feat(grok): refresh grok CLI metadata#2696
Open
janburzinski wants to merge 2 commits into
Open
Conversation
Contributor
Greptile SummaryThis PR refreshes Grok CLI metadata across the app and plugin registry. The main changes are:
Confidence Score: 5/5This looks safe to merge after considering whether Grok enterprise env vars should be provider-scoped.
apps/emdash-desktop/src/main/core/pty/pty-env.ts
|
| Filename | Overview |
|---|---|
| apps/emdash-desktop/src/main/core/pty/pty-env.ts | Adds Grok enterprise variables to the global PTY env allowlist. |
| apps/emdash-desktop/src/main/core/pty/pty-env.test.ts | Extends env forwarding tests for the new Grok variables. |
| apps/emdash-desktop/src/shared/core/agents/agent-provider-registry.ts | Updates the shared Grok documentation URL. |
| apps/emdash-desktop/src/shared/core/agents/agent-provider-registry.test.ts | Adds coverage for the Grok docs URL and installer metadata. |
| packages/plugins/src/agents/impl/grok/index.ts | Refreshes Grok plugin install, update, docs, and prompt-command metadata. |
| packages/plugins/src/agents/impl/index.test.ts | Adds Grok plugin registry coverage for install metadata and model flag args. |
Prompt To Fix All With AI
Fix the following 1 code review issue. Work through them one at a time, proposing concise fixes.
---
### Issue 1 of 1
apps/emdash-desktop/src/main/core/pty/pty-env.ts:67-68
**Enterprise OIDC Vars Leak Globally**
When the Electron process has `GROK_OIDC_CLIENT_ID` or `GROK_OIDC_ISSUER` set, `buildAgentEnv()` copies them into every agent PTY, including non-Grok sessions, because this allowlist is not provider-scoped. A Claude/Goose task or its subprocesses can read those Grok enterprise identity details from the inherited environment even though that session did not request Grok auth.
Reviews (1): Last reviewed commit: "feat(grok): refresh CLI metadata" | Re-trigger Greptile
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
Comment on lines
+67
to
+68
| 'GROK_OIDC_CLIENT_ID', | ||
| 'GROK_OIDC_ISSUER', |
Contributor
There was a problem hiding this comment.
When the Electron process has GROK_OIDC_CLIENT_ID or GROK_OIDC_ISSUER set, buildAgentEnv() copies them into every agent PTY, including non-Grok sessions, because this allowlist is not provider-scoped. A Claude/Goose task or its subprocesses can read those Grok enterprise identity details from the inherited environment even though that session did not request Grok auth.
Context Used: AGENTS.md (source)
Prompt To Fix With AI
This is a comment left during a code review.
Path: apps/emdash-desktop/src/main/core/pty/pty-env.ts
Line: 67-68
Comment:
**Enterprise OIDC Vars Leak Globally**
When the Electron process has `GROK_OIDC_CLIENT_ID` or `GROK_OIDC_ISSUER` set, `buildAgentEnv()` copies them into every agent PTY, including non-Grok sessions, because this allowlist is not provider-scoped. A Claude/Goose task or its subprocesses can read those Grok enterprise identity details from the inherited environment even though that session did not request Grok auth.
**Context Used:** AGENTS.md ([source](https://app.greptile.com/emdash/github/generalaction/emdash/-/custom-context?memory=c9624c9f-4bb0-42b3-aa19-4ea456b59255))
How can I resolve this? If you propose a fix, please make it concise.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Checklist
messages and, when possible, the PR title