npm - copillm - Versions diffs - 0.3.0-beta.2 → 0.3.0-beta.4 - Mend

copillm 0.3.0-beta.2 → 0.3.0-beta.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/cli/auth/runAuth.js +79 -50
package/dist/cli/packageInfo.js +1 -1
package/dist/server/debugInfo.js +16 -5
package/package.json +1 -1

package/dist/cli/auth/runAuth.js CHANGED Viewed

@@ -1,3 +1,4 @@
+import { setTimeout as sleep } from "node:timers/promises";
 import { clearStoredCredential, loadStoredCredential, loadStoredCredentialForAccount, registerExistingCredentialAsDefault, saveStoredCredential } from "../../auth/credentials.js";
 import { readAccountsIndex, findAccount, assertValidAccountId, InvalidAccountIdError, UnknownAccountError } from "../../auth/accounts.js";
 import { addAccount, listAccountsDetailed, removeAccountAndCredential, removeAllAccounts, switchDefaultAccount } from "../../auth/accountManager.js";
@@ -11,26 +12,37 @@ import { writeCommandOutput } from "../shared/output.js";
 /**
  * Derive a friendly, path-safe account id from the GitHub login behind a token.
  * Returns null when the lookup fails or the login isn't a valid id.
+ *
+ * Multi-account routing now depends on this, so it retries a few times with a
+ * generous timeout: GitHub's `/user` can briefly throttle or lag right after a
+ * device-flow token exchange, and a single failed probe must not cause the
+ * caller to mis-identify (and overwrite) the wrong account.
  */
 async function deriveAccountId(token) {
-    let identity;
-    try {
-        identity = await inspectGithubIdentity({ token });
-    }
-    catch {
-        return null;
-    }
-    const login = identity?.login;
-    if (!login) {
-        return null;
-    }
-    try {
-        assertValidAccountId(login);
-        return login;
-    }
-    catch {
-        return null;
+    const attempts = 3;
+    for (let attempt = 1; attempt <= attempts; attempt += 1) {
+        let identity = null;
+        try {
+            identity = await inspectGithubIdentity({ token, timeoutMs: 8_000 });
+        }
+        catch {
+            identity = null;
+        }
+        const login = identity?.login;
+        if (login) {
+            try {
+                assertValidAccountId(login);
+                return login;
+            }
+            catch {
+                return null;
+            }
+        }
+        if (attempt < attempts) {
+            await sleep(400 * attempt);
+        }
     }
+    return null;
 }
 export async function runAuthLogin(opts, options) {
     if (options.forceSession) {
@@ -72,45 +84,62 @@ export async function runAuthLogin(opts, options) {
         return;
     }
     // ---- No name: auto-manage by the token's GitHub login -----------------
-    // Deriving the login lets `copillm auth login` recognise when a *different*
-    // GitHub account is signing in and keep both, instead of silently
-    // overwriting the previous one. A same-account re-login refreshes in place.
+    // Identify the account from its GitHub login so a second `auth login` for a
+    // DIFFERENT account is kept alongside the first instead of overwriting it.
+    // The cardinal rule: never replace an existing credential unless we have
+    // positively confirmed it's the SAME GitHub account.
     const newLogin = await deriveAccountId(token);
+    const existing = await loadStoredCredential();
+    if (!existing) {
+        // Nothing stored yet.
+        if (index) {
+            // An index exists but its default account has no credential — restore it.
+            const targetId = newLogin ?? index.defaultAccount;
+            const result = await addAccount({ id: targetId, accountType, token, mode: saveMode });
+            emitLoginResult(opts, result, !result.isDefault);
+            return;
+        }
+        // Fresh single-account install: store without creating an index.
+        const backend = await saveStoredCredential(token, accountType, { mode: saveMode });
+        writeCommandOutput(opts, `Login succeeded. Credentials stored via ${describeBackend(backend)}.`, {
+            status: "ok",
+            action: "login",
+            credential_backend: backend
+        });
+        return;
+    }
+    // A credential already exists. We must know which GitHub account just signed
+    // in before we touch anything, or we risk clobbering a different account.
+    if (!newLogin) {
+        writeCommandOutput(opts, "Login failed: couldn't verify which GitHub account you signed in as (the GitHub user lookup didn't succeed). " +
+            "Your existing credentials were left untouched. Re-run `copillm auth login`, or name this account explicitly with `copillm auth login --as <name>`.", { status: "error", action: "login", error: "github_identity_unresolved" });
+        process.exitCode = 1;
+        return;
+    }
     if (index) {
-        // Add the new login as its own account (or refresh it if already known);
-        // when the login can't be determined, refresh the default account.
-        const targetId = newLogin ?? index.defaultAccount;
-        const wasKnown = findAccount(targetId) !== null;
-        const result = await addAccount({ id: targetId, accountType, token, mode: saveMode });
+        // Add the new login as its own account, or refresh it in place if known.
+        const wasKnown = findAccount(newLogin) !== null;
+        const result = await addAccount({ id: newLogin, accountType, token, mode: saveMode });
         emitLoginResult(opts, result, !wasKnown && !result.isDefault);
         return;
     }
-    // No accounts index yet. If a *different* GitHub account is signing in, move
-    // to multi-account instead of overwriting the existing single credential.
-    if (newLogin) {
-        const existing = await loadStoredCredential();
-        if (existing) {
-            const existingLogin = await deriveAccountId(existing.token);
-            if (existingLogin !== newLogin) {
-                // Different (or undeterminable) account → preserve the prior login as
-                // the default and add the new one alongside it.
-                registerExistingCredentialAsDefault(existingLogin ?? "default", existing.accountType);
-                const result = await addAccount({ id: newLogin, accountType, token, mode: saveMode });
-                emitLoginResult(opts, result, !result.isDefault);
-                return;
-            }
-            // Same account → fall through to an in-place single-account refresh.
-        }
+    // No index yet. Compare against the existing single account.
+    const existingLogin = await deriveAccountId(existing.token);
+    if (existingLogin === newLogin) {
+        // Confirmed the SAME account → refresh in place, no index created.
+        const backend = await saveStoredCredential(token, accountType, { mode: saveMode });
+        writeCommandOutput(opts, `Login succeeded. Credentials stored via ${describeBackend(backend)}.`, {
+            status: "ok",
+            action: "login",
+            credential_backend: backend
+        });
+        return;
     }
-    // Single-account login: no prior credential, the same account re-logging in,
-    // or an undeterminable login. Preserve the historical behaviour exactly —
-    // legacy storage, no accounts index created.
-    const backend = await saveStoredCredential(token, accountType, { mode: saveMode });
-    writeCommandOutput(opts, `Login succeeded. Credentials stored via ${describeBackend(backend)}.`, {
-        status: "ok",
-        action: "login",
-        credential_backend: backend
-    });
+    // A different (or unverifiable) prior account → transition to multi-account,
+    // preserving the prior login as the default and adding the new one.
+    registerExistingCredentialAsDefault(existingLogin ?? "default", existing.accountType);
+    const result = await addAccount({ id: newLogin, accountType, token, mode: saveMode });
+    emitLoginResult(opts, result, !result.isDefault);
 }
 function emitLoginResult(opts, result, hintSwitch) {
     const defaultSuffix = result.isDefault ? " (default)" : "";

package/dist/cli/packageInfo.js CHANGED Viewed

@@ -1,7 +1,7 @@
 import { createRequire } from "node:module";
 const FALLBACK_PACKAGE_INFO = {
     name: "copillm",
-    version: "0.3.0-beta.2"
+    version: "0.3.0-beta.4"
 };
 export function getPackageInfo() {
     const envName = cleanPackageValue(process.env.COPILLM_PACKAGE_NAME);

package/dist/server/debugInfo.js CHANGED Viewed

@@ -1,9 +1,18 @@
 import { setTimeout as defaultSleep } from "node:timers/promises";
+import { createHash } from "node:crypto";
 import { githubUserUrl } from "../config/upstream.js";
 import { isRetryableStatus, isRetryableTransportError, retryDelayMs } from "./upstream/retryPolicy.js";
 const CACHE_TTL_MS = 5 * 60 * 1_000;
 const DEFAULT_MAX_ATTEMPTS = 3;
-let cached = null;
+// Cache keyed by a hash of the GitHub token. It MUST be per-token: different
+// tokens identify different GitHub accounts, and a token-blind cache returns
+// one account's identity for another's — which silently broke multi-account
+// `auth login` (a second login appeared to be the same account and overwrote
+// the first). Hashing avoids retaining raw tokens as map keys.
+const cache = new Map();
+function cacheKey(token) {
+    return createHash("sha256").update(token).digest("hex");
+}
 /**
  * Fetch the GitHub user summary with bounded retries on transient failures.
  *
@@ -20,8 +29,10 @@ let cached = null;
  */
 export async function getGithubUserSummary(githubToken, options = {}) {
     const now = Date.now();
-    if (cached && now - cached.fetchedAt < CACHE_TTL_MS) {
-        return cached.summary;
+    const key = cacheKey(githubToken);
+    const hit = cache.get(key);
+    if (hit && now - hit.fetchedAt < CACHE_TTL_MS) {
+        return hit.summary;
     }
     const fetchImpl = options.fetchImpl ?? ((input, init) => fetch(input, init));
     const sleepImpl = options.sleepImpl ?? ((ms) => defaultSleep(ms));
@@ -60,7 +71,7 @@ export async function getGithubUserSummary(githubToken, options = {}) {
                 html_url: typeof payload.html_url === "string" ? payload.html_url : null,
                 plan_name: typeof payload.plan?.name === "string" ? payload.plan.name : null
             };
-            cached = { fetchedAt: Date.now(), summary };
+            cache.set(key, { fetchedAt: Date.now(), summary });
             return summary;
         }
         // Non-OK. 401/403/404 are terminal — fast-fail. Other retryable statuses
@@ -79,7 +90,7 @@ export async function getGithubUserSummary(githubToken, options = {}) {
     throw lastError ?? new Error("GitHub user lookup exhausted retries without error context.");
 }
 export function clearGithubUserCache() {
-    cached = null;
+    cache.clear();
 }
 export class GithubUserFetchError extends Error {
     status;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "copillm",
-  "version": "0.3.0-beta.2",
+  "version": "0.3.0-beta.4",
   "description": "Local Copilot proxy CLI (OpenAI/Anthropic-compatible)",
   "license": "MIT",
   "type": "module",