Skip to content

Fix MiMo Firefox session cookie import#1565

Open
aaronflorey wants to merge 9 commits into
steipete:mainfrom
aaronflorey:fix/mimo-firefox-cookies
Open

Fix MiMo Firefox session cookie import#1565
aaronflorey wants to merge 9 commits into
steipete:mainfrom
aaronflorey:fix/mimo-firefox-cookies

Conversation

@aaronflorey

@aaronflorey aaronflorey commented Jun 15, 2026

Copy link
Copy Markdown

Summary

  • recover complete Xiaomi MiMo authentication from Firefox's current session-cookie state when cookies.sqlite lacks usable auth rows
  • follow Firefox's current/recovery/backup ordering while keeping the first structurally valid state authoritative
  • decode only canonical bounded MOZLZ4 data and accept only known MiMo cookies from the default, unpartitioned Firefox context
  • keep session and persisted sources independent so partial or stale data is never combined into synthetic authentication

Maintainer hardening

  • rebased on current main and removed the stale contributor changelog edit; the maintainer changelog is added after landing
  • introduced typed input, decoded-output, and cookie-count limit outcomes
  • made resource-limit violations terminal: an unsafe current state can no longer resurrect credentials from an older backup
  • preserve current persisted cookies when session recovery is unavailable or resource-limited
  • kept ordinary corruption recoverable; a wrong decoded-size header still falls through to a valid backup
  • made Firefox-detection coverage independent of apps installed on the test machine

Safety behavior

  • each candidate is capped at 64 MiB input, 128 MiB decoded output, and 4,096 top-level cookies before filtering
  • resource-limit violations stop candidate traversal and fail closed
  • malformed or unreadable candidates may continue through Firefox's defined recovery order
  • the first successfully decoded state remains authoritative even when empty or partial
  • non-default container, private-browsing, partitioned, unknown-origin, and wrong-typed origin attributes are rejected
  • cookie values are never logged

Proof

  • focused MiMo provider suite: 49 tests passed
  • focused Firefox importer suite: 11 tests passed
  • make check: clean
  • full suite: all 47 groups passed; one unrelated Kimi timing assertion passed on the built-in retry
  • autoreview: decoded-size corruption finding fixed; final review clean with 0 actionable findings
  • production importer parsed this Mac's real current Firefox restore file without exposing data; no authenticated MiMo session was present, so no external authenticated fetch is claimed
  • signed app packaged, launched, and remained running from this exact head

Exact reviewed head: 5239ca6b54a7f128713dfe38a64a455be7f80e46

Thanks @aaronflorey for the contribution.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: ae2aec1db7

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread Sources/CodexBarCore/Providers/MiMo/MiMoCookieImporter.swift Outdated
@clawsweeper

clawsweeper Bot commented Jun 19, 2026

Copy link
Copy Markdown

Codex review: needs real behavior proof before merge. Reviewed July 5, 2026, 2:13 AM ET / 06:13 UTC.

Summary
The branch adds bounded Firefox sessionstore parsing for MiMo cookies, routes recovered session records through the MiMo importer, and adds focused parser/provider regression tests.

Reproducibility: yes. at source level: current main imports MiMo Firefox cookies only through persisted SweetCookieKit rows and has no sessionstore recovery path, so session-only Firefox auth is not covered. I did not run live browser-cookie import because repository policy warns against unattended Keychain/browser-cookie probes.

Review metrics: 2 noteworthy metrics.

  • Changed surface: 4 files, +1144/-2. Most changes are in the MiMo auth-cookie importer and focused tests, so maintainer review should focus on provider behavior and proof.
  • Test expansion: 2 test files, +692 lines. The branch adds broad synthetic coverage for Firefox sessionstore recovery, parser limits, and precedence decisions.

Merge readiness
Overall: 🧂 unranked krab
Proof: 🧂 unranked krab
Patch quality: 🦞 diamond lobster
Result: blocked until stronger real behavior proof is added.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

  • [P1] Add redacted latest-head proof from a real authorized Firefox MiMo profile, using terminal output, logs, copied live output, screenshot, recording, or a linked artifact.
  • Update the PR body after adding proof; ClawSweeper should re-review automatically, or a maintainer can comment @clawsweeper re-review.

Proof guidance:

  • [P1] Needs stronger real behavior proof before merge: The PR body reports tests and a real non-authenticated Firefox restore parse, but it does not show the changed behavior recovering an authenticated MiMo session from a real Firefox profile; proof should redact private details such as cookie values, account data, API keys, phone numbers, IP addresses, and non-public endpoints. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.

Risk before merge

  • [P1] No proof currently shows successful authenticated MiMo recovery from a real Firefox sessionstore on the current head; the PR body says no authenticated MiMo session was present.
  • [P1] The PR changes how MiMo authentication cookies are discovered, filtered, and prioritized for Firefox profiles, so maintainers should explicitly accept the source-isolated precedence behavior before merge.

Maintainer options:

  1. Require real Firefox MiMo proof (recommended)
    Ask for redacted latest-head proof from an authorized Firefox profile showing sessionstore recovery reaches usable MiMo authentication without exposing cookie values or account details.
  2. Accept synthetic auth coverage
    Maintainers can merge based on the focused parser/provider tests and non-authenticated restore-file parse while explicitly accepting that live account recovery was not demonstrated.
  3. Pause until credentials are available
    Keep the PR open if nobody can safely provide authorized real Firefox MiMo proof for this auth-provider change.

Next step before merge

  • [P1] Manual maintainer review is needed because automation cannot provide authorized real Firefox MiMo session proof or accept the auth-provider merge risk.

Security
Cleared: The diff is auth-sensitive but adds bounded local parsing, strict cookie scope filtering, and no dependency, workflow, secret, or supply-chain changes.

Review details

Best possible solution:

Land the bounded Firefox sessionstore importer after redacted latest-head real Firefox proof shows usable MiMo session recovery, or after a maintainer explicitly accepts synthetic coverage for this auth-provider path.

Do we have a high-confidence way to reproduce the issue?

Yes at source level: current main imports MiMo Firefox cookies only through persisted SweetCookieKit rows and has no sessionstore recovery path, so session-only Firefox auth is not covered. I did not run live browser-cookie import because repository policy warns against unattended Keychain/browser-cookie probes.

Is this the best way to solve the issue?

Yes for the code direction: the bounded parser plus source-isolated replacement path is narrow, covered by focused tests, and matches the owner-stated behavior. It is not merge-ready until real latest-head auth-provider proof is provided or maintainers intentionally accept synthetic coverage.

AGENTS.md: found and applied where relevant.

Codex review notes: model internal, reasoning high; reviewed against f1de7006027e.

Label changes

Label justifications:

  • P2: This is a normal-priority provider-auth bug fix with limited blast radius to MiMo Firefox cookie import.
  • merge-risk: 🚨 auth-provider: The PR changes how MiMo authentication cookies are discovered, filtered, and prioritized for Firefox profiles.
  • rating: 🧂 unranked krab: Overall readiness is 🧂 unranked krab; proof is 🧂 unranked krab and patch quality is 🦞 diamond lobster.
  • status: 📣 needs proof: The PR needs real behavior proof before ClawSweeper can clear the contributor ask. Needs stronger real behavior proof before merge: The PR body reports tests and a real non-authenticated Firefox restore parse, but it does not show the changed behavior recovering an authenticated MiMo session from a real Firefox profile; proof should redact private details such as cookie values, account data, API keys, phone numbers, IP addresses, and non-public endpoints. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.
Evidence reviewed

What I checked:

Likely related people:

  • steipete: Recent branch commits and owner review replies define the current auth-sensitive Firefox sessionstore recovery and source-isolation behavior. (role: recent area contributor and reviewer; confidence: high; commits: 5239ca6b54a7, 69f0a461649f; files: Sources/CodexBarCore/Providers/MiMo/MiMoCookieImporter.swift, Tests/CodexBarTests/MiMoProviderTests.swift, Tests/CodexBarTests/MiMoFirefoxSessionCookieImporterTests.swift)
  • Yuxin-Qiao: Merged related MiMo browser import support and the auth redirect fallback path that this PR extends. (role: feature owner; confidence: high; commits: 050b13925da4, 77044e418aa7; files: Sources/CodexBarCore/Providers/MiMo/MiMoCookieImporter.swift, Sources/CodexBarCore/Providers/MiMo/MiMoUsageFetcher.swift, Tests/CodexBarTests/MiMoProviderTests.swift)
  • Deb Pramanik: Introduced the original Xiaomi MiMo provider, cookie importer, usage fetcher, docs, and test surface. (role: introduced behavior; confidence: medium; commits: f9a2918afcf1; files: Sources/CodexBarCore/Providers/MiMo/MiMoCookieImporter.swift, Sources/CodexBarCore/Providers/MiMo/MiMoUsageFetcher.swift, Tests/CodexBarTests/MiMoProviderTests.swift)
What the crustacean ranks mean
  • 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
  • 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
  • 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
  • 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
  • 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
  • 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
  • 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works
  • ClawSweeper keeps one durable marker-backed review comment per issue or PR.
  • Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
  • A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
  • PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
  • Maintainers can also comment @clawsweeper review to request a fresh review only.
  • Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
  • Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
  • Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.
Review history (2 earlier review cycles)
  • reviewed June 25, 2026, 8:09 PM ET / 00:09 UTC sha 28f780a :: needs real behavior proof before merge. :: none
  • reviewed 2026-07-05T05:54:35.432Z sha 5239ca6 :: needs real behavior proof before merge. :: none

@steipete steipete changed the title fix: import xiaomi mimo cookies from firefox properly Fix MiMo Firefox session cookie import Jun 19, 2026
@clawsweeper clawsweeper Bot added rating: 🦪 silver shellfish Thin PR readiness signal; proof, validation, or implementation needs work. status: 📣 needs proof The PR needs real behavior proof before ClawSweeper can clear the contributor ask. P2 Normal priority bug or improvement with limited blast radius. merge-risk: 🚨 auth-provider 🚨 Merging this PR could break OAuth, tokens, provider routing, model choice, or credentials. labels Jun 19, 2026

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 924ccbb23d

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread Sources/CodexBarCore/Providers/MiMo/MiMoCookieImporter.swift Outdated
@steipete steipete force-pushed the fix/mimo-firefox-cookies branch from 924ccbb to ead2aab Compare June 19, 2026 13:12

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: ead2aab576

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread Sources/CodexBarCore/Providers/MiMo/MiMoCookieImporter.swift Outdated
@clawsweeper clawsweeper Bot added rating: 🧂 unranked krab Not merge-ready due to missing proof or serious correctness/safety concerns. and removed rating: 🦪 silver shellfish Thin PR readiness signal; proof, validation, or implementation needs work. labels Jun 19, 2026
@steipete steipete force-pushed the fix/mimo-firefox-cookies branch from ead2aab to 28c8728 Compare June 19, 2026 15:53

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 28c8728bef

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread Sources/CodexBarCore/Providers/MiMo/MiMoCookieImporter.swift Outdated
@clawsweeper clawsweeper Bot added rating: 🧂 unranked krab Not merge-ready due to missing proof or serious correctness/safety concerns. status: 📣 needs proof The PR needs real behavior proof before ClawSweeper can clear the contributor ask. and removed rating: 🧂 unranked krab Not merge-ready due to missing proof or serious correctness/safety concerns. status: 📣 needs proof The PR needs real behavior proof before ClawSweeper can clear the contributor ask. labels Jun 19, 2026
@steipete steipete force-pushed the fix/mimo-firefox-cookies branch from 28f780a to 5239ca6 Compare July 5, 2026 05:50

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 5239ca6b54

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment on lines +245 to +246
let sessionCookies = BrowserCookieClient.makeHTTPCookies(sessionRecords, origin: .domainBased)
guard MiMoCookieHeader.header(from: sessionCookies) != nil else {

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Merge Firefox session cookies with persisted cookies

When Firefox has only one required MiMo cookie in the session restore and the other required cookie persisted in cookies.sqlite, this guard validates sessionRecords by themselves and then falls back to source alone. Since Firefox session restore only carries session cookies, a real browser request can be split across the restore file and the persisted store; in that case CodexBar drops the recovered session cookie and reports no valid MiMo login even though Firefox would send both cookies. Validate/return the merged source.records + sessionRecords set, with session records taking precedence for duplicate keys.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

merge-risk: 🚨 auth-provider 🚨 Merging this PR could break OAuth, tokens, provider routing, model choice, or credentials. P2 Normal priority bug or improvement with limited blast radius. rating: 🧂 unranked krab Not merge-ready due to missing proof or serious correctness/safety concerns. status: 📣 needs proof The PR needs real behavior proof before ClawSweeper can clear the contributor ask.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants