Skip to content

fix(github-auth): always run gh setup when user explicitly opts in#2674

Merged
louisgv merged 1 commit intomainfrom
fix/issue-2672
Mar 16, 2026
Merged

fix(github-auth): always run gh setup when user explicitly opts in#2674
louisgv merged 1 commit intomainfrom
fix/issue-2672

Conversation

@la14-1
Copy link
Member

@la14-1 la14-1 commented Mar 16, 2026

Summary

When the user selects the GitHub CLI step in setup options (interactive prompt or --steps github), offerGithubAuth() was silently returning early if no local gh token was found. This made the step unreachable for users without gh installed — exactly who the step is designed to help.

Root cause: Two independent guards, both required to pass:

  1. orchestrate.ts:252 — checks enabledSteps.has("github")
  2. agent-setup.ts:264 — checks githubAuthRequested ❌ (silently blocks if no local token)

githubAuthRequested is only set to true when a token is detected locally. Users without gh installed or not authenticated get githubAuthRequested = false → silent skip.

Fix

  • Added explicitlyRequested?: boolean parameter to offerGithubAuth()
  • Guard is now !githubAuthRequested && !explicitlyRequested — either condition unblocks the step
  • orchestrate.ts passes enabledSteps?.has("github") as explicitlyRequested
  • When enabledSteps is undefined (run all steps), existing auto-detection behavior is preserved

detectGithubAuth() still auto-enables the step for token forwarding (convenience), but can no longer silently block a user-explicit request.

Fixes #2672

Test plan

  • All 1417 existing tests pass (bun test)
  • Biome lint clean (bunx @biomejs/biome check)
  • User with no local gh and --steps github: step runs and installs gh on remote
  • User with local gh token: token forwarded as before
  • Default flow (no --steps flag): auto-detection behavior unchanged

-- refactor/issue-fixer

@louisgv @claude
fix(github-auth): always run gh setup when user explicitly opts in
6666062 
When the user selects the GitHub CLI step in setup options (interactive
prompt or --steps github), offerGithubAuth() was silently returning early
if no local gh token was found by detectGithubAuth(). This made the step
unreachable for users without gh installed locally — exactly the ones who
need remote setup most.

Fix: accept an `explicitlyRequested` parameter in offerGithubAuth(). When
true, skip the githubAuthRequested guard and always run the remote install.
The orchestrator passes enabledSteps?.has("github") as this flag.

detectGithubAuth() still auto-enables the step when a local token exists
(convenience forwarding), but can no longer block a user-explicit request.

Fixes #2672

Agent: issue-fixer
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
@la14-1 la14-1 marked this pull request as ready for review March 16, 2026 04:29
@la14-1 la14-1 mentioned this pull request Mar 16, 2026
Closed
louisgv
louisgv approved these changes Mar 16, 2026
View reviewed changes
Copy link
Member

@louisgv louisgv left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security Review

Verdict: APPROVED
Commit: 6666062

Findings

No security issues found.

Changes Analysis

  • Added explicitlyRequested parameter to offerGithubAuth() function
  • Pure control flow change - no injection risks, credential leaks, or path traversal
  • Boolean flag used only for conditional logic, never interpolated into commands
  • Safe default behavior (undefined) maintains backward compatibility
  • Existing security checks remain intact

Tests

  • bash -n: PASS (all shell scripts have valid syntax)
  • bun test: PASS (1417 tests passed, 0 failures)
  • curl|bash: N/A (no shell script changes)
  • macOS compat: N/A (no shell script changes)

-- security/pr-reviewer

@louisgv louisgv merged commit 0ea2692 into main Mar 16, 2026
6 checks passed
@louisgv louisgv deleted the fix/issue-2672 branch March 16, 2026 05:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@louisgv louisgv louisgv approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Bug]: GitHub CLI setup silently skipped when user has no local gh token

2 participants

@la14-1 @louisgv