feat(account): show local signed-in identity in Account pane (#136)#1435
Conversation
…136) The Account pane only ever talked to the taos.my cloud account, so when that service is unreachable nothing on screen tells you who you are signed in as on this device. Add a 'this device' card sourced from /auth/status that renders the local username/full name/email independently of cloud reachability, and clarify the cloud copy. Renders nothing when signed out or the host is unreachable.
Qodo reviews are paused for this user.Troubleshooting steps vary by plan Learn more → On a Teams plan? Using GitHub Enterprise Server, GitLab Self-Managed, or Bitbucket Data Center? |
|
Warning Review limit reached
More reviews will be available in 36 minutes and 48 seconds. Learn how PR review limits work. Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file). ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits. 🚦 How do rate limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Plus Run ID: 📒 Files selected for processing (2)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
Note Your trial team has used its Gitar budget, so automatic reviews are paused. Upgrade now to unlock full capacity. Comment "Gitar review" to trigger a review manually. Code Review ✅ ApprovedIntegrates the local identity card into the Account pane using OptionsDisplay: compact → Showing less information. Comment with these commands to change:
Important Your trial ends in 2 days — upgrade now to keep code review, CI analysis, auto-apply, custom automations, and more. Was this helpful? React with 👍 / 👎 | Gitar |
![kilo-code-bot[bot]](https://avatars.githubusercontent.com/in/2193792?s=60&v=4){kind=small}
| const data = await res.json(); | ||
| if (mounted.current && data?.authenticated && data?.user) setUser(data.user); | ||
| } catch { | ||
| // Host unreachable; the cloud card surfaces connectivity, so stay quiet. |
There was a problem hiding this comment.
WARNING: Empty catch silently swallows ALL errors, not just host-unreachable.
The comment justifies swallowing network failures, but this catch also swallows:
- JSON parse errors (malformed
/auth/statusbody) - CORS / mixed-content errors
- Unexpected runtime errors thrown by
res.json()
If /auth/status returns 200 with invalid JSON, the user sees no local-identity card and no diagnostic — the cloud card may also be down, leaving them with zero information about who they're signed in as. Consider splitting: explicitly handle fetch rejection (stay quiet), but log/track res.json() failures so a broken endpoint doesn't render the feature invisible.
| (async () => { | ||
| try { | ||
| const res = await fetch("/auth/status", { credentials: "include" }); | ||
| if (!res.ok) return; |
There was a problem hiding this comment.
WARNING: fetch is not aborted when the component unmounts.
mounted.current is checked before setUser, but the fetch itself continues to completion after unmount — parsing the body and burning bandwidth needlessly. If the user navigates away from Settings while the request is in flight, the response is still read. Use an AbortController and pass signal to fetch, then abort in the unmount cleanup.
|
|
||
| if (!user) return null; | ||
| const name = user.full_name?.trim() || user.username || "Signed in"; | ||
| const meta = [ |
There was a problem hiding this comment.
SUGGESTION: The "Signed in" fallback is uninformative when both full_name and username are missing.
If /auth/status returns a user with only an email (no full_name, no username, is_admin: false), the card renders literally "Signed in" plus "Signed in on this device" — no identifying information at all. The whole point of this card is to tell the user who they are. Consider falling back to user.email (or rendering just the email in the primary slot) before resorting to the generic label.
Code Review SummaryStatus: 3 Issues Found | Recommendation: Address before merge Overview
Issue Details (click to expand)WARNING
SUGGESTION
Files Reviewed (2 files)
Fix these issues in Kilo Cloud Reviewed by minimax-m3 · Input: 43.1K · Output: 5.6K · Cached: 298.7K |
1 participant
What
Adds a 'this device' identity card at the top of Settings -> Account, sourced from
/auth/status, showing the local username / full name / email / admin flag. Renders independently of the taos.my cloud account, so you can always see who you are signed in as even when the cloud account is unreachable.Why
Jay 2026-06-25: 'I dont know what account I am in, it doesnt show me anywhere.' The pane only fetched the cloud account (
account-client-> taos.my); the local identity from/auth/statuswas never surfaced. (Also confirms the password-only login is the single-primary-account model, so the earlier 'new account' was a password reset, not a duplicate.)Scope
Frontend only. Card renders nothing when signed out (401) or the host is unreachable. Cloud-account copy reworded to 'cloud account' for the two-tier distinction.
Tests
New test: local identity shows even while the cloud account is unreachable. Existing AccountPanel tests made URL-aware (the local probe must not consume the cloud mock's single-use Response body). 5/5 green.