82e2593332
Previous logout fired fetch(end_session, {mode:'no-cors'}), which is a
no-op for OIDC: cross-origin fetch never clears the IdP's session cookie.
Result: subsequent SSO clicks silently re-authenticated the prior user.
New flow:
1. Best-effort POST /auth/logout to bump token_revoked_before.
2. Clear localStorage + Zustand state.
3. Set sessionStorage 'cameleer:signed_out=1' so /login renders a
confirmation splash (mirrors cameleer-saas pattern).
4. window.location.replace(end_session_endpoint?id_token_hint=...
&post_logout_redirect_uri=...&client_id=...) — top-level navigation,
the only form that actually clears the IdP session cookie.
client_id is now persisted at OIDC initiation alongside
end_session_endpoint and id_token, so logout has all three params
without an extra round-trip.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Cameleer UI
React SPA built with @cameleer/design-system v0.1.28, TanStack Query, and Zustand.
Development
npm install
npm run dev
By default the dev server proxies /api/* to http://localhost:8081. To proxy to a remote server instead:
VITE_API_TARGET=http://192.168.50.86:30081 npm run dev
No CORS issues — Vite's proxy makes API calls server-side.
Build
npm run build
API Types
Regenerate TypeScript types from a running backend:
npm run generate-api # Requires backend running on :8081
Key Features
- Composable sidebar with accordion behavior (Applications / Starred / Admin sections)
- Context-aware cmd-k search: shows apps/routes/exchanges on operational pages, users/groups/roles on admin pages
- LIVE mode toggle: when ON, queries poll at intervals (5s-30s); when OFF, sidebar clicks trigger manual refresh
- Route control bar with state-aware buttons (start/stop/suspend/resume) and confirmation dialogs
- Event-type icons in agent timeline with severity-based coloring