Conversation
[codex] Fix wallet sign-in copy and relayer URLs
[codex] fix Enoki transient retries
… state param (WALM-86)
- MCP defaults and env presets now resolve to memory.walrus.xyz (prod) and
relayer-staging / staging.memory.walrus.xyz (staging), removing the temporary
Cloudflare memwal.ai redirect dependency. dev preset unchanged.
- Rename the connect-URL CSRF query param `state` -> `connectState`. `state` is
a reserved OAuth 2.0 response parameter: the consent page reuses the current
page URL as the Google/Enoki redirect_uri, and Google rejects any redirect_uri
carrying a reserved param ("invalid_request: Invalid redirect_uri contains
reserved response param state"). The callback POST body field stays `state`;
ConnectMcp reads `connectState` with a `state` fallback for older bridges.
…low (WALM-86)
Signing in with Google from /connect/mcp failed with redirect_uri_mismatch:
Enoki defaults its redirect_uri to window.location.href, so the dynamic
/connect/mcp?...&connectState=... URL was sent as the redirect_uri and never
matched a registered Authorized redirect URI (the dashboard works because its
redirect_uri is the already-registered app root).
- Pin the Google provider redirectUrl to `${origin}/` (the registered root),
so MCP-connect Google sign-in reuses the same redirect_uri the dashboard
uses — no Google Console change needed.
- Preserve the /connect/mcp request across the OAuth round-trip in
sessionStorage; PostAuthRedirect re-opens /connect/mcp with the params
restored after the redirect lands on the root. Cleared on success.
… package.json directly)
fix(mcp): point defaults at memory.walrus.xyz + fix OAuth-reserved state param (WALM-86)
Add MCP setup skill and protect analytics secrets
ducnmm
approved these changes
Jun 4, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.