refactor: strip speculative RPCs — session lifecycle + hooks only#4
refactor: strip speculative RPCs — session lifecycle + hooks only#4
Conversation
Remove ExchangeCredential, SyncPolicy, CredentialInjection, and all credential/policy message types. These were speculative: - Credential exchange uses the existing OAuth token exchange endpoint (POST /oauth2/token, RFC 8693). No new RPC needed. - Policy sync is a future feature. Add it when we build it. What remains: ProcessHookEvent (bidi stream), CreateSession, Heartbeat, EndSession. Four RPCs. Session lifecycle + hook telemetry. Also document that auth uses the user's OIDC bearer token, not application client_credentials. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
| Decision decision = 1; | ||
| string reason = 2; | ||
| string event_id = 3; | ||
| // Credential to inject for this tool call (if applicable) | ||
| CredentialInjection credential = 4; | ||
| } |
There was a problem hiding this comment.
🟡 Removed field number 4 from ProcessHookEventResponse not marked as reserved, risking future wire-format conflicts
The credential field (number 4) was removed from ProcessHookEventResponse without adding a reserved 4; declaration. Per the protobuf documentation, if a future contributor reuses field number 4 for a different type or semantic, older clients/servers that still have the old schema will silently misinterpret the wire data, causing data corruption. This is especially important in this repo since it's a shared contract between the CLI and API (README.md:2-3), and buf breaking is configured to enforce backward compatibility (buf.yaml).
(Refers to lines 44-48)
Was this helpful? React with 👍 or 👎 to provide feedback.
1 participant
Summary
Remove speculative RPCs and message types that don't need to exist:
Removed:
ExchangeCredential— credential exchange uses the existing OAuth token exchange endpoint (POST /oauth2/token, RFC 8693). The SDK already does this with public clients. No new RPC needed.SyncPolicy— future feature. Add when we build it.CredentialInjection,CredentialKind,ExchangeCredentialRequest/Response,SyncPolicyRequest/Response,PolicyTuple— all associated message types.What remains (4 RPCs):
ProcessHookEvent(bidi stream) — hook telemetryCreateSession— start a sessionHeartbeat— keep aliveEndSession— terminateAlso clarified: auth uses the user's OIDC bearer token from
kontext login, not applicationclient_credentials.This is a breaking change against the previous proto. No consumers are deployed yet — the CLI PR (#3) will regenerate after this merges.
🤖 Generated with Claude Code