You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Context\n\nFollow-up from AgentWorkforce/cloud#2108 auth unification and the reviews of relay#1119, cloud#2111, workforce#234, and relayfile#273. The active workspace descriptor contract is currently hand-mirrored across several surfaces:\n\n- cloud /resolve route response\n- @agent-relay/cloud resolveActiveWorkspace descriptor\n- agentworkforce deploy/login consumer\n- relayfile Go structs for agent-relay workspace active --json\n\nReviewers flagged defensive dual-key/casing handling and field-set pinning as a sign that these can co-drift. The design doc for cloud#2108 is docs/design/auth-unification-2108.md in the cloud repo.\n\n## Desired outcome\n\nCreate one source of truth for the active workspace descriptor shape, or at minimum add cross-package contract tests that make drift fail loudly.\n\nThe contract should cover at least:\n\n- name?\n- key\n- cloudWorkspaceId\n- relaycastWorkspaceId\n- relaycastApiKey?\n- relayfileWorkspaceId\n- relayauthWorkspaceId\n- organizationId?\n- slug?\n- urls\n- apiUrl\n- provisioned?\n\n## Acceptance criteria\n\n- The cloud /resolve route and @agent-relay/cloud resolveActiveWorkspace agree on the same descriptor field set and casing.\n- Consumers have a generated/shared schema or a contract test fixture instead of independently hand-maintaining the shape.\n- relayfile's Go parser has a fixture based on the same canonical descriptor JSON emitted by agent-relay workspace active --json.\n- The cloud#2108 design doc or follow-up section references this issue as the source-of-truth hardening task.\n\n## Why\n\nAuth unification removes split token/workspace stores; descriptor drift would reintroduce a softer split at the workspace-id mapping boundary, especially around rw_ vs relayfileWorkspaceId and optional relaycastApiKey exposure.\n
Context\n\nFollow-up from AgentWorkforce/cloud#2108 auth unification and the reviews of relay#1119, cloud#2111, workforce#234, and relayfile#273. The active workspace descriptor contract is currently hand-mirrored across several surfaces:\n\n- cloud /resolve route response\n- @agent-relay/cloud resolveActiveWorkspace descriptor\n- agentworkforce deploy/login consumer\n- relayfile Go structs for agent-relay workspace active --json\n\nReviewers flagged defensive dual-key/casing handling and field-set pinning as a sign that these can co-drift. The design doc for cloud#2108 is docs/design/auth-unification-2108.md in the cloud repo.\n\n## Desired outcome\n\nCreate one source of truth for the active workspace descriptor shape, or at minimum add cross-package contract tests that make drift fail loudly.\n\nThe contract should cover at least:\n\n- name?\n- key\n- cloudWorkspaceId\n- relaycastWorkspaceId\n- relaycastApiKey?\n- relayfileWorkspaceId\n- relayauthWorkspaceId\n- organizationId?\n- slug?\n- urls\n- apiUrl\n- provisioned?\n\n## Acceptance criteria\n\n- The cloud /resolve route and @agent-relay/cloud resolveActiveWorkspace agree on the same descriptor field set and casing.\n- Consumers have a generated/shared schema or a contract test fixture instead of independently hand-maintaining the shape.\n- relayfile's Go parser has a fixture based on the same canonical descriptor JSON emitted by agent-relay workspace active --json.\n- The cloud#2108 design doc or follow-up section references this issue as the source-of-truth hardening task.\n\n## Why\n\nAuth unification removes split token/workspace stores; descriptor drift would reintroduce a softer split at the workspace-id mapping boundary, especially around rw_ vs relayfileWorkspaceId and optional relaycastApiKey exposure.\n