Exécutez n'importe quel Skill dans Manus
en un clic

Exécutez n'importe quel Skill dans Manus en un clic

Commencer

$pwd:

revyl-cli-auth-bypass-android

Name: Revyl Cli Auth Bypass Android
Author: RevylAI

// Native Android leaf recipe for test-only auth bypass deep links using Revyl launch intent extras.

Exécuter dans Manus

$ git log --oneline --stat

stars:413

forks:17

updated:8 mai 2026 à 05:44

SKILL.md

readonly

name	revyl-cli-auth-bypass-android
description	Native Android leaf recipe for test-only auth bypass deep links using Revyl launch intent extras.

Revyl Android Auth Bypass Skill

Use this leaf skill when revyl-cli-auth-bypass has selected a native Android app. This is app code guidance, not a Revyl authentication shortcut.

For the first-pass setup, start from revyl-cli-auth-bypass; it detects the stack, applies the shared safety contract, and delegates here for Android/Kotlin implementation details.

Native Agent Behavior

Ask at most 1-3 concise clarification questions only when the target app, platform, session, URL scheme, token source, or sensitive action cannot be inferred from the repo or Revyl CLI.
Prefer safe defaults and keep moving when app source, revyl dev list, screenshots, or reports can answer the question.
When Revyl prints a viewer or local app URL, open it in the native browser/tool surface when available: Codex Browser/in-app browser for local URLs, Revyl viewer URLs, screenshots, and page checks; Claude Code .claude/skills slash-command discovery plus WebFetch/WebSearch or configured MCP/browser tools; Cursor .cursor/skills plus .cursor/rules/revyl-skills.mdc and available MCP/browser tools.
If no browser tool is exposed, report the URL and verify through revyl device screenshot or revyl device report instead of claiming browser access.
Confirm before entering sensitive data, submitting forms, uploading files, accepting browser permissions, changing sharing/access, or deleting data.

Contract

Use one app-specific deep link shape:

myapp://revyl-auth?token=<token>&role=<role>&redirect=<allowlisted-route>

Revyl launch variables arrive in Android emulator apps as string extras on the launch intent:

REVYL_AUTH_BYPASS_ENABLED=true
REVYL_AUTH_BYPASS_TOKEN=<token>

Files To Add Or Update

AndroidManifest.xml: register the app URL scheme and revyl-auth host.
Main activity: preserve launch config from intent and handle onCreate / onNewIntent.
Auth/session module: create the normal app session for an allowlisted role.
Router/navigation layer: route only to allowlisted destinations.
Account, debug, or settings screen: show accepted/rejected auth-bypass state in test builds.

Manifest Registration

<intent-filter>
  <action android:name="android.intent.action.VIEW" />
  <category android:name="android.intent.category.DEFAULT" />
  <category android:name="android.intent.category.BROWSABLE" />
  <data android:scheme="myapp" android:host="revyl-auth" />
</intent-filter>

Kotlin Handler

Keep route mapping and session creation app-specific:

private val allowedRedirects = mapOf(
  "/account" to AppRoute.Account,
  "/checkout" to AppRoute.Checkout,
  "/cart" to AppRoute.Cart,
)
private val allowedRoles = setOf("buyer", "support")

data class RevylAuthConfig(val enabled: Boolean, val token: String?)

fun revylAuthConfig(intent: Intent?): RevylAuthConfig {
  return RevylAuthConfig(
    enabled = intent?.getStringExtra("REVYL_AUTH_BYPASS_ENABLED") == "true",
    token = intent?.getStringExtra("REVYL_AUTH_BYPASS_TOKEN"),
  )
}

fun handleRevylAuthBypass(intent: Intent?, config: RevylAuthConfig): Boolean {
  val uri = intent?.data ?: return false
  if (uri.scheme != "myapp" || uri.host != "revyl-auth") return false

  val role = uri.getQueryParameter("role") ?: "buyer"
  val redirect = uri.getQueryParameter("redirect") ?: "/account"

  check(config.enabled) { "Revyl auth bypass is disabled" }
  check(uri.getQueryParameter("token") == config.token) { "Bad Revyl auth bypass token" }
  check(role in allowedRoles) { "Role is not allowlisted" }

  val route = allowedRedirects[redirect] ?: error("Redirect is not allowlisted")
  TestSession.signIn(role)
  appRouter.navigate(route)
  return true
}

In the activity, capture the launch config before handling links:

private lateinit var revylAuthConfig: RevylAuthConfig

override fun onCreate(savedInstanceState: Bundle?) {
  super.onCreate(savedInstanceState)
  revylAuthConfig = revylAuthConfig(intent)
  handleAuthLink(intent)
}

override fun onNewIntent(intent: Intent?) {
  super.onNewIntent(intent)
  setIntent(intent)
  handleAuthLink(intent)
}

private fun handleAuthLink(intent: Intent?) {
  try {
    if (handleRevylAuthBypass(intent, revylAuthConfig)) showAuthBypassAccepted()
  } catch (error: Throwable) {
    showAuthBypassRejected(error.message ?: "Auth bypass rejected")
  }
}

Replace TestSession, appRouter, and status UI helpers with the app's real surfaces.

Verification

Start a fresh Revyl session with launch vars attached:

export REVYL_AUTH_BYPASS_TOKEN="<test-only-token>"
revyl global launch-var update REVYL_AUTH_BYPASS_TOKEN --value "$REVYL_AUTH_BYPASS_TOKEN"

revyl dev --platform android --no-build \
  --launch-var REVYL_AUTH_BYPASS_ENABLED \
  --launch-var REVYL_AUTH_BYPASS_TOKEN

Then verify valid and rejected links:

revyl device navigate --url "myapp://revyl-auth?token=$REVYL_AUTH_BYPASS_TOKEN&role=buyer&redirect=%2Fcheckout"
revyl device screenshot --out /tmp/revyl-auth-bypass-android-valid.png

revyl device navigate --url "myapp://revyl-auth?token=wrong-token&role=buyer&redirect=%2Fcheckout"
revyl device navigate --url "myapp://revyl-auth?token=$REVYL_AUTH_BYPASS_TOKEN&role=admin&redirect=%2Fcheckout"
revyl device navigate --url "myapp://revyl-auth?token=$REVYL_AUTH_BYPASS_TOKEN&role=buyer&redirect=%2Fadmin"
revyl device screenshot --out /tmp/revyl-auth-bypass-android-rejected.png

Guardrails

Never ship an unconditional production bypass.
Gate by debug/staging/test build plus REVYL_AUTH_BYPASS_ENABLED=true.
Never put raw tokens in source, YAML, screenshots, or PR copy.
Keep role and redirect allowlists small and app-specific.
Show rejected state visibly in the app so the agent can diagnose failures.

related-skills.json

même dépôt

revyl-cli-create.md

from "RevylAI/revyl-cli"

Create robust Revyl E2E tests using CLI commands from app source analysis or exploratory sessions.

2026-05-25413

revyl-mcp-create.md

from "RevylAI/revyl-cli"

Create and maintain Revyl tests through MCP tools using create/update operations and execution feedback loops.

2026-05-25413

revyl-mcp-dev-loop.md

from "RevylAI/revyl-cli"

MCP dev-first mobile loop for reliable screenshot-observe-action execution, grounded interactions, and conversion of successful exploratory paths into tests.

2026-05-25413

revyl-cli-analyze.md

from "RevylAI/revyl-cli"

Analyze failed Revyl test, workflow, and device-session reports via CLI to classify real bugs, flaky tests, infra issues, setup failures, or test-design improvements.

2026-05-08413

revyl-cli-auth-bypass-expo.md

from "RevylAI/revyl-cli"

Expo and Expo Router leaf recipe for test-only auth bypass deep links using Revyl launch variables.

2026-05-08413

revyl-cli-auth-bypass-flutter.md

from "RevylAI/revyl-cli"

Flutter leaf recipe for test-only auth bypass deep links using Revyl launch variables.

2026-05-08413

package.json

"author": "RevylAI"

"repository": "RevylAI/revyl-cli"

Ouvrir le dépôt GitHub Voir les dépôts du créateur

$ install --global

$ download --local

Exécuter dans Manus

$ useful --forSOC

Développeurs de logicielsProfessions informatiques et mathématiques15-1252L4

name	revyl-cli-auth-bypass-android
description	Native Android leaf recipe for test-only auth bypass deep links using Revyl launch intent extras.

Revyl Android Auth Bypass Skill

Use this leaf skill when revyl-cli-auth-bypass has selected a native Android app. This is app code guidance, not a Revyl authentication shortcut.

For the first-pass setup, start from revyl-cli-auth-bypass; it detects the stack, applies the shared safety contract, and delegates here for Android/Kotlin implementation details.

Native Agent Behavior

Ask at most 1-3 concise clarification questions only when the target app, platform, session, URL scheme, token source, or sensitive action cannot be inferred from the repo or Revyl CLI.
Prefer safe defaults and keep moving when app source, revyl dev list, screenshots, or reports can answer the question.
When Revyl prints a viewer or local app URL, open it in the native browser/tool surface when available: Codex Browser/in-app browser for local URLs, Revyl viewer URLs, screenshots, and page checks; Claude Code .claude/skills slash-command discovery plus WebFetch/WebSearch or configured MCP/browser tools; Cursor .cursor/skills plus .cursor/rules/revyl-skills.mdc and available MCP/browser tools.
If no browser tool is exposed, report the URL and verify through revyl device screenshot or revyl device report instead of claiming browser access.
Confirm before entering sensitive data, submitting forms, uploading files, accepting browser permissions, changing sharing/access, or deleting data.

Contract

Use one app-specific deep link shape:

myapp://revyl-auth?token=<token>&role=<role>&redirect=<allowlisted-route>

Revyl launch variables arrive in Android emulator apps as string extras on the launch intent:

REVYL_AUTH_BYPASS_ENABLED=true
REVYL_AUTH_BYPASS_TOKEN=<token>

Files To Add Or Update

AndroidManifest.xml: register the app URL scheme and revyl-auth host.
Main activity: preserve launch config from intent and handle onCreate / onNewIntent.
Auth/session module: create the normal app session for an allowlisted role.
Router/navigation layer: route only to allowlisted destinations.
Account, debug, or settings screen: show accepted/rejected auth-bypass state in test builds.

Manifest Registration

<intent-filter>
  <action android:name="android.intent.action.VIEW" />
  <category android:name="android.intent.category.DEFAULT" />
  <category android:name="android.intent.category.BROWSABLE" />
  <data android:scheme="myapp" android:host="revyl-auth" />
</intent-filter>

Kotlin Handler

Keep route mapping and session creation app-specific:

private val allowedRedirects = mapOf(
  "/account" to AppRoute.Account,
  "/checkout" to AppRoute.Checkout,
  "/cart" to AppRoute.Cart,
)
private val allowedRoles = setOf("buyer", "support")

data class RevylAuthConfig(val enabled: Boolean, val token: String?)

fun revylAuthConfig(intent: Intent?): RevylAuthConfig {
  return RevylAuthConfig(
    enabled = intent?.getStringExtra("REVYL_AUTH_BYPASS_ENABLED") == "true",
    token = intent?.getStringExtra("REVYL_AUTH_BYPASS_TOKEN"),
  )
}

fun handleRevylAuthBypass(intent: Intent?, config: RevylAuthConfig): Boolean {
  val uri = intent?.data ?: return false
  if (uri.scheme != "myapp" || uri.host != "revyl-auth") return false

  val role = uri.getQueryParameter("role") ?: "buyer"
  val redirect = uri.getQueryParameter("redirect") ?: "/account"

  check(config.enabled) { "Revyl auth bypass is disabled" }
  check(uri.getQueryParameter("token") == config.token) { "Bad Revyl auth bypass token" }
  check(role in allowedRoles) { "Role is not allowlisted" }

  val route = allowedRedirects[redirect] ?: error("Redirect is not allowlisted")
  TestSession.signIn(role)
  appRouter.navigate(route)
  return true
}

In the activity, capture the launch config before handling links:

private lateinit var revylAuthConfig: RevylAuthConfig

override fun onCreate(savedInstanceState: Bundle?) {
  super.onCreate(savedInstanceState)
  revylAuthConfig = revylAuthConfig(intent)
  handleAuthLink(intent)
}

override fun onNewIntent(intent: Intent?) {
  super.onNewIntent(intent)
  setIntent(intent)
  handleAuthLink(intent)
}

private fun handleAuthLink(intent: Intent?) {
  try {
    if (handleRevylAuthBypass(intent, revylAuthConfig)) showAuthBypassAccepted()
  } catch (error: Throwable) {
    showAuthBypassRejected(error.message ?: "Auth bypass rejected")
  }
}

Replace TestSession, appRouter, and status UI helpers with the app's real surfaces.

Verification

Start a fresh Revyl session with launch vars attached:

export REVYL_AUTH_BYPASS_TOKEN="<test-only-token>"
revyl global launch-var update REVYL_AUTH_BYPASS_TOKEN --value "$REVYL_AUTH_BYPASS_TOKEN"

revyl dev --platform android --no-build \
  --launch-var REVYL_AUTH_BYPASS_ENABLED \
  --launch-var REVYL_AUTH_BYPASS_TOKEN

Then verify valid and rejected links:

revyl device navigate --url "myapp://revyl-auth?token=$REVYL_AUTH_BYPASS_TOKEN&role=buyer&redirect=%2Fcheckout"
revyl device screenshot --out /tmp/revyl-auth-bypass-android-valid.png

revyl device navigate --url "myapp://revyl-auth?token=wrong-token&role=buyer&redirect=%2Fcheckout"
revyl device navigate --url "myapp://revyl-auth?token=$REVYL_AUTH_BYPASS_TOKEN&role=admin&redirect=%2Fcheckout"
revyl device navigate --url "myapp://revyl-auth?token=$REVYL_AUTH_BYPASS_TOKEN&role=buyer&redirect=%2Fadmin"
revyl device screenshot --out /tmp/revyl-auth-bypass-android-rejected.png

Guardrails

Never ship an unconditional production bypass.
Gate by debug/staging/test build plus REVYL_AUTH_BYPASS_ENABLED=true.
Never put raw tokens in source, YAML, screenshots, or PR copy.
Keep role and redirect allowlists small and app-specific.
Show rejected state visibly in the app so the agent can diagnose failures.

revyl-cli-auth-bypass-android

Revyl Android Auth Bypass Skill

Native Agent Behavior

Contract

Files To Add Or Update

Manifest Registration

Kotlin Handler

Verification

Guardrails

Plus depuis ce dépôt

Plus depuis ce dépôt

Revyl Android Auth Bypass Skill

Native Agent Behavior

Contract

Files To Add Or Update

Manifest Registration

Kotlin Handler

Verification

Guardrails