@agent-relay/dashboard-server 2.0.66 → 2.0.67

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (58) hide show
  1. package/dist/server.js +5 -7
  2. package/dist/server.js.map +1 -1
  3. package/out/404.html +1 -1
  4. package/out/about.html +1 -1
  5. package/out/about.txt +1 -1
  6. package/out/app/onboarding.html +1 -1
  7. package/out/app/onboarding.txt +1 -1
  8. package/out/app.html +1 -1
  9. package/out/app.txt +1 -1
  10. package/out/blog/go-to-bed-wake-up-to-a-finished-product.html +1 -1
  11. package/out/blog/go-to-bed-wake-up-to-a-finished-product.txt +1 -1
  12. package/out/blog/let-them-cook-multi-agent-orchestration.html +1 -1
  13. package/out/blog/let-them-cook-multi-agent-orchestration.txt +1 -1
  14. package/out/blog.html +1 -1
  15. package/out/blog.txt +1 -1
  16. package/out/careers.html +1 -1
  17. package/out/careers.txt +1 -1
  18. package/out/changelog.html +1 -1
  19. package/out/changelog.txt +1 -1
  20. package/out/cloud/link.html +1 -1
  21. package/out/cloud/link.txt +1 -1
  22. package/out/complete-profile.html +1 -1
  23. package/out/complete-profile.txt +1 -1
  24. package/out/connect-repos.html +1 -1
  25. package/out/connect-repos.txt +1 -1
  26. package/out/contact.html +1 -1
  27. package/out/contact.txt +1 -1
  28. package/out/docs.html +1 -1
  29. package/out/docs.txt +1 -1
  30. package/out/history.html +1 -1
  31. package/out/history.txt +1 -1
  32. package/out/index.html +1 -1
  33. package/out/index.txt +1 -1
  34. package/out/login.html +1 -1
  35. package/out/login.txt +1 -1
  36. package/out/metrics.html +1 -1
  37. package/out/metrics.txt +1 -1
  38. package/out/pricing.html +1 -1
  39. package/out/pricing.txt +1 -1
  40. package/out/privacy.html +1 -1
  41. package/out/privacy.txt +1 -1
  42. package/out/providers/setup/claude.html +1 -1
  43. package/out/providers/setup/claude.txt +1 -1
  44. package/out/providers/setup/codex.html +1 -1
  45. package/out/providers/setup/codex.txt +1 -1
  46. package/out/providers/setup/cursor.html +1 -1
  47. package/out/providers/setup/cursor.txt +1 -1
  48. package/out/providers.html +1 -1
  49. package/out/providers.txt +1 -1
  50. package/out/security.html +1 -1
  51. package/out/security.txt +1 -1
  52. package/out/signup.html +1 -1
  53. package/out/signup.txt +1 -1
  54. package/out/terms.html +1 -1
  55. package/out/terms.txt +1 -1
  56. package/package.json +1 -1
  57. /package/out/_next/static/{ddt1bXQknWcpqyOAG-Yzk → UFF2wGBwSkKsayPv0zus_}/_buildManifest.js +0 -0
  58. /package/out/_next/static/{ddt1bXQknWcpqyOAG-Yzk → UFF2wGBwSkKsayPv0zus_}/_ssgManifest.js +0 -0
package/dist/server.js CHANGED
@@ -4814,11 +4814,10 @@ export async function startDashboard(portOrOptions, dataDirArg, teamDirArg, dbPa
4814
4814
  if (fs.existsSync(targetDir)) {
4815
4815
  return res.json({ success: true, message: 'Already cloned', path: targetDir });
4816
4816
  }
4817
- const githubToken = process.env.GITHUB_TOKEN;
4818
- if (!githubToken) {
4819
- return res.status(500).json({ success: false, error: 'GITHUB_TOKEN not available' });
4820
- }
4821
- const cloneUrl = `https://x-access-token:${githubToken}@github.com/${fullName}.git`;
4817
+ // Use plain HTTPS URL - git credential helper handles authentication.
4818
+ // The credential helper (git-credential-relay) fetches per-repo tokens from
4819
+ // the cloud API, which correctly resolves installation tokens for private repos.
4820
+ const cloneUrl = `https://github.com/${fullName}.git`;
4822
4821
  try {
4823
4822
  // Use execFile to avoid shell injection
4824
4823
  await new Promise((resolve, reject) => {
@@ -4836,8 +4835,7 @@ export async function startDashboard(portOrOptions, dataDirArg, teamDirArg, dbPa
4836
4835
  res.json({ success: true, path: targetDir });
4837
4836
  }
4838
4837
  catch (err) {
4839
- // Sanitize error message to avoid leaking GITHUB_TOKEN embedded in the clone URL
4840
- const safeMessage = (err.message || 'Clone failed').replace(/https:\/\/[^@]+@/g, 'https://***@');
4838
+ const safeMessage = (err.message || 'Clone failed');
4841
4839
  console.error('[api/repos/clone] Clone failed:', safeMessage);
4842
4840
  res.status(500).json({ success: false, error: safeMessage });
4843
4841
  }