ui/src/api/client.ts

import createClient, { type Middleware } from 'openapi-fetch';
import type { paths } from './schema';
import { config } from '../config';
import { useAuthStore } from '../auth/auth-store';

let getAccessToken: () => string | null = () =>
  useAuthStore.getState().accessToken;
let onUnauthorized: () => void = () => {};

export function configureAuth(opts: {
  getAccessToken?: () => string | null;
  onUnauthorized: () => void;
}) {
  if (opts.getAccessToken) getAccessToken = opts.getAccessToken;
  onUnauthorized = opts.onUnauthorized;
}

const authMiddleware: Middleware = {
  async onRequest({ request }) {
    const token = getAccessToken();
    if (token) {
      request.headers.set('Authorization', `Bearer ${token}`);
    }
    request.headers.set('X-Cameleer-Protocol-Version', '1');
    return request;
  },
  async onResponse({ response }) {
    if (response.status === 401 || response.status === 403) {
      onUnauthorized();
    }
    return response;
  },
};

export const api = createClient<paths>({ baseUrl: config.apiBaseUrl });
api.use(authMiddleware);
Add React UI with Execution Explorer, auth, and standalone deployment - Scaffold Vite + React + TypeScript frontend in ui/ with full design system (dark/light themes) matching the HTML mockups - Implement Execution Explorer page: search filters, results table with expandable processor tree and exchange detail sidebar, pagination - Add UI authentication: UiAuthController (login/refresh endpoints), JWT filter handles ui: subject prefix, CORS configuration - Shared components: StatusPill, DurationBar, StatCard, AppBadge, FilterChip, Pagination — all using CSS Modules with design tokens - API client layer: openapi-fetch with auth middleware, TanStack Query hooks for search/detail/snapshot queries, Zustand for state - Standalone deployment: Nginx Dockerfile, K8s Deployment + ConfigMap + NodePort (30080), runtime config.js for API base URL - Embedded mode: maven-resources-plugin copies ui/dist into JAR static resources, SPA forward controller for client-side routing - CI/CD: UI build step, Docker build/push for server-ui image, K8s deploy step for UI, UI credential secrets Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-13 13:59:22 +01:00			`import createClient, { type Middleware } from 'openapi-fetch';`
			`import type { paths } from './schema';`
			`import { config } from '../config';`
Fix 401 race condition: wire getAccessToken at module level The auth store loads tokens from localStorage synchronously at import time, but configureAuth() was deferred to a useEffect — so the first API requests fired before the token getter was wired, causing 401s on hard refresh. Now getAccessToken reads from the store by default. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-13 22:09:46 +01:00			`import { useAuthStore } from '../auth/auth-store';`
Add React UI with Execution Explorer, auth, and standalone deployment - Scaffold Vite + React + TypeScript frontend in ui/ with full design system (dark/light themes) matching the HTML mockups - Implement Execution Explorer page: search filters, results table with expandable processor tree and exchange detail sidebar, pagination - Add UI authentication: UiAuthController (login/refresh endpoints), JWT filter handles ui: subject prefix, CORS configuration - Shared components: StatusPill, DurationBar, StatCard, AppBadge, FilterChip, Pagination — all using CSS Modules with design tokens - API client layer: openapi-fetch with auth middleware, TanStack Query hooks for search/detail/snapshot queries, Zustand for state - Standalone deployment: Nginx Dockerfile, K8s Deployment + ConfigMap + NodePort (30080), runtime config.js for API base URL - Embedded mode: maven-resources-plugin copies ui/dist into JAR static resources, SPA forward controller for client-side routing - CI/CD: UI build step, Docker build/push for server-ui image, K8s deploy step for UI, UI credential secrets Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-13 13:59:22 +01:00
Fix 401 race condition: wire getAccessToken at module level The auth store loads tokens from localStorage synchronously at import time, but configureAuth() was deferred to a useEffect — so the first API requests fired before the token getter was wired, causing 401s on hard refresh. Now getAccessToken reads from the store by default. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-13 22:09:46 +01:00			`let getAccessToken: () => string \| null = () =>`
			`useAuthStore.getState().accessToken;`
Add React UI with Execution Explorer, auth, and standalone deployment - Scaffold Vite + React + TypeScript frontend in ui/ with full design system (dark/light themes) matching the HTML mockups - Implement Execution Explorer page: search filters, results table with expandable processor tree and exchange detail sidebar, pagination - Add UI authentication: UiAuthController (login/refresh endpoints), JWT filter handles ui: subject prefix, CORS configuration - Shared components: StatusPill, DurationBar, StatCard, AppBadge, FilterChip, Pagination — all using CSS Modules with design tokens - API client layer: openapi-fetch with auth middleware, TanStack Query hooks for search/detail/snapshot queries, Zustand for state - Standalone deployment: Nginx Dockerfile, K8s Deployment + ConfigMap + NodePort (30080), runtime config.js for API base URL - Embedded mode: maven-resources-plugin copies ui/dist into JAR static resources, SPA forward controller for client-side routing - CI/CD: UI build step, Docker build/push for server-ui image, K8s deploy step for UI, UI credential secrets Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-13 13:59:22 +01:00			`let onUnauthorized: () => void = () => {};`

			`export function configureAuth(opts: {`
Fix 401 race condition: wire getAccessToken at module level The auth store loads tokens from localStorage synchronously at import time, but configureAuth() was deferred to a useEffect — so the first API requests fired before the token getter was wired, causing 401s on hard refresh. Now getAccessToken reads from the store by default. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-13 22:09:46 +01:00			`getAccessToken?: () => string \| null;`
Add React UI with Execution Explorer, auth, and standalone deployment - Scaffold Vite + React + TypeScript frontend in ui/ with full design system (dark/light themes) matching the HTML mockups - Implement Execution Explorer page: search filters, results table with expandable processor tree and exchange detail sidebar, pagination - Add UI authentication: UiAuthController (login/refresh endpoints), JWT filter handles ui: subject prefix, CORS configuration - Shared components: StatusPill, DurationBar, StatCard, AppBadge, FilterChip, Pagination — all using CSS Modules with design tokens - API client layer: openapi-fetch with auth middleware, TanStack Query hooks for search/detail/snapshot queries, Zustand for state - Standalone deployment: Nginx Dockerfile, K8s Deployment + ConfigMap + NodePort (30080), runtime config.js for API base URL - Embedded mode: maven-resources-plugin copies ui/dist into JAR static resources, SPA forward controller for client-side routing - CI/CD: UI build step, Docker build/push for server-ui image, K8s deploy step for UI, UI credential secrets Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-13 13:59:22 +01:00			`onUnauthorized: () => void;`
			`}) {`
Fix 401 race condition: wire getAccessToken at module level The auth store loads tokens from localStorage synchronously at import time, but configureAuth() was deferred to a useEffect — so the first API requests fired before the token getter was wired, causing 401s on hard refresh. Now getAccessToken reads from the store by default. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-13 22:09:46 +01:00			`if (opts.getAccessToken) getAccessToken = opts.getAccessToken;`
Add React UI with Execution Explorer, auth, and standalone deployment - Scaffold Vite + React + TypeScript frontend in ui/ with full design system (dark/light themes) matching the HTML mockups - Implement Execution Explorer page: search filters, results table with expandable processor tree and exchange detail sidebar, pagination - Add UI authentication: UiAuthController (login/refresh endpoints), JWT filter handles ui: subject prefix, CORS configuration - Shared components: StatusPill, DurationBar, StatCard, AppBadge, FilterChip, Pagination — all using CSS Modules with design tokens - API client layer: openapi-fetch with auth middleware, TanStack Query hooks for search/detail/snapshot queries, Zustand for state - Standalone deployment: Nginx Dockerfile, K8s Deployment + ConfigMap + NodePort (30080), runtime config.js for API base URL - Embedded mode: maven-resources-plugin copies ui/dist into JAR static resources, SPA forward controller for client-side routing - CI/CD: UI build step, Docker build/push for server-ui image, K8s deploy step for UI, UI credential secrets Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-13 13:59:22 +01:00			`onUnauthorized = opts.onUnauthorized;`
			`}`

			`const authMiddleware: Middleware = {`
			`async onRequest({ request }) {`
			`const token = getAccessToken();`
			`if (token) {`
			request.headers.set('Authorization', `Bearer ${token}`);
			`}`
Fix UI missing protocol version header causing agents endpoint 400 The ProtocolVersionInterceptor requires X-Cameleer-Protocol-Version: 1 on /api/v1/agents/** but the UI client middleware wasn't sending it, causing the agents GET to fail silently in the command palette. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-13 17:28:14 +01:00			`request.headers.set('X-Cameleer-Protocol-Version', '1');`
Add React UI with Execution Explorer, auth, and standalone deployment - Scaffold Vite + React + TypeScript frontend in ui/ with full design system (dark/light themes) matching the HTML mockups - Implement Execution Explorer page: search filters, results table with expandable processor tree and exchange detail sidebar, pagination - Add UI authentication: UiAuthController (login/refresh endpoints), JWT filter handles ui: subject prefix, CORS configuration - Shared components: StatusPill, DurationBar, StatCard, AppBadge, FilterChip, Pagination — all using CSS Modules with design tokens - API client layer: openapi-fetch with auth middleware, TanStack Query hooks for search/detail/snapshot queries, Zustand for state - Standalone deployment: Nginx Dockerfile, K8s Deployment + ConfigMap + NodePort (30080), runtime config.js for API base URL - Embedded mode: maven-resources-plugin copies ui/dist into JAR static resources, SPA forward controller for client-side routing - CI/CD: UI build step, Docker build/push for server-ui image, K8s deploy step for UI, UI credential secrets Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-13 13:59:22 +01:00			`return request;`
			`},`
			`async onResponse({ response }) {`
Redirect to login on expired/invalid auth Backend now returns 401 instead of 403 for unauthenticated requests via HttpStatusEntryPoint. UI middleware handles both 401 and 403, triggering token refresh and redirecting to /login on failure. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-13 17:39:29 +01:00			`if (response.status === 401 \|\| response.status === 403) {`
Add React UI with Execution Explorer, auth, and standalone deployment - Scaffold Vite + React + TypeScript frontend in ui/ with full design system (dark/light themes) matching the HTML mockups - Implement Execution Explorer page: search filters, results table with expandable processor tree and exchange detail sidebar, pagination - Add UI authentication: UiAuthController (login/refresh endpoints), JWT filter handles ui: subject prefix, CORS configuration - Shared components: StatusPill, DurationBar, StatCard, AppBadge, FilterChip, Pagination — all using CSS Modules with design tokens - API client layer: openapi-fetch with auth middleware, TanStack Query hooks for search/detail/snapshot queries, Zustand for state - Standalone deployment: Nginx Dockerfile, K8s Deployment + ConfigMap + NodePort (30080), runtime config.js for API base URL - Embedded mode: maven-resources-plugin copies ui/dist into JAR static resources, SPA forward controller for client-side routing - CI/CD: UI build step, Docker build/push for server-ui image, K8s deploy step for UI, UI credential secrets Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-13 13:59:22 +01:00			`onUnauthorized();`
			`}`
			`return response;`
			`},`
			`};`

			`export const api = createClient<paths>({ baseUrl: config.apiBaseUrl });`
			`api.use(authMiddleware);`