Fix Copilot CLI auth popups after Chamber sign-in#399
Open
ianphil wants to merge 5 commits into
Open
Conversation
The bundled @github/copilot CLI was spawned without useLoggedInUser: false, which left it free to start its own GitHub device-flow whenever it couldn't validate auth — opening a browser window on every CopilotClient restart. Overnight retry loops produced ~100 open browser tabs. Fix: - Add getGitHubToken callback to CopilotClientFactoryOptions. When provided, the active OAuth token is forwarded to the SDK as gitHubToken (injected via COPILOT_SDK_AUTH_TOKEN env var). This implicitly sets useLoggedInUser to false (--no-auto-login) in the CLI args. - Always set useLoggedInUser: false explicitly so the CLI never starts its own device flow regardless of whether a token is available. If the token is missing the CLI fails the operation cleanly; Chamber surfaces it in the chat UI rather than opening a browser. - Wire the callback in main.ts via listStoredGitHubCredentials + the active login from ConfigService — same resolution logic already used by AuthService. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Extend the no-auto-login invariant across the server composition root and the ACP bundled CLI path, and reload minds on logout so already-started SDK clients do not retain a copied token after credentials are removed. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Route Genesis custom mind creation through the token-aware SDK factory, restart server SDK clients after auth state changes, and reset ACP connections so prewarmed or long-lived CLI workers cannot keep stale auth state across login, switch, or logout. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Invalidate in-flight ACP starts during auth resets, keep a freshly prewarmed ACP store available through mind reloads, and cover the stale-start race plus first-mind tool availability with regression tests. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Strip ambient COPILOT_SDK_AUTH_TOKEN from no-token ACP launches, only pass --auth-token-env when Chamber supplies the keytar token, and prevent stale yolo-start failures from assigning old safe-only connections after auth reset. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Stops bundled Copilot CLI auth prompts from appearing after Chamber has already authenticated the user.
Notable changes
gitHubTokenand forcesuseLoggedInUser: falseso the SDK adds--no-auto-login.COPILOT_SDK_AUTH_TOKENfallback.Issue
No tracking issue.
Validation
npm run lintnpm test— 194 files / 2004 tests passednpm run smoke:sdkSkipped smoke