From 008b04d2dd99683e5e2709204388a0c4ef1b8d93 Mon Sep 17 00:00:00 2001
From: Mark Henderson <mark@getacquired.com>
Date: Wed, 18 Feb 2026 16:57:49 -0800
Subject: [PATCH] debug: add ?debug=1 endpoint to theia-auth for cookie
 inspection

Co-authored-by: Cursor <cursoragent@cursor.com>
---
 app/api/theia-auth/route.ts | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/app/api/theia-auth/route.ts b/app/api/theia-auth/route.ts
index f36fa5d..374c2b4 100644
--- a/app/api/theia-auth/route.ts
+++ b/app/api/theia-auth/route.ts
@@ -29,6 +29,13 @@ const SESSION_COOKIE_NAMES = [
 ];
 
 export async function GET(request: NextRequest) {
+  // Debug: when called with ?debug=1, reveal which cookies were received
+  if (request.nextUrl.searchParams.get('debug') === '1') {
+    const cookieHeader = request.headers.get('cookie') ?? '(none)';
+    const allNames = [...request.cookies.getAll()].map(c => c.name);
+    return NextResponse.json({ cookieHeader: cookieHeader.slice(0, 200), parsedNames: allNames });
+  }
+
   // Extract session token from cookies
   let sessionToken: string | null = null;
   for (const name of SESSION_COOKIE_NAMES) {