Skip to content

Fix VK Full Admin OAuth scope generation#181

Merged
xlabtg merged 3 commits intoxlabtg:mainfrom
konard:issue-180-f424a8ffb267
Apr 27, 2026
Merged

Fix VK Full Admin OAuth scope generation#181
xlabtg merged 3 commits intoxlabtg:mainfrom
konard:issue-180-f424a8ffb267

Conversation

@konard
Copy link
Copy Markdown

@konard konard commented Apr 27, 2026
edited
Loading

Summary

Fixes vk_auth_user_url / vk_auth_group_url OAuth URL generation for current VK auth behavior.

  • Default vk_auth_user_url no longer requests the restricted messages user scope, which VK rejects for ordinary/new apps with invalid_scope / invalid scope.
  • OAuth helper URLs now use https://oauth.vk.ru/authorize and comma-separated scope names instead of numeric bitmasks.
  • README and manifest token setup guidance now distinguish the default user scopes from the optional restricted messages scope needed only by vk_user_messages_send.
  • Added regression coverage for safe default user auth scopes and comma-separated group auth scopes.

Fixes #180

Reproduction

Before this PR, vk_auth_user_url defaulted to offline, wall, messages, friends, photos, groups, stats, notifications and encoded scopes as a numeric mask. Opening that generated URL can fail at VK with an invalid scope error because messages is restricted to eligible standalone apps that passed moderation or already had that access.

The new test verifies the default user OAuth URL excludes messages, uses oauth.vk.ru, and emits readable comma-separated scope names. messages can still be requested explicitly by eligible apps through vk_auth_user_url.scopes.

Tests

  • node --test plugins/vk-full-admin/tests/index.test.js
  • npm run validate (passes with existing casino empty-tools warning)
  • npm run lint (passes with existing repo warnings, 0 errors)
  • npm test (410 passing)
  • npm run typecheck
  • node scripts/build-sdk.mjs
  • npm audit --audit-level=high --prefix plugins/vk-full-admin
  • npm audit --audit-level=high (passes high threshold; existing root moderate advisories remain)

konard added 2 commits April 27, 2026 22:22
@konard
Initial commit with task details
5768078 
Adding .gitkeep for PR creation (default mode).
This file will be removed when the task is complete.

Issue: xlabtg#180
@konard
Fix VK auth scope URL generation
7c5d254
@konard konard changed the title [WIP] VK Full Admin plugin errors Fix VK Full Admin OAuth scope generation Apr 27, 2026
@konard konard marked this pull request as ready for review April 27, 2026 22:31
@konard
Copy link
Copy Markdown
Author

konard commented Apr 27, 2026

Solution summary

Implemented and pushed the fix to PR 181: #181

Changed vk-full-admin so vk_auth_user_url no longer requests VK’s restricted messages scope by default, OAuth URLs use https://oauth.vk.ru/authorize, and scopes are emitted as comma-separated names instead of numeric masks. Updated README/manifest guidance and added regression tests for the generated auth URLs.

Verified against VK docs:

Local checks passed: targeted VK test, npm run validate, npm run lint, npm test (410 passing), npm run typecheck, node scripts/build-sdk.mjs, and high-threshold audits. PR is ready for review, worktree is clean, and all GitHub checks are green on commit 7c5d254.

This summary was automatically extracted from the AI working session output.

@konard
Copy link
Copy Markdown
Author

konard commented Apr 27, 2026

🤖 Solution Draft Log

This log file contains the complete execution trace of the AI solution draft process.

💰 Cost estimation:

  • Model: GPT-5.5
  • Provider: OpenAI
  • Public pricing estimate: $12.199925

📊 Context and tokens usage:

  • 9.5M / 1.1M (906%) input tokens, 20.9K / 128K (16%) output tokens

Total: (194.5K + 9.3M cached) input tokens, 20.9K output tokens, $12.199925 cost

🤖 Models used:

  • Tool: OpenAI Codex
  • Requested: gpt-5.5
  • Model: GPT-5.5 (gpt-5.5)

📎 Log file uploaded as Gist (13606KB)

Now working session is ended, feel free to review and add any feedback on the solution draft.

@konard
Copy link
Copy Markdown
Author

konard commented Apr 27, 2026

✅ Ready to merge

This pull request is now ready to be merged:

  • All CI checks have passed
  • No merge conflicts
  • No pending changes

Monitored by hive-mind with --auto-restart-until-mergeable flag

@xlabtg xlabtg merged commit 23260b7 into xlabtg:main Apr 27, 2026
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

VK Full Admin plugin errors

2 participants

@konard @xlabtg