feat: Isolated browser sessions for multi-account console access @osterman (#2229)
## what- Add isolated browser sessions support to
atmos auth console - New
pkg/browser/package with cross-platform Chrome detection and browser opening - Chrome detection on macOS (apps in /Applications), Linux (PATH search), and Windows (Program Files paths)
- Isolated browser opener using Chrome's
--user-data-dirfor per-identity browser contexts - New
--isolatedflag onatmos auth consolecommand - Global configuration support via
auth.console.isolated_sessionsinatmos.yaml - Session directories are deterministic (hash of realm + identity), allowing session reuse
why
Users frequently need to work with multiple cloud accounts simultaneously (e.g., comparing configs, debugging cross-account issues). Cloud providers enforce single-session per browser context, forcing users to log out/in when switching accounts. Isolated sessions solve this by giving each identity its own Chrome profile via --user-data-dir, allowing multiple console sessions without logout friction.
references
- #1879 - Related auth system work
- Closes isolated sessions feature request
- See
docs/prd/auth-console-isolated-sessions.mdfor full design
Summary by CodeRabbit
-
New Features
- Isolated browser sessions for the auth console so multiple identities can be open simultaneously without logout conflicts.
- New --isolated flag for per-command isolated sessions and auth.console.isolated_sessions for global control.
- Deterministic per-identity session directories so sessions are reused per identity.
- Graceful fallback to the default browser if Chrome/Chromium is unavailable; clearer status messages when opening fails.
-
Documentation
- CLI docs, config docs, PRD, and blog post added/updated with usage examples and guidance.
-
Refactor
- Improved browser-opening flow for more reliable, testable launches and better error surfacing.