feat(vk): launch diagnostic on a direct /vk/ open instead of a guest #256

Merged
developer merged 1 commits from feature/vk-launch-diagnostic into development 2026-07-13 21:42:51 +00:00
Owner

Problem

Opening the dedicated /vk/ entry directly in an ordinary browser (no signed VK launch) fell through to the web flow and silently started a throwaway guest — wrong for a VK-only entry. The /telegram/ entry already shows a shareable launch-diagnostic screen in the equivalent situation; this brings /vk/ to parity.

What changed

  • Boot branch — a new guard onVKPath() && !insideVK() sets app.launchError and returns, stopping the fall-through to guest/login. Mirrors the /telegram/ diagnostic guard.
  • Passive VK diagnostic (owner's choice — no VK Bridge round-trip): reads the URL launch-parameter names (never the sign value — auth material), whether the URL was signed, vk_platform, the iframe / referrer context, plus the shared client-environment lines. VK signs the launch URL at load, so its parameters never arrive late — hence the VK screen offers Share only, no Retry (a Retry could not recover them).
  • Generalised screenTelegramLaunchError.svelteLaunchError.svelte, rendering a neutral pre-formatted report + a per-platform title, with Retry gated on a retry flag (Telegram true, VK false). app.launchError is now a neutral LaunchDiag { platform, report, retry }.
  • New lib/launchdiag.ts — the shared pieces both platforms reuse: the LaunchDiag shape, the client-environment lines, and the query field-name reader (moved out of telegram.ts so VK doesn't duplicate them).

Privacy

The report carries only presence / identification signals and field names, never the signed launch data (sign / initData) itself, nor an IP — same guarantee as the Telegram diagnostic. A unit test asserts the sign value never leaks into the report.

Tests

  • vk.test.ts: pure vkDiagLines units (unsigned browser open, signed launch, and the sign-value-never-leaks guard) + a vkLaunchDiag shape test.
  • i18n: launch.errorTitleVk (en/ru).

Docs

docs/FUNCTIONAL.md (+_ru) user story and docs/ARCHITECTURE.md entry-path note.

Verification (local)

  • vitest run — 622 passed / 9 skipped (+3 new).
  • svelte-check — 0 errors / 0 warnings.
  • vite build — clean.
  • Not driven end-to-end in a live VK client (the mock e2e can't reproduce a VK launch); the diagnostic path is covered by the pure units + the boot-branch logic. Reviewable on the PR-deploy contour: /vk/ in a plain browser now shows the diagnostic instead of a guest.
## Problem Opening the dedicated `/vk/` entry directly in an ordinary browser (no signed VK launch) fell through to the web flow and **silently started a throwaway guest** — wrong for a VK-only entry. The `/telegram/` entry already shows a shareable launch-diagnostic screen in the equivalent situation; this brings `/vk/` to parity. ## What changed - **Boot branch** — a new guard `onVKPath() && !insideVK()` sets `app.launchError` and returns, stopping the fall-through to guest/login. Mirrors the `/telegram/` diagnostic guard. - **Passive VK diagnostic** (owner's choice — no VK Bridge round-trip): reads the URL launch-parameter **names** (never the `sign` value — auth material), whether the URL was signed, `vk_platform`, the iframe / referrer context, plus the shared client-environment lines. VK signs the launch URL at load, so its parameters never arrive late — hence the VK screen offers **Share only, no Retry** (a Retry could not recover them). - **Generalised screen** — `TelegramLaunchError.svelte` → `LaunchError.svelte`, rendering a neutral pre-formatted report + a per-platform title, with Retry gated on a `retry` flag (Telegram `true`, VK `false`). `app.launchError` is now a neutral `LaunchDiag { platform, report, retry }`. - **New `lib/launchdiag.ts`** — the shared pieces both platforms reuse: the `LaunchDiag` shape, the client-environment lines, and the query field-**name** reader (moved out of `telegram.ts` so VK doesn't duplicate them). ## Privacy The report carries only presence / identification signals and field **names**, never the signed launch data (`sign` / initData) itself, nor an IP — same guarantee as the Telegram diagnostic. A unit test asserts the `sign` value never leaks into the report. ## Tests - `vk.test.ts`: pure `vkDiagLines` units (unsigned browser open, signed launch, and the `sign`-value-never-leaks guard) + a `vkLaunchDiag` shape test. - i18n: `launch.errorTitleVk` (en/ru). ## Docs `docs/FUNCTIONAL.md` (+`_ru`) user story and `docs/ARCHITECTURE.md` entry-path note. ## Verification (local) - `vitest run` — 622 passed / 9 skipped (+3 new). - `svelte-check` — 0 errors / 0 warnings. - `vite build` — clean. - Not driven end-to-end in a live VK client (the mock e2e can't reproduce a VK launch); the diagnostic path is covered by the pure units + the boot-branch logic. Reviewable on the PR-deploy contour: `/vk/` in a plain browser now shows the diagnostic instead of a guest.
developer added 1 commit 2026-07-13 21:25:53 +00:00
feat(vk): show a launch diagnostic on a direct /vk/ open instead of a guest
CI / changes (pull_request) Successful in 2s
CI / unit (pull_request) Has been skipped
CI / integration (pull_request) Has been skipped
CI / ui (pull_request) Successful in 1m13s
CI / conformance (pull_request) Successful in 10s
CI / gate (pull_request) Successful in 0s
CI / deploy (pull_request) Successful in 2m7s
cc34622630
Opening the dedicated /vk/ entry directly in an ordinary browser (no signed VK
launch) fell through to the web flow and silently started a throwaway guest,
which is wrong for a VK-only entry. Mirror the existing /telegram/ launch-error
behaviour: render a compact, shareable, privacy-safe diagnostic screen instead.

- Boot: a new branch `onVKPath() && !insideVK()` sets app.launchError and stops
  the fall-through, the VK counterpart of the /telegram/ diagnostic guard.
- Diagnostic (passive, no VK Bridge round-trip): reads the URL launch-parameter
  NAMES (never the `sign` value — auth material), whether the URL was signed,
  `vk_platform`, the iframe/referrer context, plus the shared client-environment
  lines. VK signs the launch URL at load, so — unlike Telegram's initData — the
  parameters never arrive late; hence the VK screen offers Share only, no Retry.
- Generalise the screen: TelegramLaunchError.svelte -> LaunchError.svelte, which
  renders a neutral pre-formatted report and a per-platform title, with Retry
  gated on a `retry` flag (Telegram true, VK false). app.launchError is now a
  neutral LaunchDiag { platform, report, retry }.
- New lib/launchdiag.ts holds the shared pieces both platforms reuse: the
  LaunchDiag shape, the client-environment lines, and the query field-NAME
  reader (moved out of telegram.ts so VK does not duplicate them).

Tests: pure vkDiagLines units, incl. a guard that the `sign` value never leaks
into the report. i18n: launch.errorTitleVk (en/ru). Docs: FUNCTIONAL (+ru) user
story and ARCHITECTURE entry-path note.
owner approved these changes 2026-07-13 21:42:37 +00:00
developer merged commit efeed17abc into development 2026-07-13 21:42:51 +00:00
developer deleted branch feature/vk-launch-diagnostic 2026-07-13 21:42:51 +00:00
Sign in to join this conversation.
No Reviewers
No Label
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: developer/scrabble-game#256