fix: vault UX, sessions, dropdowns, engram_ token prefix

[thebtf]

Summary

• Vault reveal errors shown inline (not separate page)
• Sessions field mapping fixed (workstation_id → workstation, etc.)
• Dark dropdown styling (global @layer base + FilterTabs fix)
• Token prefix renamed eng_ → engram_ (handlers + middleware)

Test plan

• Vault reveal error → inline red banner, credentials list stays visible
• Sessions page shows indexed sessions (if any)
• Dropdowns readable in dark mode
• New tokens generated with engram_ prefix

Summary by CodeRabbit

Примечания к выпуску

• Новые функции

  • Добавлено отдельное отображение ошибок для операций с учетными данными в хранилище.

• Улучшения пользовательского интерфейса

  • Улучшена поддержка темной темы для элементов выпадающих меню.
  • Обновлены стили контрастности для фильтров.

• Исправления

  • Улучшена обработка ошибок при работе с учетными данными хранилища.
  • Оптимизирована загрузка и отображение данных сеансов.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 2be09613-e3a1-4335-90de-1f08ca375798

📥 Commits

Reviewing files that changed from the base of the PR and between caac8da and a937fef.

📒 Files selected for processing (7)

• internal/worker/handlers_auth.go
• internal/worker/middleware.go
• ui/src/assets/main.css
• ui/src/components/FilterTabs.vue
• ui/src/composables/useVault.ts
• ui/src/utils/api.ts
• ui/src/views/VaultView.vue

---

Walkthrough

PR обновляет префикс токена клиентского API с "eng_" на "engram_", корректирует проверки длины и логику извлечения префикса, улучшает обработку ошибок в представлении Vault через новое состояние actionError, обновляет стили CSS для элементов формы в тёмной теме и добавляет утилиты сопоставления API-ответов для нормализации данных сеансов.

Changes

Cohort / File(s)	Summary
Обновление префикса токена аутентификации internal/worker/handlers_auth.go, internal/worker/middleware.go	Изменены константы и логика префикса токена клиента: "eng_" заменён на "engram_", проверка длины увеличена с 12 на 15, диапазон извлечения префикса сдвинут с 4–12 на 7–15 в функции поиска токена.
Стилизация UI и тёмная тема ui/src/assets/main.css, ui/src/components/FilterTabs.vue	Добавлена @layer base блокировка для стилизации элементов select и option в тёмной теме с явными цветами фона и границ; классы фильтров обновлены с bg-white/5 border-white/10 на bg-slate-800 border-slate-600.
Управление состоянием и обработка ошибок ui/src/composables/useVault.ts, ui/src/views/VaultView.vue	Введено новое реактивное состояние actionError для ошибок действий учётных данных; обновлена логика обработки ошибок в revealCredential и removeCredential; добавлен рендеринг ошибки в UI представлении.
Сопоставление и преобразование API-ответов ui/src/utils/api.ts	Добавлены типы RawIndexedSession и RawSessionSearchResult с функциями сопоставления (mapRawSession) для преобразования полей API Go (workstation_id, project_id, exchange_count, last_msg_at) в форму IndexedSession с нормализацией дат и значений по умолчанию.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• feat: all secondary dashboard views — vault, logs, tokens, analytics, graph, patterns, sessions, system #21: оба PR модифицируют логику аутентификации на основе токенов в одних и тех же файлах, изменяя префикс клиентского токена.
• feat: observation browser, detail view, semantic search (Phases 4-5) #20: PR обновляет логику обработки и поиска клиентского API токена, которая была введена в указанном PR с префиксом "eng_".
• feat: dashboard frontend layout — router, sidebar, auth, placeholder views #19: оба PR модифицируют одни и те же пути кода аутентификации в middleware.go и handlers_auth.go для обработки префиксов клиентских токенов.

Suggested labels

ai-review:passed

Poem

🐰 Токены в шапке полосатой,
Переименованы с заботой,
От инженера к гравировке — вот!
Ошибки ловим, стили дарим,
И API мы поправляем вдарим,
Велик труд! Кролик вам поёт! 🌙✨

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/dashboard-v1.0.3

📝 Coding Plan

• Generate coding plan for human review comments

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 golangci-lint (2.11.3)

Error: can't load config: unsupported version of the configuration: "" See https://golangci-lint.run/docs/product/migration-guide for migration instructions
The command is terminated due to an error: can't load config: unsupported version of the configuration: "" See https://golangci-lint.run/docs/product/migration-guide for migration instructions

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request focuses on enhancing the user experience and consistency across several parts of the application. It refines how vault errors are presented to users, ensures accurate display of session information, and improves the visual consistency of dropdowns in dark mode. Additionally, a significant internal change involves updating the API token prefix, which impacts token handling and authentication mechanisms.

Highlights

• Vault UX Improvements: Vault credential reveal errors are now displayed inline within the Vault view, providing immediate feedback without navigating to a separate page.
• Sessions Data Mapping Fixes: The mapping for session data has been corrected, specifically addressing workstation_id to workstation and ensuring proper display of session details.
• Dark Mode Dropdown Styling: Dropdown elements across the UI, including those in FilterTabs, have received styling updates to ensure readability and proper appearance in dark mode.
• API Token Prefix Renamed: The prefix for generated client API tokens has been changed from eng_ to engram_ across handlers and middleware, requiring updates to token generation and validation logic.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces several valuable improvements across the application, including fixing the vault UX for errors, correcting session field mappings, improving dropdown styling in dark mode, and renaming the token prefix for clarity. The changes are well-implemented. I've added a few suggestions to improve maintainability by replacing hardcoded values with constants and removing redundant CSS classes. These changes will make the code easier to manage in the future.

[gemini-code-assist]

To improve maintainability and avoid hardcoded values, it's better to use the tokenRawPrefix constant which is defined in handlers_auth.go and available in this package.

Suggested change

	if strings.HasPrefix(providedToken, "engram_") && store != nil {
	if strings.HasPrefix(providedToken, tokenRawPrefix) && store != nil {

[gemini-code-assist]

Using magic numbers for token parsing logic makes the code harder to read and maintain. It's better to use the tokenRawPrefix and tokenPrefixLen constants to make the logic clearer and easier to update if the prefix or length changes in the future.

Suggested change

	// Extract prefix: chars 7-15 (first 8 hex chars after "engram_")
	if len(rawToken) < 15 {
	http.Error(w, "unauthorized", http.StatusUnauthorized)
	return true
	}
	prefix := rawToken[4:12]
	prefix := rawToken[7:15]
	// Extract token prefix for DB lookup.
	if len(rawToken) < len(tokenRawPrefix)+tokenPrefixLen {
	http.Error(w, "unauthorized", http.StatusUnauthorized)
	return true
	}
	prefix := rawToken[len(tokenRawPrefix) : len(tokenRawPrefix)+tokenPrefixLen]

[gemini-code-assist]

The bg-slate-800 and border-slate-600 classes are now redundant because these styles are defined globally for <select> elements in ui/src/assets/main.css. Removing them will make the code cleaner and rely on the single source of truth for styling.

            class="border rounded px-2 py-1 text-xs text-slate-300 focus:outline-none focus:border-claude-500"

[gemini-code-assist]

Similar to the other select element, the bg-slate-800 and border-slate-600 classes are redundant due to the new global styles in main.css. Removing them simplifies the component's template.

            class="border rounded px-2 py-1 text-xs text-slate-300 focus:outline-none focus:border-claude-500"