feat: prefer canonical awaiting-input contract#20
Conversation
Read top-level fields/choices from managed-auth state events and responses when present, mapping them into the existing form rendering model. Keep falling back to legacy discovered_fields/pending_sso_buttons/mfa_options/sign_in_options so older API responses remain supported during the deprecation window. Co-authored-by: Cursor <cursoragent@cursor.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes using high effort and found 2 potential issues.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit bc9b0a0. Configure here.
| flow_step: ev.flow_step, | ||
| flow_type: ev.flow_type ?? base.flow_type ?? null, | ||
| fields: ev.fields ?? null, | ||
| choices: ev.choices ?? null, |
There was a problem hiding this comment.
SSE drops stored canonical fields
High Severity
The mergeStateEvent function incorrectly sets fields and choices to null when an incoming SSE managed_auth_state event omits these properties. This differs from other fields that correctly fall back to prior state. This behavior causes normalizeManagedAuthState to lose essential data, leading to UI elements like login forms or other awaiting-input components being unexpectedly wiped or disappearing after a partial state update.
Reviewed by Cursor Bugbot for commit bc9b0a0. Configure here.
| discovered_fields: fieldsFromCanonical(state.fields) ?? state.discovered_fields, | ||
| pending_sso_buttons: ssoButtonsFromCanonical(state.choices) ?? state.pending_sso_buttons, | ||
| mfa_options: mfaOptionsFromCanonical(state.choices) ?? state.mfa_options, | ||
| sign_in_options: signInOptionsFromCanonical(state.choices) ?? state.sign_in_options, |
There was a problem hiding this comment.
Empty canonical slices hide legacy
Medium Severity
The normalizeManagedAuthState function's use of ?? for canonical field preference doesn't account for *FromCanonical helpers returning empty arrays ([]). This prevents the intended fallback to populated legacy fields (like discovered_fields, pending_sso_buttons, mfa_options, sign_in_options), causing their values to be dropped instead.
Reviewed by Cursor Bugbot for commit bc9b0a0. Configure here.
When canonical fields/choices are present, submit field_values by canonical field ID and selected_choice_id by canonical choice ID. Continue supporting legacy fields, SSO selectors, MFA option IDs, and sign-in option IDs when canonical data is absent. Co-authored-by: Cursor <cursoragent@cursor.com>
1 participant
Summary
fieldsandchoices.discovered_fields,pending_sso_buttons,mfa_options, andsign_in_optionsso old API responses keep working during the deprecation window.Notes
This PR is forward-compatible with the API dual-contract migration. It does not remove legacy support and it still submits through the existing legacy submit helpers until the API accepts canonical submit payloads.
Test plan
bun run typecheckbun run buildMade with Cursor