Skip to content

fix(ide-tail): authenticate against the token-gated daemon#46

Merged
ThinkOffApp merged 1 commit into
mainfrom
fix/ide-tail-auth
Jul 16, 2026
Merged

fix(ide-tail): authenticate against the token-gated daemon#46
ThinkOffApp merged 1 commit into
mainfrom
fix/ide-tail-auth

Conversation

@ThinkOffApp

Copy link
Copy Markdown
Owner

Found while standing up the IDE channel for Petrus's review: iak-claude-tail has been silently broken since the :8788 token hardening (2026-07-08) — every /ide-chat POST 401'd, so the CodeWatch IDE channel had no data and nobody noticed until today.

  • Sends Authorization: Bearer from IAK_DAEMON_TOKEN, else the standard gate token file (~/.config/iak-gate.token, IAK_DAEMON_TOKEN_FILE to override) — same convention as the other :8788 callers.
  • 401 responses now log an actionable hint naming the env vars.
  • Header env docs updated.

Verified live on the Mini: with the fix, session events flow into GET /ide-chat/claudemm.

Follow-up (separate): the tail isn't supervised by start-all.sh on either machine — it should be, or the IDE channel dies on every reboot.

🤖 Generated with Claude Code

iak-claude-tail predates the :8788 Bearer-token hardening and has
been silently 401ing ever since — the CodeWatch IDE channel stayed
empty because every /ide-chat POST was rejected. The tail now sends
Authorization: Bearer from IAK_DAEMON_TOKEN, falling back to the
standard gate token file (~/.config/iak-gate.token, override via
IAK_DAEMON_TOKEN_FILE), and a 401 now logs an actionable hint
instead of a bare status code. Verified live on the Mini: events
flow into /ide-chat/claudemm with the fix.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@cursor

cursor Bot commented Jul 16, 2026

Copy link
Copy Markdown

Bugbot is not enabled for your account, so this pull request was not reviewed.

Enable Bugbot in the Cursor dashboard to get automatic reviews on future PRs.

@ThinkOffApp ThinkOffApp left a comment

Copy link
Copy Markdown
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed the 17-line authentication fix. The env-first/file-fallback token resolution, trimmed file contents, conditional Bearer header, and actionable 401 diagnostic are consistent with the daemon hardening described in the PR. No blocking findings. GitHub would not allow an approval because this PR is authored by the authenticated account, so this is recorded as a review comment instead.

@ThinkOffApp
ThinkOffApp merged commit e0bede1 into main Jul 16, 2026
3 checks passed
@ThinkOffApp
ThinkOffApp deleted the fix/ide-tail-auth branch July 16, 2026 18:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant