feat: add interactive pre-authentication for login-gated applications#271
Open
amichajlowski wants to merge 5 commits intoKeygraphHQ:mainfrom
Open
feat: add interactive pre-authentication for login-gated applications#271amichajlowski wants to merge 5 commits intoKeygraphHQ:mainfrom
amichajlowski wants to merge 5 commits intoKeygraphHQ:mainfrom
Conversation
Add 'interactive' to LoginType for OAuth/Google Sign-In flows where the user authenticates manually in a browser before scanning. Credentials are optional for this login type (enforced via if/then in JSON Schema). Config parser and sanitizer handle missing credentials gracefully.
New BEGIN:INTERACTIVE section in login-instructions.txt tells agents
how to restore a pre-authenticated session from auth-state.json using
localStorage injection and cookie setting via Playwright evaluate.
Thread sessionId from ActivityInput through AgentExecutionInput and
PromptVariables so the {{SESSION_ID}} placeholder resolves to the
workspace name, letting agents locate auth-state.json on disk.
Update buildLoginInstructions() to handle interactive type (no
credentials, no login_flow) and buildAuthContext() for missing
credentials.
New `shannon auth -c config.yaml [-w workspace]` command opens a visible Chromium browser for the user to complete OAuth/SSO login (e.g., Google Sign-In + 2FA). After the success condition is met, captures the browser storage state (cookies + localStorage) to auth-state.json in the workspace. - pre-auth.ts: Standalone Playwright module with dynamic import (Playwright is an optional peer dependency, not bundled) - auth.ts: CLI command with minimal YAML parser to extract login_url and success_condition without adding js-yaml as a dependency - index.ts: Register auth command with arg parsing - start.ts: Detect and log existing auth-state.json in workspace
Add docs/interactive-auth.md covering the full workflow: prerequisites, config format, auth command, multi-repo setup, and troubleshooting. Update .gitignore to exclude configs/ (user config files with potential credentials), .env.*, and audit-logs/ from version control.
Dynamic ESM import cannot resolve bare directory paths for globally installed packages. Switch to createRequire which handles node_modules resolution correctly, with fallback to global npm root.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary