fix(ssh): decode auth timestamps from JSON strings

[ardenworks]

What Changed

Use Schema.DateTimeUtcFromString for auth response timestamp fields that are decoded from HTTP JSON responses.

Why

Fixes #2665.

Desktop SSH pairing calls /api/auth/bootstrap/bearer. The remote server returns HTTP 200 with expiresAt serialized as an ISO string, but the desktop contract decoder currently expects a DateTimeUtc value.

That makes pairing fail during desktop:bootstrap-ssh-bearer-session even though the remote API request succeeds.

This fixes the mismatch by using the schema variant that accepts ISO timestamp strings from JSON and decodes them into DateTime.Utc values. The related auth response schemas are updated together because they use the same serialized timestamp shape over HTTP.

UI Changes

None.

Checklist

• This PR is small and focused
• I explained what changed and why
• I included before/after screenshots for any UI changes
• I included a video for animation/interaction changes

---

Note

Low Risk
Narrow contract decoder alignment for serialized timestamps; no auth policy or credential logic changes.

Overview
Auth contract schemas now decode HTTP JSON timestamp fields with DateTimeUtcFromString instead of DateTimeUtc, so ISO 8601 strings from remote auth APIs parse correctly into DateTime.Utc values.

The change applies across bootstrap, bearer bootstrap, WebSocket token, pairing credential/link, client session, and session state structs (expiresAt, createdAt, issuedAt, lastConnectedAt). This unblocks desktop SSH bearer bootstrap when the server returns 200 with string expiresAt but the client previously failed schema decode after the request succeeded.

^{Reviewed by Cursor Bugbot for commit 1565694. Bugbot is set up for automated code reviews on this repo. Configure here.}

Note

Fix auth timestamp decoding by switching to DateTimeUtcFromString in auth contracts

All timestamp fields in auth-related structs in auth.ts now use DateTimeUtcFromString instead of DateTimeUtc to correctly parse ISO 8601 datetime strings returned from the SSH auth API. This affects expiresAt, issuedAt, createdAt, and lastConnectedAt fields across AuthBootstrapResult, AuthBearerBootstrapResult, AuthWebSocketTokenResult, AuthPairingCredentialResult, AuthPairingLink, AuthClientSession, and AuthSessionState.

^{Macroscope summarized 1565694.}

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: d439cea2-f764-43d7-a461-d514909a0fc3

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[macroscopeapp]

Approvability

Verdict: Approved

Straightforward bug fix that mechanically updates timestamp schema types from DateTimeUtc to DateTimeUtcFromString to properly decode JSON string representations. The change is consistent across all affected auth contracts with clear intent and limited scope.

^{You can customize Macroscope's approvability policy. Learn more.}

[Xanacas]

Manually confirmed. I ran into the same issue and was able to fix it by applying the batch from within this PR.

[RoyLeviGit]

verified locally, this fixed my issue.

[RoyLeviGit]

verified locally, fixed issue

[bscholar-tt]

Can confirm this fix works for me as well.
Hoping this can be merged in so I don't have to use a fork anymore.