## Principle Never ask for tokens that already exist on the system ## Implementation ### 1. GitHub - Use gh CLI token ```php $token = trim(shell_exec('gh auth token 2>/dev/null')); if (!$token && getenv('GITHUB_TOKEN')) { $token = getenv('GITHUB_TOKEN'); // Fallback only } ``` ### 2. Spotify - Multiple strategies - Check for existing Spotify app auth - Use saved refresh tokens - Only OAuth if absolutely needed ### 3. AWS/Cloud - Use existing configs - ~/.aws/credentials - gcloud auth - azure cli ## Benefits - Zero config for most users - Inherit existing permissions - No token management - Works immediately after install ## Anti-pattern to avoid ❌ "Create a PAT and add GITHUB_TOKEN to .env" ✅ "Using your existing gh authentication"
Principle
Never ask for tokens that already exist on the system
Implementation
1. GitHub - Use gh CLI token
2. Spotify - Multiple strategies
3. AWS/Cloud - Use existing configs
Benefits
Anti-pattern to avoid
❌ "Create a PAT and add GITHUB_TOKEN to .env"
✅ "Using your existing gh authentication"