task

[coderabbitai]

Warning

Rate limit exceeded

@hyperb1iss has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 8 minutes and 32 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 5a0af286-5d7a-4a0b-b7a9-69265b30302a

📥 Commits

Reviewing files that changed from the base of the PR and between 748c7f4 and 971ae61.

📒 Files selected for processing (2)

• crates/hypercolor-cli/src/commands/cloud.rs
• crates/hypercolor-cli/tests/request_shape_tests.rs

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex/fix-unvalidated-verification-uri-in-cloud-login

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}