agor-live 0.7.10 → 0.7.11

package/dist/core/git/index.cjs

@@ -68,6 +68,15 @@ function createGit(baseDir, env) {
   const config = [
     "core.sshCommand=ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
   ];
+  if (env?.GITHUB_TOKEN) {
+    const token = env.GITHUB_TOKEN;
+    const credentialHelper = `!f() { echo "username=x-access-token"; echo "password=${token}"; }; f`;
+    config.push(`credential.helper=${credentialHelper}`);
+  } else if (env?.GH_TOKEN) {
+    const token = env.GH_TOKEN;
+    const credentialHelper = `!f() { echo "username=x-access-token"; echo "password=${token}"; }; f`;
+    config.push(`credential.helper=${credentialHelper}`);
+  }
   const git = (0, import_simple_git.simpleGit)({
     baseDir,
     binary: gitBinary,

package/dist/core/git/index.d.cts

@@ -4,6 +4,27 @@ export { simpleGit } from 'simple-git';
  * Git Utils for Agor
  *
  * Provides Git operations for repo management and worktree isolation
+ *
+ * ## Authentication Strategy
+ *
+ * Git operations (clone, fetch, etc.) require authentication for private repositories.
+ * This module supports multiple authentication methods:
+ *
+ * 1. **SSH Keys** - Traditional SSH key-based auth (works automatically if keys are mounted)
+ * 2. **User Environment Variables** - Per-user GITHUB_TOKEN or GH_TOKEN from Agor user settings
+ * 3. **System Credential Helpers** - Existing git credential helpers (e.g., gh auth, git-credential-store)
+ *
+ * ### How User Environment Variables Work
+ *
+ * When a user configures GITHUB_TOKEN in their Agor user settings:
+ * 1. The token is encrypted and stored in the database
+ * 2. During git operations, we decrypt and pass it via the `env` parameter
+ * 3. We configure a **Git credential helper** (via `-c credential.helper=...`) that provides the token
+ * 4. When Git needs credentials for HTTPS operations, it calls our helper function
+ * 5. The helper outputs `username=x-access-token\npassword=TOKEN` in the format Git expects
+ *
+ * This approach mirrors how `gh auth` works - it's clean, secure, and doesn't pollute URLs with tokens.
+ * The credential helper is **ephemeral** and **scoped to the specific git command**, not system-wide.
  */
 
 interface CloneOptions {

package/dist/core/git/index.d.ts

@@ -4,6 +4,27 @@ export { simpleGit } from 'simple-git';
  * Git Utils for Agor
  *
  * Provides Git operations for repo management and worktree isolation
+ *
+ * ## Authentication Strategy
+ *
+ * Git operations (clone, fetch, etc.) require authentication for private repositories.
+ * This module supports multiple authentication methods:
+ *
+ * 1. **SSH Keys** - Traditional SSH key-based auth (works automatically if keys are mounted)
+ * 2. **User Environment Variables** - Per-user GITHUB_TOKEN or GH_TOKEN from Agor user settings
+ * 3. **System Credential Helpers** - Existing git credential helpers (e.g., gh auth, git-credential-store)
+ *
+ * ### How User Environment Variables Work
+ *
+ * When a user configures GITHUB_TOKEN in their Agor user settings:
+ * 1. The token is encrypted and stored in the database
+ * 2. During git operations, we decrypt and pass it via the `env` parameter
+ * 3. We configure a **Git credential helper** (via `-c credential.helper=...`) that provides the token
+ * 4. When Git needs credentials for HTTPS operations, it calls our helper function
+ * 5. The helper outputs `username=x-access-token\npassword=TOKEN` in the format Git expects
+ *
+ * This approach mirrors how `gh auth` works - it's clean, secure, and doesn't pollute URLs with tokens.
+ * The credential helper is **ephemeral** and **scoped to the specific git command**, not system-wide.
  */
 
 interface CloneOptions {

package/dist/core/git/index.js

@@ -25,6 +25,15 @@ function createGit(baseDir, env) {
   const config = [
     "core.sshCommand=ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
   ];
+  if (env?.GITHUB_TOKEN) {
+    const token = env.GITHUB_TOKEN;
+    const credentialHelper = `!f() { echo "username=x-access-token"; echo "password=${token}"; }; f`;
+    config.push(`credential.helper=${credentialHelper}`);
+  } else if (env?.GH_TOKEN) {
+    const token = env.GH_TOKEN;
+    const credentialHelper = `!f() { echo "username=x-access-token"; echo "password=${token}"; }; f`;
+    config.push(`credential.helper=${credentialHelper}`);
+  }
   const git = simpleGit({
     baseDir,
     binary: gitBinary,

package/dist/core/index.cjs

@@ -4685,6 +4685,15 @@ function createGit(baseDir, env) {
   const config = [
     "core.sshCommand=ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
   ];
+  if (env?.GITHUB_TOKEN) {
+    const token = env.GITHUB_TOKEN;
+    const credentialHelper = `!f() { echo "username=x-access-token"; echo "password=${token}"; }; f`;
+    config.push(`credential.helper=${credentialHelper}`);
+  } else if (env?.GH_TOKEN) {
+    const token = env.GH_TOKEN;
+    const credentialHelper = `!f() { echo "username=x-access-token"; echo "password=${token}"; }; f`;
+    config.push(`credential.helper=${credentialHelper}`);
+  }
   const git = (0, import_simple_git.simpleGit)({
     baseDir,
     binary: gitBinary,

package/dist/core/index.js

@@ -4521,6 +4521,15 @@ function createGit(baseDir, env) {
   const config = [
     "core.sshCommand=ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
   ];
+  if (env?.GITHUB_TOKEN) {
+    const token = env.GITHUB_TOKEN;
+    const credentialHelper = `!f() { echo "username=x-access-token"; echo "password=${token}"; }; f`;
+    config.push(`credential.helper=${credentialHelper}`);
+  } else if (env?.GH_TOKEN) {
+    const token = env.GH_TOKEN;
+    const credentialHelper = `!f() { echo "username=x-access-token"; echo "password=${token}"; }; f`;
+    config.push(`credential.helper=${credentialHelper}`);
+  }
   const git = simpleGit({
     baseDir,
     binary: gitBinary,

package/dist/core/seed/index.cjs

@@ -1460,6 +1460,15 @@ function createGit(baseDir, env) {
   const config = [
     "core.sshCommand=ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
   ];
+  if (env?.GITHUB_TOKEN) {
+    const token = env.GITHUB_TOKEN;
+    const credentialHelper = `!f() { echo "username=x-access-token"; echo "password=${token}"; }; f`;
+    config.push(`credential.helper=${credentialHelper}`);
+  } else if (env?.GH_TOKEN) {
+    const token = env.GH_TOKEN;
+    const credentialHelper = `!f() { echo "username=x-access-token"; echo "password=${token}"; }; f`;
+    config.push(`credential.helper=${credentialHelper}`);
+  }
   const git = (0, import_simple_git.simpleGit)({
     baseDir,
     binary: gitBinary,

package/dist/core/seed/index.js

@@ -1433,6 +1433,15 @@ function createGit(baseDir, env) {
   const config = [
     "core.sshCommand=ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
   ];
+  if (env?.GITHUB_TOKEN) {
+    const token = env.GITHUB_TOKEN;
+    const credentialHelper = `!f() { echo "username=x-access-token"; echo "password=${token}"; }; f`;
+    config.push(`credential.helper=${credentialHelper}`);
+  } else if (env?.GH_TOKEN) {
+    const token = env.GH_TOKEN;
+    const credentialHelper = `!f() { echo "username=x-access-token"; echo "password=${token}"; }; f`;
+    config.push(`credential.helper=${credentialHelper}`);
+  }
   const git = simpleGit({
     baseDir,
     binary: gitBinary,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agor-live",
-  "version": "0.7.10",
+  "version": "0.7.11",
   "description": "Multiplayer canvas for orchestrating AI coding sessions",
   "type": "module",
   "bin": {