feat: backport auth-validation preflight + email_login credentials
CI / Type-check & lint (pull_request) Successful in 16s
CI / Build & push worker image (pull_request) Has been skipped
CI / Build & push API image (pull_request) Has been skipped

Backport upstream Shannon PR #335:
- Add credential validation activity that drives a real browser login
  before the full pipeline, catching bad credentials early
- New email_login credentials type for magic-link and email-OTP flows
- Make credentials.password optional for passwordless flows
- Playwright stealth config (chrome.runtime, plugin simulation, UA)
- Centralize prompt directory resolution into resolvePromptDir helper
- New AUTH_LOGIN_FAILED error code with non-retryable classification
- Remove dangerous-pattern validation on credentials.password
- Pipeline-testing stub for auth validation (returns success)
- Auth validation timeout of 10 minutes for browser-based login
- .playwright directory workspace overlay for CLI/Docker

Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
2026-05-20 00:59:27 +00:00
committed by Hugh Commit [agent]
parent 70af2b12db
commit 47a6e4933a
16 changed files with 489 additions and 26 deletions
+25 -1
View File
@@ -39,9 +39,33 @@
"type": "string",
"pattern": "^[A-Za-z2-7]+=*$",
"description": "TOTP secret for two-factor authentication (Base32 encoded, case insensitive)"
},
"email_login": {
"type": "object",
"description": "Email-based login credentials for magic-link and email-OTP flows",
"properties": {
"address": {
"type": "string",
"format": "email",
"description": "Email address for authentication"
},
"password": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"description": "Password for the email account"
},
"totp_secret": {
"type": "string",
"pattern": "^[A-Za-z2-7]+=*$",
"description": "TOTP secret for email 2FA (Base32 encoded)"
}
},
"required": ["address", "password"],
"additionalProperties": false
}
},
"required": ["username", "password"],
"required": ["username"],
"additionalProperties": false
},
"login_flow": {
+19
View File
@@ -47,6 +47,25 @@ rules:
type: path
url_path: "/api/v2/user-profile"
# Email-based login (for magic-link / email-OTP flows)
# authentication:
# login_type: form
# login_url: "https://example.com/login"
# credentials:
# username: "testuser"
# email_login:
# address: "testuser@example.com"
# password: "email-password"
# totp_secret: "JBSWY3DPEHPK3PXP" # Optional TOTP for email 2FA
# login_flow:
# - "Type $username into the username field"
# - "Type $email_address into the email field"
# - "Type $email_password into the email password field"
# - "Enter $email_totp in the verification code field"
# success_condition:
# type: url_contains
# value: "/dashboard"
# Pipeline execution settings (optional)
# pipeline:
# retry_preset: subscription # 'default' or 'subscription' (6h max retry for rate limit recovery)