Skip to content

fix: route auth hints to comfy cloud login instead of nonexistent comfy auth login#512

Open
mattmillerai wants to merge 3 commits into
mainfrom
matt/be-2975-fix-auth-login-refs
Open

fix: route auth hints to comfy cloud login instead of nonexistent comfy auth login#512
mattmillerai wants to merge 3 commits into
mainfrom
matt/be-2975-fix-auth-login-refs

Conversation

@mattmillerai

Copy link
Copy Markdown
Collaborator

ELI-5

If your Comfy Cloud session expired, several error messages and help texts told you to run comfy auth login to sign back in. That command doesn't exist — comfy auth only manages third-party model-host API tokens (Civitai, Hugging Face), and it has no login. The real sign-in command is comfy cloud login. This PR fixes all seven bad hints (plus one stale comment) so users — and agents — get sent to a command that actually works.

What changed

Corrected every user-facing reference to the nonexistent comfy auth logincomfy cloud login:

  • comfy_cli/cloud/oauth.py — 4 OAuth error hints (timeout, authorize failure, token-exchange failure, refresh failure)
  • comfy_cli/command/jobs.py — the jobs --where option help (agent-facing) and the cloud_unauthorized error hint
  • comfy_cli/command/run/__init__.py — the cloud_unauthorized error hint
  • comfy_cli/command/run_cli.py — the demo step description
  • comfy_cli/output/branding.py — a stale code comment ("shown after auth login success")

Also tightened the two signed-out-banner tests (tests/comfy_cli/output/test_branding.py) from a permissive "comfy auth login" in out or "comfy cloud login" in out into an exact comfy cloud login assertion plus a "comfy auth login" not in out guard, so this class of regression is now caught by the suite.

Verified comfy cloud login is the real command: comfy_cli/cloud/command.py:42 registers @app.command("login") under the cloud typer group (cmdline.py:1637). setup.py already used the correct command.

Acceptance

  1. ✅ Repo-wide git grep "auth login" now returns zero user-facing hits — the only remaining matches are the two negative test assertions that guard against the string reappearing.
  2. ✅ Verified against current main (audit snapshot @ a732f5c matched HEAD; edits made by content, not line number).

Out of scope — flagged follow-up (comfy auth whoami)

While auditing I found a sibling bug of the same class: 7 references route users to comfy auth whoami, which was deliberately removed as a command (see tests/comfy_cli/auth/test_auth_command.py:223test_legacy_auth_whoami_is_gone). The correct command is comfy cloud whoami. Locations:

  • comfy_cli/command/jobs.py:1097
  • comfy_cli/command/models/search.py:176, :486
  • comfy_cli/command/workflow.py:659
  • comfy_cli/command/run_cli.py:519 (step title), :522, :524/:525 (invocations + labels) — one of these sits in the same demo step as a line this PR edits

I scoped these OUT of this PR because they are a distinct correction (whoami, not login) spanning 5 files, and this ticket was explicitly the auth login set. Recommend a separate ticket to fix them (same tool-surface audit spirit; the run_cli.py invocations would actually error at runtime, though they are marked optional=True).

Testing

  • ruff check + ruff format --check on all changed files: clean
  • pytest tests/comfy_cli/output/test_branding.py tests/comfy_cli/auth/ tests/comfy_cli/command/test_run_cli.py tests/comfy_cli/command/test_run.py: 203 passed

…comfy auth login`

The `auth` command group manages third-party model-host API tokens
(Civitai, Hugging Face) and has no `login` subcommand. Comfy Cloud
sign-in is `comfy cloud login`. Seven help/hint/error strings (plus a
stale comment) pointed users and agents at the dead `comfy auth login`,
including the agent-facing `jobs --where` option help. Correct them all
and tighten the signed-out banner tests to guard the hint.
@dosubot dosubot Bot added size:S This PR changes 10-29 lines, ignoring generated files. bug Something isn't working labels Jul 14, 2026
@coderabbitai

coderabbitai Bot commented Jul 14, 2026

Copy link
Copy Markdown

Review Change Stack

Warning

Review limit reached

You’ve reached a temporary PR review limit under our Fair Usage Limits Policy.

Your recent review volume is higher than typical usage, so adaptive limits are currently applied.

Next review available in: 50 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 13380b31-e0d6-4d29-8dd9-aa208d3e2a8c

📥 Commits

Reviewing files that changed from the base of the PR and between 54e3713 and e828256.

📒 Files selected for processing (4)
  • comfy_cli/command/jobs.py
  • comfy_cli/command/models/search.py
  • comfy_cli/command/workflow.py
  • tests/comfy_cli/command/test_run_cli.py
📝 Walkthrough

Walkthrough

Cloud authentication guidance was updated across OAuth errors, jobs and cloud execution messages, run CLI examples, capability output, branding documentation, and related tests.

Changes

Cloud command guidance

Layer / File(s) Summary
Runtime authentication hints
comfy_cli/cloud/oauth.py, comfy_cli/command/jobs.py, comfy_cli/command/run/__init__.py
OAuth failures, cloud job usage, and unauthenticated cloud execution now direct users to comfy cloud login.
Cloud CLI demo surface
comfy_cli/command/run_cli.py
Demo commands and capability output now use cloud whoami instead of auth whoami.
Branding and validation
comfy_cli/output/branding.py, tests/comfy_cli/command/test_run_cli.py, tests/comfy_cli/output/test_branding.py
Banner documentation and tests now require cloud-specific login guidance and updated CLI step coverage.
🚥 Pre-merge checks | ✅ 2
✅ Passed checks (2 passed)
Check name Status Explanation
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch matt/be-2975-fix-auth-login-refs
✨ Simplify code
  • Create PR with simplified code
  • Commit simplified code in branch matt/be-2975-fix-auth-login-refs

Comment @coderabbitai help to get the list of available commands.

@mattmillerai mattmillerai added cursor-review Request Cursor bot review agent-coded PR authored by the agent-work loop labels Jul 14, 2026

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔍 Cursor Review — Consolidated panel

Triggered by @mattmillerai.

Found 1 finding(s).

Severity Count
🟡 Medium 1

Panel: 6/8 reviewers contributed findings.

Reviewers that did not contribute: kimi-k2.5:adversarial (empty), kimi-k2.5:edge-case (empty)

Comment thread comfy_cli/command/run_cli.py Outdated
The interactive demo's sign-in step invoked `comfy auth whoami`, which was
deliberately removed (test_legacy_auth_whoami_is_gone) — the command now lives
at `comfy cloud whoami`. Update the step title, both invocations, and the
capabilities summary so the walkthrough runs a command that actually exists.
Adjust the step-coverage test needle from "auth" to "whoami" to match.

Addresses cursor-review (gemini-3.1-pro edge-case) thread on PR #512.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@mattmillerai

Copy link
Copy Markdown
Collaborator Author

Status update (automated resolver):

  • ✅ Addressed the cursor-review finding on the demo whoami step (54e3713) — resolved that thread.
  • ⚠️ The failing "Windows Specific Commands" check is a pre-existing environmental failure, not caused by this diff. It dies in comfy install --fast-deps while resolving ComfyUI's requirements.compiled (ImportError: cannot import name '__version__' from 'pydantic_core'). The same job is red on every open PR from today (be-2975/2976/2977/2978) but was green this morning on another branch, so it's an upstream dependency-resolution regression that a string-only PR can't fix. The Linux/macOS test matrices, build, ruff, and cursor-review all pass.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
tests/comfy_cli/command/test_run_cli.py (1)

28-46: 🎯 Functional Correctness | 🔵 Trivial | ⚡ Quick win

Assert the exact cloud command, not only the title.

This test would pass if the title said whoami while invocations still ran comfy auth whoami. Assert the step’s invocation argv/labels contain cloud whoami and exclude auth whoami, keeping the regression net tight and the demo out of the auth weeds.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tests/comfy_cli/command/test_run_cli.py` around lines 28 - 46, Strengthen
test_build_steps_contains_full_surface by locating the whoami step and asserting
its invocation argv or labels include “cloud whoami” and do not include “auth
whoami”; retain the existing title coverage while verifying the exact cloud
command.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@tests/comfy_cli/command/test_run_cli.py`:
- Around line 28-46: Strengthen test_build_steps_contains_full_surface by
locating the whoami step and asserting its invocation argv or labels include
“cloud whoami” and do not include “auth whoami”; retain the existing title
coverage while verifying the exact cloud command.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 2f12adf0-e6e1-4e9f-b6c4-3fd1e5d9e8c6

📥 Commits

Reviewing files that changed from the base of the PR and between a732f5c and 54e3713.

⛔ Files ignored due to path filters (1)
  • uv.lock is excluded by !**/*.lock
📒 Files selected for processing (7)
  • comfy_cli/cloud/oauth.py
  • comfy_cli/command/jobs.py
  • comfy_cli/command/run/__init__.py
  • comfy_cli/command/run_cli.py
  • comfy_cli/output/branding.py
  • tests/comfy_cli/command/test_run_cli.py
  • tests/comfy_cli/output/test_branding.py

Four cloud error paths (job cancel, workflow HTTP errors, cloud model
list/search) still pointed users at `comfy auth whoami`, which does not
exist — the `auth` group only has list/set/remove, and sign-in status
lives under `comfy cloud whoami`. Same class of bug this PR set out to
fix for `auth login`.

Also strengthen the run_cli demo test per CodeRabbit: assert the whoami
step's argv/labels target `cloud whoami` and never `auth whoami`.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@dosubot dosubot Bot added size:M This PR changes 30-99 lines, ignoring generated files. and removed size:S This PR changes 10-29 lines, ignoring generated files. labels Jul 14, 2026
@mattmillerai

Copy link
Copy Markdown
Collaborator Author

Addressed review + self-review in e828256:

  • CodeRabbit suggestion (strengthen whoami test): test_build_steps_contains_full_surface now backed by a focused test_whoami_step_targets_cloud_not_auth that locates the whoami demo step and asserts its invocation argv/labels are cloud whoami and never auth whoami.
  • Missed call sites (self-review): found four remaining cloud error hints still pointing at the nonexistent comfy auth whoami (jobs.py cancel, workflow.py cloud HTTP errors, models/search.py cloud list/search). All are cloud-context paths, so routed to comfy cloud whoami (verified it exists via comfy cloud --help; comfy auth only has list/set/remove). Repo-wide grep now shows zero auth login/auth whoami references in source.

Verified the redirect targets are real commands, not dead-ends: comfy cloud login and comfy cloud whoami both exist in the live CLI.

Full suite: 2574 passed, 37 skipped. ruff clean.

Note: the failing "Windows Specific Commands" check is an unrelated infra failure — ComfyUI's requirements.compiled install aborts on Windows with a pydantic_core import error during comfy install, independent of these hint-string changes (the optional bench extra is not installed by pip install -e .). Re-running via the new push.

@mattmillerai

Copy link
Copy Markdown
Collaborator Author

Resolver root-cause on the failing test (Windows) check — safe to merge past:

The Windows test job dies in dependency install, not in any test:

comfy --skip-prompt --workspace ./ComfyUI install --fast-deps ...
error: failed to remove file `...\venv\Lib\site-packages\pydantic_core/_pydantic_core.cp312-win_amd64.pyd`: Access is denied. (os error 5)
→ ImportError: cannot import name '__version__' from 'pydantic_core'

This is a Windows file-lock race: comfy install --fast-deps (uv) tries to reinstall pydantic-core for ComfyUI and can't remove the already-loaded .pyd. It reproduced identically on re-run and is environmental / pre-existing — it hits main equally.

This diff cannot cause it: the failing step is pip install -e . + comfy install, which install from pyproject.toml, not uv.lock; and the added anthropic dep is an optional [bench] extra that isn't installed on this path. (The uv.lock change here just re-syncs main's stale lockfile, which declares anthropic>=0.40 but never locked it.)

All review threads are resolved, Cursor/CodeRabbit findings addressed, local suite green (218 passed), and CI-pinned ruff 0.15.15 clean. mergeStateStatus is UNSTABLE (non-required check), so this red X does not block merge.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

agent-coded PR authored by the agent-work loop bug Something isn't working cursor-review Request Cursor bot review size:M This PR changes 30-99 lines, ignoring generated files.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant