fix: AI CLI 토큰 전달 — cookie 대신 useAuth() + Rust 세션 fallback

- 사이드바: document.cookie 대신 user.access_token (CookieProvider) 직접 사용
- cli.html: 3단계 토큰 탐색 — URL param → cookie → Rust cli_get_token
- cli_get_token 커맨드 추가 — open_cli_window 시 저장된 토큰 반환
- 토큰 있으면 "✅ 인증 완료", 없으면 "⚠️ 토큰 없음" 표시
- 원인: Tauri WKWebView에서 document.cookie 접근 불가 → 항상 null

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: SonAIengine

scripts/patch-sidebar-cli.js

@@ -83,6 +83,7 @@ if (usesSidebarLayout) {
     }
 
     // 3. Add state + handler after quickLogout
+    // NOTE: useAuth() already provides user.access_token — no need for document.cookie
     content = content.replace(
         /const \{ quickLogout \} = useQuickLogout\(\);/,
         `const { quickLogout } = useQuickLogout();
@@ -93,11 +94,9 @@ if (usesSidebarLayout) {
     const openCliWindow = async () => {
         try {
             const { invoke } = await import('@tauri-apps/api/core');
-            const getCookie = (name: string) => {
-                const match = document.cookie.match(new RegExp('(^| )' + name + '=([^;]+)'));
-                return match ? match[2] : null;
-            };
-            const token = getCookie('access_token') || undefined;
+            // Get token directly from CookieProvider context (user object)
+            const token = user?.access_token || undefined;
+            console.log('[AI CLI] Opening with token:', token ? token.substring(0, 20) + '...' : 'NONE');
             await invoke('open_cli_window', { xgenToken: token });
         } catch (e) {
             console.error('Failed to open CLI window:', e);

src-cli/cli.html

@@ -202,30 +202,54 @@
 let streamingText = '';
 let currentStreamEl = null;
 
-// Get auth token: URL param → cookie → Tauri state
-function getToken() {
+// Auth token cache
+let cachedToken = null;
+
+// Get auth token: URL param → cookie → Rust session
+function getTokenSync() {
+  if (cachedToken) return cachedToken;
   // 1. URL query param (passed by open_cli_window)
   const params = new URLSearchParams(window.location.search);
   const paramToken = params.get('token');
   if (paramToken) {
-    console.log('[CLI] Token from URL param:', paramToken.substring(0, 20) + '...');
+    console.log('[CLI] Token from URL param');
+    cachedToken = paramToken;
     return paramToken;
   }
   // 2. Cookie fallback (same origin in Tauri webview)
   const match = document.cookie.match(/(^| )access_token=([^;]+)/);
   const cookieToken = match ? decodeURIComponent(match[2]) : null;
   if (cookieToken) {
-    console.log('[CLI] Token from cookie:', cookieToken.substring(0, 20) + '...');
+    console.log('[CLI] Token from cookie');
+    cachedToken = cookieToken;
     return cookieToken;
   }
+  return null;
+}
+
+// Async token getter: also tries Rust session as last resort
+async function getToken() {
+  const syncToken = getTokenSync();
+  if (syncToken) return syncToken;
+  // 3. Rust session fallback (token stored when open_cli_window was called)
+  try {
+    const rustToken = await invoke('cli_get_token');
+    if (rustToken) {
+      console.log('[CLI] Token from Rust session');
+      cachedToken = rustToken;
+      return rustToken;
+    }
+  } catch (e) {
+    console.warn('[CLI] Failed to get token from Rust:', e);
+  }
   console.warn('[CLI] No auth token found!');
   return null;
 }
 
 // Load providers
 async function loadProviders() {
   try {
-    const token = getToken();
+    const token = await getToken();
     const providers = await invoke('cli_list_providers', { xgenToken: token });
     const available = providers.filter(p => p.configured && p.available);
     providerSelect.innerHTML = available.map(p =>
@@ -291,7 +315,7 @@
   currentStreamEl = addMessage('assistant', '');
 
   try {
-    const token = getToken();
+    const token = await getToken();
     await invoke('cli_send_message', {
       message: text,
       xgenToken: token,
@@ -379,11 +403,15 @@
 });
 
 // Initialize
-const initToken = getToken();
-if (!initToken) {
-  addMessage('system', '⚠️ 인증 토큰이 없습니다. 로그인 후 AI CLI를 다시 열어주세요.');
-}
-loadProviders();
+(async () => {
+  const initToken = await getToken();
+  if (!initToken) {
+    addMessage('system', '⚠️ 인증 토큰이 없습니다. 로그인 후 AI CLI를 다시 열어주세요.');
+  } else {
+    addMessage('system', '✅ 인증 완료. 명령을 입력하세요.');
+  }
+  loadProviders();
+})();
 </script>
 </body>
 </html>

src-tauri/src/commands/cli.rs

@@ -187,6 +187,15 @@ pub async fn cli_list_providers(
     Ok(serde_json::to_value(providers).unwrap_or_default())
 }
 
+/// Get stored auth token from CLI session (fallback for when URL param is missing)
+#[tauri::command]
+pub async fn cli_get_token(
+    state: tauri::State<'_, Arc<AppState>>,
+) -> Result<Option<String>> {
+    let session = state.cli_session.read().await;
+    Ok(session.xgen_token.clone())
+}
+
 /// Get CLI session info
 #[tauri::command]
 pub async fn cli_get_session_info(

src-tauri/src/lib.rs

@@ -259,6 +259,7 @@ pub fn run() {
             commands::cli_send_message,
             commands::cli_get_history,
             commands::cli_clear_session,
+            commands::cli_get_token,
             commands::cli_get_session_info,
             commands::cli_list_providers,
         ])