Add login smoke checks for Windows binary

Author: jahooma

.github/workflows/cli-release-build.yml

@@ -338,6 +338,7 @@ jobs:
 
           # Sync check — exits via commander before async tasks fire.
           "$BIN" --version
+          "$BIN" --smoke-login-primitives
 
           # Long-running check — gives async startup failures time to surface.
           # This is the step that would have caught the post-OpenTUI-upgrade

.github/workflows/freebuff-e2e.yml

@@ -178,6 +178,7 @@ jobs:
           # startup failures (e.g. the Parser.init rejection from a broken
           # tree-sitter wasm load).
           ./cli/bin/freebuff.exe --version
+          ./cli/bin/freebuff.exe --smoke-login-primitives
           # Run for several seconds so unhandled rejections during module
           # init have time to fire — the freebuff 0.0.62 wasm regression
           # surfaced through the *late* renderer-cleanup handler, after the

cli/src/index.tsx

@@ -262,6 +262,66 @@ async function main(): Promise<void> {
     }
   }
 
+  // CI gate: `<binary> --smoke-login-primitives` checks the local pieces that
+  // must work before browser OAuth can complete. This is intentionally not a
+  // full OAuth flow: CI should not depend on a real GitHub account/browser
+  // round trip just to validate the compiled Windows executable.
+  if (process.argv.includes('--smoke-login-primitives')) {
+    try {
+      const [{ withTimeout }, fingerprint, { getWindowsOpenUrlCommand }] =
+        await Promise.all([
+          import('@codebuff/common/util/promise'),
+          import('./utils/fingerprint'),
+          import('./utils/open-url'),
+        ])
+
+      let timeoutRejected = false
+      try {
+        await withTimeout(
+          new Promise<never>(() => {}),
+          50,
+          'login smoke expected timeout',
+        )
+      } catch (err) {
+        timeoutRejected =
+          err instanceof Error &&
+          err.message.includes('login smoke expected timeout')
+      }
+      if (!timeoutRejected) {
+        throw new Error('withTimeout did not reject a hanging promise')
+      }
+
+      const fingerprintId = await withTimeout(
+        fingerprint.calculateFingerprint(),
+        5_000,
+        'calculateFingerprint exceeded login smoke timeout',
+      )
+      const fingerprintType = fingerprint.getFingerprintType(fingerprintId)
+      if (fingerprintType === 'unknown') {
+        throw new Error(`Unexpected fingerprint type for ${fingerprintId}`)
+      }
+
+      if (process.platform === 'win32') {
+        const opener = getWindowsOpenUrlCommand('https://example.com')
+        if (
+          opener.command !== 'rundll32.exe' ||
+          opener.args[0] !== 'url.dll,FileProtocolHandler' ||
+          opener.args[1] !== 'https://example.com'
+        ) {
+          throw new Error(
+            `Unexpected Windows URL opener: ${opener.command} ${opener.args.join(' ')}`,
+          )
+        }
+      }
+
+      console.log(`login primitives smoke ok (${fingerprintType})`)
+      process.exit(0)
+    } catch (err) {
+      console.error('login primitives smoke FAIL:', err)
+      process.exit(1)
+    }
+  }
+
   // Run OSC theme detection BEFORE anything else.
   // This MUST happen before OpenTUI starts because OSC responses come through stdin,
   // and OpenTUI also listens to stdin. Running detection here ensures stdin is clean.

cli/src/utils/__tests__/fingerprint.test.ts

@@ -1,10 +1,6 @@
 import { describe, test, expect } from 'bun:test'
 
-import {
-  getFingerprintType,
-  generateFingerprintIdSync,
-  withTimeout,
-} from '../fingerprint'
+import { getFingerprintType, generateFingerprintIdSync } from '../fingerprint'
 
 describe('fingerprint utilities', () => {
   describe('getFingerprintType', () => {
@@ -146,19 +142,4 @@ describe('fingerprint utilities', () => {
     })
   })
 
-  describe('withTimeout', () => {
-    test('resolves when the promise finishes before the timeout', async () => {
-      await expect(
-        withTimeout(Promise.resolve('ok'), 100, 'too slow'),
-      ).resolves.toBe('ok')
-    })
-
-    test('rejects when the promise exceeds the timeout', async () => {
-      const neverResolves = new Promise<string>(() => {})
-
-      await expect(withTimeout(neverResolves, 1, 'too slow')).rejects.toThrow(
-        'too slow',
-      )
-    })
-  })
 })

cli/src/utils/__tests__/open-url.test.ts

@@ -0,0 +1,52 @@
+import { EventEmitter } from 'events'
+import type { ChildProcess, spawn } from 'child_process'
+
+import { describe, expect, mock, test } from 'bun:test'
+
+import {
+  getWindowsOpenUrlCommand,
+  openUrlWithWindowsHandler,
+} from '../open-url'
+
+function createMockChildProcess(): ChildProcess {
+  const child = new EventEmitter() as ChildProcess
+  child.unref = mock(() => {}) as unknown as ChildProcess['unref']
+  return child
+}
+
+describe('Windows URL opener', () => {
+  test('builds the rundll32 URL handler command', () => {
+    expect(getWindowsOpenUrlCommand('https://example.com')).toEqual({
+      command: 'rundll32.exe',
+      args: ['url.dll,FileProtocolHandler', 'https://example.com'],
+    })
+  })
+
+  test('returns false when spawn emits an async error', async () => {
+    const child = createMockChildProcess()
+    const spawnUrlHandler = mock(() => child) as unknown as typeof spawn
+
+    const result = openUrlWithWindowsHandler(
+      'https://example.com',
+      spawnUrlHandler,
+    )
+    child.emit('error', new Error('ENOENT'))
+
+    await expect(result).resolves.toBe(false)
+    expect(child.unref).not.toHaveBeenCalled()
+  })
+
+  test('returns true and unrefs the process after spawn succeeds', async () => {
+    const child = createMockChildProcess()
+    const spawnUrlHandler = mock(() => child) as unknown as typeof spawn
+
+    const result = openUrlWithWindowsHandler(
+      'https://example.com',
+      spawnUrlHandler,
+    )
+    child.emit('spawn')
+
+    await expect(result).resolves.toBe(true)
+    expect(child.unref).toHaveBeenCalledTimes(1)
+  })
+})

cli/src/utils/fingerprint.ts

@@ -11,6 +11,7 @@ import { createHash, randomBytes } from 'node:crypto'
 import { cpus, networkInterfaces } from 'node:os'
 
 import { AnalyticsEvent } from '@codebuff/common/constants/analytics-events'
+import { withTimeout } from '@codebuff/common/util/promise'
 
 import { trackEvent } from './analytics'
 import { detectShell } from './detect-shell'
@@ -22,26 +23,6 @@ let systeminformationModule: typeof import('systeminformation') | null = null
 
 const ENHANCED_FINGERPRINT_TIMEOUT_MS = 3000
 
-export function withTimeout<T>(
-  promise: Promise<T>,
-  timeoutMs: number,
-  timeoutMessage: string,
-): Promise<T> {
-  let timeout: ReturnType<typeof setTimeout> | null = null
-
-  const timeoutPromise = new Promise<never>((_, reject) => {
-    timeout = setTimeout(() => {
-      reject(new Error(timeoutMessage))
-    }, timeoutMs)
-  })
-
-  return Promise.race([promise, timeoutPromise]).finally(() => {
-    if (timeout) {
-      clearTimeout(timeout)
-    }
-  })
-}
-
 async function getMachineId(): Promise<string> {
   if (!machineIdModule) {
     machineIdModule = await import('node-machine-id')

cli/src/utils/open-url.ts

@@ -1,11 +1,59 @@
 import os from 'os'
-import { spawn } from 'child_process'
+import { spawn, type ChildProcess } from 'child_process'
 
 import open from 'open'
 
 import { getCliEnv } from './env'
 import { logger } from './logger'
 
+export function getWindowsOpenUrlCommand(url: string): {
+  command: string
+  args: string[]
+} {
+  return {
+    command: 'rundll32.exe',
+    args: ['url.dll,FileProtocolHandler', url],
+  }
+}
+
+export async function openUrlWithWindowsHandler(
+  url: string,
+  spawnUrlHandler: typeof spawn = spawn,
+): Promise<boolean> {
+  const { command, args } = getWindowsOpenUrlCommand(url)
+
+  return new Promise((resolve) => {
+    let subprocess: ChildProcess
+    try {
+      subprocess = spawnUrlHandler(command, args, {
+        detached: true,
+        stdio: 'ignore',
+        windowsHide: true,
+      })
+    } catch (err) {
+      logger.error(err, 'Failed to spawn Windows URL handler')
+      resolve(false)
+      return
+    }
+
+    let settled = false
+    const finish = (success: boolean) => {
+      if (settled) return
+      settled = true
+      resolve(success)
+    }
+
+    subprocess.once('error', (err) => {
+      logger.error(err, 'Failed to open browser with Windows URL handler')
+      finish(false)
+    })
+    subprocess.once('spawn', () => {
+      subprocess.unref()
+      finish(true)
+    })
+  })
+}
+
 /**
  * Safely open a URL in the user's default browser.
  *
@@ -18,22 +66,7 @@ import { logger } from './logger'
  */
 export async function safeOpen(url: string): Promise<boolean> {
   if (os.platform() === 'win32') {
-    try {
-      const subprocess = spawn(
-        'rundll32.exe',
-        ['url.dll,FileProtocolHandler', url],
-        {
-          detached: true,
-          stdio: 'ignore',
-          windowsHide: true,
-        },
-      )
-      subprocess.unref()
-      return true
-    } catch (err) {
-      logger.error(err, 'Failed to open browser with Windows URL handler')
-      return false
-    }
+    return openUrlWithWindowsHandler(url)
   }
 
   if (os.platform() === 'linux') {

common/src/util/__tests__/promise.test.ts

@@ -1,6 +1,6 @@
 import { afterEach, beforeEach, describe, expect, it, mock, spyOn } from 'bun:test'
 
-import { INITIAL_RETRY_DELAY, withRetry } from '../promise'
+import { INITIAL_RETRY_DELAY, withRetry, withTimeout } from '../promise'
 
 describe('withRetry', () => {
   describe('basic functionality', () => {
@@ -323,3 +323,40 @@ describe('withRetry', () => {
     })
   })
 })
+
+describe('withTimeout', () => {
+  it('should resolve when the promise finishes before the timeout', async () => {
+    await expect(
+      withTimeout(Promise.resolve('ok'), 100, 'too slow'),
+    ).resolves.toBe('ok')
+  })
+
+  it('should reject when the promise exceeds the timeout', async () => {
+    const neverResolves = new Promise<string>(() => {})
+
+    await expect(withTimeout(neverResolves, 1, 'too slow')).rejects.toThrow(
+      'too slow',
+    )
+  })
+
+  it('should clear the timeout when the wrapped promise rejects first', async () => {
+    let clearedTimeout: ReturnType<typeof setTimeout> | null = null
+    const originalClearTimeout = globalThis.clearTimeout
+    const clearTimeoutSpy = spyOn(globalThis, 'clearTimeout').mockImplementation(
+      ((timeout: ReturnType<typeof setTimeout>) => {
+        clearedTimeout = timeout
+        return originalClearTimeout(timeout)
+      }) as typeof clearTimeout,
+    )
+
+    try {
+      await expect(
+        withTimeout(Promise.reject(new Error('failed first')), 100, 'too slow'),
+      ).rejects.toThrow('failed first')
+
+      expect(clearedTimeout).not.toBeNull()
+    } finally {
+      clearTimeoutSpy.mockRestore()
+    }
+  })
+})

common/src/util/promise.ts

@@ -55,19 +55,17 @@ export async function withTimeout<T>(
   timeoutMs: number,
   timeoutMessage: string = `Operation timed out after ${timeoutMs}ms`,
 ): Promise<T> {
-  let timeoutId: NodeJS.Timeout
+  let timeoutId: ReturnType<typeof setTimeout> | null = null
 
   const timeoutPromise = new Promise<never>((_, reject) => {
     timeoutId = setTimeout(() => {
       reject(new Error(timeoutMessage))
     }, timeoutMs)
   })
 
-  return Promise.race([
-    promise.then((result) => {
+  return Promise.race([promise, timeoutPromise]).finally(() => {
+    if (timeoutId) {
       clearTimeout(timeoutId)
-      return result
-    }),
-    timeoutPromise,
-  ])
+    }
+  })
 }