fix(platform): prevent false access-denied screens during auth token refreshes

[larryro]

Summary

• Skip useCurrentMemberContext queries while auth is loading or the user is unauthenticated, preventing the backend from returning null during token refreshes and causing false "Access denied" screens
• Preserve the last known role via useRef in the dashboard layout so navigation items don't flicker during reconnections
• Applied the skip = isAuthLoading || !isAuthenticated pattern consistently across all 13 dashboard routes that use useCurrentMemberContext

Test plan

• Sign in and navigate between dashboard pages — no access-denied flash
• Trigger a token refresh (e.g. wait for expiry or toggle network) — nav items remain stable
• Verify role-gated pages (settings, integrations, teams) still enforce permissions correctly
• Confirm loading skeletons show during initial auth instead of access-denied

🤖 Generated with Claude Code

Summary by CodeRabbit

Release Notes

• Bug Fixes

  • Improved stability during authentication token refreshes to prevent UI elements from briefly disappearing
  • Enhanced loading state handling across dashboard pages to properly account for authentication status

• Improvements

  • Refined authentication-aware data loading to provide smoother transitions during WebSocket reconnections and token refresh cycles

[greptile-apps]

Greptile Summary

This PR prevents false "Access denied" screens during auth token refreshes by skipping useCurrentMemberContext queries while authentication is loading or the user is unauthenticated. The fix applies the skip = isAuthLoading || !isAuthenticated pattern consistently across all 13 dashboard routes and preserves the last known role via useRef in the dashboard layout to prevent navigation item flicker during reconnections.

Key changes:

• Added skip parameter to useCurrentMemberContext hook with clear documentation
• Applied skip pattern consistently across all dashboard routes
• Implemented useRef to preserve role state during auth transitions in the main dashboard layout
• Updated loading conditions to include isAuthLoading checks throughout

Confidence Score: 5/5

• This PR is safe to merge with minimal risk
• The changes are well-scoped, defensive, and consistently applied across all affected routes. The fix addresses a specific UX issue (false access-denied screens during token refresh) using a safe pattern (skipping queries during auth loading). The useRef approach for preserving role state is a sound solution that prevents UI flicker without introducing side effects. All 13 route changes follow the exact same pattern, reducing the risk of inconsistencies.
• No files require special attention

Important Files Changed

Filename	Overview
services/platform/app/hooks/use-current-member-context.ts	Added skip parameter with detailed documentation explaining the auth loading pattern
services/platform/app/routes/dashboard/$id.tsx	Implemented useRef to preserve role during auth refreshes, preventing nav flicker
services/platform/app/routes/dashboard/$id/_knowledge.tsx	Applied skip pattern for auth loading and added isAuthLoading check
services/platform/app/routes/dashboard/$id/settings.tsx	Applied skip pattern and added isAuthLoading to loading condition
services/platform/app/routes/dashboard/$id/settings/teams.tsx	Applied skip pattern and added isAuthLoading to loading condition

_{Last reviewed commit: d401d94}

[coderabbitai]

📝 Walkthrough

Walkthrough

This pull request introduces authentication-aware loading guards across the dashboard application. It adds documentation to useCurrentMemberContext explaining a new skip parameter pattern, introduces a roleRef using React's useRef to preserve the member role value across authentication token refreshes and WebSocket reconnections, and updates approximately 15 dashboard routes to import and use useConvexAuth hook, passing authentication state as a second parameter to useCurrentMemberContext to gate member context data loading. Loading conditions are expanded across affected components to consider authentication loading state alongside existing loading states.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 7.14% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: preventing false access-denied screens during auth token refreshes by skipping member-context queries and preserving role state.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/auth-token-refresh-member-context

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@services/platform/app/routes/dashboard/`$id/automations/$amId.tsx:
- Around line 166-171: The current loading guard sets isLoading =
isLoadingAutomation || isLoadingSteps but omits isAuthLoading, causing
memberContext to be briefly undefined and default role to 'Member'; update the
loading logic (where isLoading is computed) to include isAuthLoading (and/or
!isAuthenticated) so isLoading = isAuthLoading || !isAuthenticated ||
isLoadingAutomation || isLoadingSteps, or alternatively implement a last-known
role preservation around memberContext so AutomationNavigation uses the previous
memberContext.role until auth finishes; make the change near the
useConvexAuth/useCurrentMemberContext and isLoading variable declarations.