fix: update Kit OAuth scope
@sjd9021checks…codex/fix-kit-oauth-scope → master4 files · +408 −2updated 1mo agoloading diff…
@sjd9021checks…codex/fix-kit-oauth-scope → master4 files · +408 −2updated 1mo ago@sjd9021checks…codex/fix-kit-oauth-scope → master4 files · +408 −2updated 1mo agoread to public, matching Kit API v4 OAuth docs.apps/*/config.ts.--production-oauth to audit production-shaped OAuth apps: not disabled, not autoload=False, and more than five action files.temperature.264c99090ad (feat: create app kit by builder-agent) as an API-key-only template app.ea507901228 / #1287 (fix: add real values to config files from template values), and that commit introduced default_scopes: () => [\read`]`.https://api.kit.com/v4/oauth/* but kept the stale read scope.public; requesting read causes Kit to reject the authorization URL before consent with invalid_scope / “requested scope is invalid, unknown, or malformed”.Ran the production-shaped audit with GPT-5.5 web search:
doppler run --project mercury --config dev -- python3 ci_checks/lint_oauth_config_scopes_llm.py --production-oauth --model gpt-5.5 --batch-size 8 --max-workers 4
Result: 176 OAuth2 apps checked, 24 possible provider-rejected scope candidates. Linear was not flagged in the final production-shaped run.
Candidate apps from that run: apaleo, bitbucket, blackboard, brex, cal, canva, datadog, eventbrite, google_classroom, harvest, intercom, jira, mailchimp, mural, netsuite, productboard, scheduleonce, timely, toneden, xero, zoho_desk, zoho_inventory, zoho_invoice, zoom.
python3 -m py_compile ci_checks/lint_oauth_config_scopes_llm.py ci_checks/base/llm.pypython3 -m ruff check ci_checks/lint_oauth_config_scopes_llm.py ci_checks/base/llm.py noxfile.pydoppler run --project mercury --config dev -- python3 ci_checks/lint_oauth_config_scopes_llm.py apps/kit --model gpt-5.5 --batch-size 1 --max-workers 1doppler run --project mercury --config dev -- python3 ci_checks/lint_oauth_config_scopes_llm.py --production-oauth --model gpt-5.5 --batch-size 8 --max-workers 4 (expected nonzero while candidates remain)