fix(ssh): decode auth timestamps from JSON strings

[ardenworks]

What Changed

Use Schema.DateTimeUtcFromString for auth response timestamp fields that are decoded from HTTP JSON responses.

Why

Fixes #2665.

Desktop SSH pairing calls /api/auth/bootstrap/bearer. The remote server returns HTTP 200 with expiresAt serialized as an ISO string, but the desktop contract decoder currently expects a DateTimeUtc value.

That makes pairing fail during desktop:bootstrap-ssh-bearer-session even though the remote API request succeeds.

This fixes the mismatch by using the schema variant that accepts ISO timestamp strings from JSON and decodes them into DateTime.Utc values. The related auth response schemas are updated together because they use the same serialized timestamp shape over HTTP.

UI Changes

None.

Checklist

• This PR is small and focused
• I explained what changed and why
• I included before/after screenshots for any UI changes
• I included a video for animation/interaction changes

---

Note

Low Risk
Low risk, contract-only change that adjusts timestamp decoding for auth responses; main risk is if any producer sends non-ISO strings where DateTimeUtc was previously expected.

Overview
Fixes a contract mismatch in packages/contracts/src/auth.ts by switching auth response/session timestamp fields (e.g. expiresAt, createdAt, issuedAt, lastConnectedAt) from Schema.DateTimeUtc to Schema.DateTimeUtcFromString.

This ensures HTTP JSON auth endpoints (including bearer bootstrap and pairing/session metadata) decode ISO timestamp strings correctly instead of failing during schema decoding.

^{Reviewed by Cursor Bugbot for commit c7d54ef. Bugbot is set up for automated code reviews on this repo. Configure here.}

Note

Fix auth timestamp decoding by switching to DateTimeUtcFromString in auth contracts

All timestamp fields in auth-related structs in auth.ts now use DateTimeUtcFromString instead of DateTimeUtc to correctly parse ISO 8601 datetime strings returned from the SSH auth API. This affects expiresAt, issuedAt, createdAt, and lastConnectedAt fields across AuthBootstrapResult, AuthBearerBootstrapResult, AuthWebSocketTokenResult, AuthPairingCredentialResult, AuthPairingLink, AuthClientSession, and AuthSessionState.

^{Macroscope summarized c7d54ef.}

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: a84b5e0e-315a-4c34-891e-78bb52790eca

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[macroscopeapp]

Approvability

Verdict: Approved

Straightforward bug fix that mechanically updates timestamp schema types from DateTimeUtc to DateTimeUtcFromString to properly decode JSON string representations. The change is consistent across all affected auth contracts with clear intent and limited scope.

^{You can customize Macroscope's approvability policy. Learn more.}