fix: avoid sync github credential reads in provider manager (#428)

* fix: avoid sync github credential reads in provider manager * test: stabilize provider manager async credential test * fix: avoid first-frame github provider false negative --------- Co-authored-by: KRATOS <84986124+gnanam1990@users.noreply.github.com>
2026-04-06 18:59:53 +05:30
parent 72e6a945fe
commit aff2bd87e4
5 changed files with 408 additions and 26 deletions
--- a/src/utils/githubModelsCredentials.hydrate.test.ts
+++ b/src/utils/githubModelsCredentials.hydrate.test.ts
@@ -41,7 +41,7 @@ describe('hydrateGithubModelsTokenFromSecureStorage', () => {
    }))

    const { hydrateGithubModelsTokenFromSecureStorage } = await import(
-      './githubModelsCredentials.js'
+      './githubModelsCredentials.js?hydrate=sets-token'
    )
    hydrateGithubModelsTokenFromSecureStorage()
    expect(process.env.GITHUB_TOKEN).toBe('stored-secret')
@@ -62,7 +62,7 @@ describe('hydrateGithubModelsTokenFromSecureStorage', () => {
    }))

    const { hydrateGithubModelsTokenFromSecureStorage } = await import(
-      './githubModelsCredentials.js'
+      './githubModelsCredentials.js?hydrate=preserve-existing'
    )
    hydrateGithubModelsTokenFromSecureStorage()
    expect(process.env.GITHUB_TOKEN).toBe('already')
--- a/src/utils/githubModelsCredentials.test.ts
+++ b/src/utils/githubModelsCredentials.test.ts
@@ -1,13 +1,11 @@
 import { describe, expect, test } from 'bun:test'

-import {
-  clearGithubModelsToken,
-  readGithubModelsToken,
-  saveGithubModelsToken,
-} from './githubModelsCredentials.js'
-
 describe('readGithubModelsToken', () => {
-  test('returns undefined in bare mode', () => {
+  test('returns undefined in bare mode', async () => {
+    const { readGithubModelsToken } = await import(
+      './githubModelsCredentials.js?read-bare-mode'
+    )
+
    const prev = process.env.CLAUDE_CODE_SIMPLE
    process.env.CLAUDE_CODE_SIMPLE = '1'
    expect(readGithubModelsToken()).toBeUndefined()
@@ -20,7 +18,11 @@ describe('readGithubModelsToken', () => {
 })

 describe('saveGithubModelsToken / clearGithubModelsToken', () => {
-  test('save returns failure in bare mode', () => {
+  test('save returns failure in bare mode', async () => {
+    const { saveGithubModelsToken } = await import(
+      './githubModelsCredentials.js?save-bare-mode'
+    )
+
    const prev = process.env.CLAUDE_CODE_SIMPLE
    process.env.CLAUDE_CODE_SIMPLE = '1'
    const r = saveGithubModelsToken('abc')
@@ -33,7 +35,11 @@ describe('saveGithubModelsToken / clearGithubModelsToken', () => {
    }
  })

-  test('clear succeeds in bare mode', () => {
+  test('clear succeeds in bare mode', async () => {
+    const { clearGithubModelsToken } = await import(
+      './githubModelsCredentials.js?clear-bare-mode'
+    )
+
    const prev = process.env.CLAUDE_CODE_SIMPLE
    process.env.CLAUDE_CODE_SIMPLE = '1'
    expect(clearGithubModelsToken().success).toBe(true)
--- a/src/utils/githubModelsCredentials.ts
+++ b/src/utils/githubModelsCredentials.ts
@@ -23,6 +23,19 @@ export function readGithubModelsToken(): string | undefined {
  }
 }

+export async function readGithubModelsTokenAsync(): Promise<string | undefined> {
+  if (isBareMode()) return undefined
+  try {
+    const data = (await getSecureStorage().readAsync()) as
+      | ({ githubModels?: GithubModelsCredentialBlob } & Record<string, unknown>)
+      | null
+    const t = data?.githubModels?.accessToken?.trim()
+    return t || undefined
+  } catch {
+    return undefined
+  }
+}
+
 /**
 * If GitHub Models mode is on and no token is in the environment, copy the
 * stored token into process.env so the OpenAI shim and validation see it.