You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@@ -183,7 +184,11 @@ Default weights: vibe=0.33, cost=0.40, risk=0.27. These are overridden by whatev
183
184
184
185
After ranking, Gemini generates `why` and `watch_out` text for each top-3 venue, plus a `global_consensus` — a single comparative sentence highlighting the best pick across price, rating, weather, and vibe.
185
186
186
-
If the Commander flagged an OAuth requirement, the Synthesiser builds an `action_request` object the frontend uses to trigger an Auth0 consent modal.
187
+
If the Commander flagged an OAuth requirement (e.g., sending an email), the Synthesiser attempts an Auth0 CIBA (Client Initiated Backchannel Authentication) push notification to the user's mobile device.
188
+
- If approved, it retrieves the user's Google OAuth2 token from the Auth0 Token Vault.
189
+
- It then executes the action directly on the backend (e.g., dispatching an email via the native Gmail API using `httpx`).
190
+
- It returns an `oauth_success` payload to the frontend, which renders an auto-dismissing confirmation UI.
191
+
If CIBA fails or is unsupported, it falls back to requesting standard frontend browser consent.
187
192
188
193
**Output (per venue):**
189
194
```json
@@ -444,7 +449,7 @@ Root logger and `httpx`/`httpcore` are set to `WARNING` to suppress noise.
444
449
445
450
## Notes
446
451
447
-
- The system recommends venues but executes no actual bookings. OAuth scope detection is live; the consent flow is implemented but no transactional actions are wired up.
452
+
- The system executes real-world actions on behalf of the user. OAuth scope detection is live; transactional actions (like automated email dispatch for bookings) are fully wired up via Auth0 CIBA push notifications and Auth0 Token Vault extraction.
448
453
- Local dev supports a mock auth user (`auth0|local_test`) that bypasses the Auth0 Management API lookup.
449
454
- The vibe heatmap only returns data if `CAFE_VIBE_VECTORS` has been populated (there's a `verify_population` utility for this).
450
455
- Parallel execution (vibe/cost/critic) cuts typical pipeline latency from ~9s to ~2–3s depending on API response times.
0 commit comments