chihlasm/resolutionflow
1
0
Fork 0
Code Issues 23 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix(l1): block L1 users from engineer-only AI routes (/pilot, /assistant)
Some checks failed
Mirror to GitHub / mirror (push) Successful in 4s
Details
CI / frontend (pull_request) Failing after 1m35s
Details
CI / e2e (pull_request) Failing after 8m8s
Details
CI / backend (pull_request) Successful in 17m3s
Details

Browse Source 
The post-login redirect pushes l1_tech users from / to /l1, but a
bookmark, browser back, or direct URL still landed L1 users on /pilot,
where the page tried to POST /api/v1/ai-sessions and got 403. Frontend
swallowed that as a generic 'Failed to start AI conversation' toast.

Add a route-level redirect in ProtectedRoute so L1 users hitting /pilot
or /assistant bounce to /l1 — turns the backend 403 into a clean UX path
that matches the spec's intent (L1 = walker, engineer = pilot).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Michael Chihlas
2026-05-29 00:05:52 -04:00
parent 2f2f4eea29
commit 83d1f4cecd
1 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
frontend/src/components/layout/ProtectedRoute.tsx
View File

@@ -49,6 +49,17 @@ export function ProtectedRoute({ requiredRole, children }: ProtectedRouteProps)
return <Navigate to="/l1" replace />
}
// L1 users hitting engineer-only AI surfaces (Pilot / Assistant) get pushed
// back to /l1 — POST /api/v1/ai-sessions rejects them with 403 anyway, so
// this just turns a backend error into a clean route-level redirect.
if (
effectiveRole === 'l1_tech' &&
(location.pathname.startsWith('/pilot') ||
location.pathname.startsWith('/assistant'))
) {
return <Navigate to="/l1" replace />
}
return <>{children}</>
}