patchrelay 0.69.5 → 0.70.0

package/dist/build-info.json

@@ -1,6 +1,6 @@
 {
   "service": "patchrelay",
-  "version": "0.69.5",
-  "commit": "ab14b628b055",
-  "builtAt": "2026-05-22T23:00:59.300Z"
+  "version": "0.70.0",
+  "commit": "b70636ecd6d4",
+  "builtAt": "2026-05-23T19:04:31.282Z"
 }

package/dist/codex-app-server.js

@@ -52,6 +52,7 @@ export class CodexAppServerClient extends EventEmitter {
     config;
     logger;
     spawnProcess;
+    childEnvProvider;
     static DEFAULT_REQUEST_TIMEOUT_MS = 30_000;
     child;
     nextRequestId = 1;
@@ -60,11 +61,14 @@ export class CodexAppServerClient extends EventEmitter {
     started = false;
     stopping = false;
     startPromise;
-    constructor(config, logger, spawnProcess = spawn) {
+    constructor(config, logger, spawnProcess = spawn, 
+    /** Optional override for the child process env (used to strip frozen token vars). */
+    childEnvProvider) {
         super();
         this.config = config;
         this.logger = logger;
         this.spawnProcess = spawnProcess;
+        this.childEnvProvider = childEnvProvider;
     }
     /**
      * Update runtime codex settings used by future thread/thread-fork calls.
@@ -337,6 +341,7 @@ export class CodexAppServerClient extends EventEmitter {
         this.logger.info({ command: launch.command, args: launch.args }, "Starting Codex app-server");
         this.child = this.spawnProcess(launch.command, launch.args, {
             stdio: ["pipe", "pipe", "pipe"],
+            ...(this.childEnvProvider ? { env: this.childEnvProvider() } : {}),
         });
         this.child.stdin.on("error", (error) => {
             this.logger.error({ error: sanitizeDiagnosticText(error.message) }, "Codex app-server stdin error");

package/dist/github-app-token.js

@@ -1,9 +1,9 @@
 import { createSign } from "node:crypto";
-import { writeFile, mkdir } from "node:fs/promises";
-import path from "node:path";
 import { resolveSecretWithSource } from "./resolve-secret.js";
 import { getPatchRelayDataDir } from "./runtime-paths.js";
-const TOKEN_REFRESH_MS = 30 * 60_000; // 30 minutes (tokens last 1 hour)
+import { getGhConfigDir, writeGhHostsToken } from "./github-cli-auth.js";
+const TOKEN_REFRESH_MS = 30 * 60_000; // 30 minutes (installation tokens last 1 hour)
+const TOKEN_EXPIRY_MARGIN_MS = 5 * 60_000; // treat a token expiring within 5 min as stale
 /**
  * Resolve credentials from environment. Returns undefined if not configured.
  *
@@ -29,40 +29,9 @@ export function resolveGitHubAppCredentials() {
         },
     };
 }
-/**
- * Well-known paths for the token file and the gh wrapper.
- */
+/** Well-known path for the per-service `gh` config directory (holds the rotated hosts.yml). */
 export function getGitHubAppPaths() {
-    const shareDir = getPatchRelayDataDir();
-    return {
-        tokenFile: path.join(shareDir, "gh-token"),
-        binDir: path.join(shareDir, "bin"),
-        ghWrapper: path.join(shareDir, "bin", "gh"),
-    };
-}
-/**
- * Create the gh wrapper script that reads the token file.
- * Idempotent — safe to call on every startup.
- */
-export async function ensureGhWrapper(logger) {
-    const { binDir, ghWrapper, tokenFile } = getGitHubAppPaths();
-    await mkdir(binDir, { recursive: true });
-    const script = `#!/bin/bash
-# PatchRelay gh wrapper — uses GitHub App token when available.
-# Falls through to the user's own gh auth if the token file is missing.
-TOKEN_FILE="${tokenFile}"
-if [ -f "$TOKEN_FILE" ]; then
-  export GH_TOKEN=$(cat "$TOKEN_FILE")
-fi
-exec /usr/bin/gh "$@"
-`;
-    await writeFile(ghWrapper, script, { mode: 0o755 });
-    const currentPath = process.env.PATH ?? "";
-    const pathEntries = currentPath.split(path.delimiter).filter(Boolean);
-    if (!pathEntries.includes(binDir)) {
-        process.env.PATH = [binDir, ...pathEntries].join(path.delimiter);
-    }
-    logger.debug({ path: ghWrapper }, "Wrote gh wrapper script");
+    return { ghConfigDir: getGhConfigDir(getPatchRelayDataDir()) };
 }
 /**
  * Generate a GitHub App JWT (RS256, 10-minute lifetime).
@@ -97,7 +66,7 @@ async function fetchInstallationToken(jwt, installationId) {
         throw new Error(`Failed to fetch installation token (${response.status}): ${body}`);
     }
     const data = await response.json();
-    return data.token;
+    return { token: data.token, expiresAt: data.expires_at ?? null };
 }
 /**
  * Find the first installation ID for this app. Called once if installationId
@@ -123,17 +92,40 @@ async function resolveInstallationId(jwt) {
     return String(first.id);
 }
 /**
- * Creates a token manager that writes a fresh GitHub App installation token
- * to a well-known file every 30 minutes. The gh wrapper script reads this file.
+ * Creates a token manager that proactively re-mints a GitHub App installation token
+ * every 30 minutes and rewrites `gh`'s `hosts.yml` so both `gh` and `git` (via
+ * `gh auth git-credential`) authenticate as the bot with an always-fresh token.
  *
- * Returns undefined if credentials are not configured (optional feature).
+ * `onRefreshResult` is invoked after every refresh attempt so the service can update
+ * readiness/health and escalate when auth breaks.
  */
-export function createGitHubAppTokenManager(credentials, logger) {
-    const { tokenFile } = getGitHubAppPaths();
+export function createGitHubAppTokenManager(credentials, logger, onRefreshResult) {
+    const { ghConfigDir } = getGitHubAppPaths();
     let timer;
     let resolvedInstallationId = credentials.installationId;
     let cachedToken;
+    let expiresAtMs;
     let resolvedBotIdentity;
+    let lastRefreshAt = null;
+    let lastRefreshError = null;
+    let consecutiveFailures = 0;
+    function isFresh() {
+        if (!cachedToken)
+            return false;
+        if (expiresAtMs === undefined)
+            return true;
+        return expiresAtMs - Date.now() > TOKEN_EXPIRY_MARGIN_MS;
+    }
+    function status() {
+        return {
+            healthy: isFresh() && lastRefreshError === null,
+            installationId: resolvedInstallationId ?? null,
+            lastRefreshAt,
+            lastRefreshError,
+            consecutiveFailures,
+            expiresAt: expiresAtMs ? new Date(expiresAtMs).toISOString() : null,
+        };
+    }
     async function refresh() {
         try {
             const jwt = generateJwt(credentials.appId, credentials.privateKey);
@@ -145,16 +137,30 @@ export function createGitHubAppTokenManager(credentials, logger) {
                 resolvedBotIdentity = await resolveBotIdentity(jwt);
                 logger.info({ botName: resolvedBotIdentity.name, botEmail: resolvedBotIdentity.email }, "Resolved GitHub App bot identity");
             }
-            const token = await fetchInstallationToken(jwt, resolvedInstallationId);
-            await mkdir(path.dirname(tokenFile), { recursive: true });
-            await writeFile(tokenFile, token, { mode: 0o600 });
-            cachedToken = token;
+            const { token, expiresAt } = await fetchInstallationToken(jwt, resolvedInstallationId);
+            await writeGhHostsToken(ghConfigDir, token, resolvedBotIdentity.name);
+            // Keep the daemon's own env token fresh for in-process consumers that read it
+            // directly (webhook API helpers). This is the daemon's process env only — never a
+            // repo/global git config — and is stripped from the long-lived Codex child, which
+            // reads the rotated hosts.yml via GH_CONFIG_DIR instead.
             process.env.GH_TOKEN = token;
             process.env.GITHUB_TOKEN = token;
-            logger.debug("Refreshed GitHub App installation token");
+            cachedToken = token;
+            expiresAtMs = expiresAt ? Date.parse(expiresAt) : undefined;
+            lastRefreshAt = new Date().toISOString();
+            lastRefreshError = null;
+            consecutiveFailures = 0;
+            logger.info({ installationId: resolvedInstallationId, expiresAt, ghConfigDir }, "Rotated GitHub App token (gh + git now authenticate as the bot with a fresh token)");
         }
         catch (error) {
-            logger.warn({ error: error instanceof Error ? error.message : String(error) }, "Failed to refresh GitHub App token (will retry in 30 minutes)");
+            const message = error instanceof Error ? error.message : String(error);
+            lastRefreshError = message;
+            consecutiveFailures += 1;
+            // Escalate: a broken App token means every git/gh operation will fail.
+            logger.error({ error: message, consecutiveFailures, installationId: resolvedInstallationId ?? null }, "Failed to refresh GitHub App token — gh/git auth is degraded until this recovers");
+        }
+        finally {
+            onRefreshResult?.(status());
         }
     }
     function schedule() {
@@ -175,11 +181,17 @@ export function createGitHubAppTokenManager(credentials, logger) {
             }
         },
         currentToken() {
-            return cachedToken;
+            return isFresh() ? cachedToken : undefined;
+        },
+        async refresh() {
+            await refresh();
         },
         botIdentity() {
             return resolvedBotIdentity;
         },
+        authStatus() {
+            return status();
+        },
     };
 }
 /**
@@ -210,10 +222,8 @@ async function resolveBotIdentity(jwt) {
         throw new Error(`Failed to fetch bot user ${botLogin} (${userResponse.status}): ${body}`);
     }
     const user = await userResponse.json();
-    const { tokenFile } = getGitHubAppPaths();
     return {
         name: user.login,
         email: `${user.id}+${user.login}@users.noreply.github.com`,
-        tokenFile,
     };
 }

package/dist/github-auth-remediation.js

@@ -0,0 +1,34 @@
+import { execCommand } from "./utils.js";
+const GITHUB_HELPER_KEY = "credential.https://github.com.helper";
+// Markers of the helper older patchrelay versions wrote into managed repo configs:
+// a shell helper that cat-ed the bot token file. Either marker identifies a leaked entry.
+const LEAKED_HELPER_MARKERS = ["gh-token", "x-access-token"];
+/**
+ * Best-effort cleanup of credentials that older patchrelay versions persisted into
+ * managed repo git configs: a credential helper that read the bot token file, plus a
+ * bot `user.name`/`user.email`. Those leaked the bot identity into interactive shell
+ * sessions on the shared clone. The current design delivers auth purely via process env,
+ * so these entries are obsolete and should be removed. Idempotent and non-fatal.
+ */
+export async function remediateLeakedBotAuth(params) {
+    for (const repoPath of new Set(params.repoPaths)) {
+        try {
+            const helpers = await execCommand(params.gitBin, ["-C", repoPath, "config", "--local", "--get-all", GITHUB_HELPER_KEY], { timeoutMs: 5_000 });
+            if (helpers.exitCode === 0 && LEAKED_HELPER_MARKERS.some((marker) => helpers.stdout?.includes(marker))) {
+                await execCommand(params.gitBin, ["-C", repoPath, "config", "--local", "--unset-all", GITHUB_HELPER_KEY], { timeoutMs: 5_000 });
+                params.logger.info({ repoPath }, "Removed leaked bot credential helper from repo git config");
+            }
+            if (params.botName) {
+                const userName = await execCommand(params.gitBin, ["-C", repoPath, "config", "--local", "user.name"], { timeoutMs: 5_000 });
+                if (userName.exitCode === 0 && userName.stdout?.trim() === params.botName) {
+                    await execCommand(params.gitBin, ["-C", repoPath, "config", "--local", "--unset", "user.name"], { timeoutMs: 5_000 });
+                    await execCommand(params.gitBin, ["-C", repoPath, "config", "--local", "--unset", "user.email"], { timeoutMs: 5_000 });
+                    params.logger.info({ repoPath }, "Removed leaked bot identity from repo git config");
+                }
+            }
+        }
+        catch (error) {
+            params.logger.warn({ repoPath, error: error instanceof Error ? error.message : String(error) }, "Failed to remediate leaked bot auth in repo git config (non-fatal)");
+        }
+    }
+}

package/dist/github-cli-auth.js

@@ -0,0 +1,90 @@
+import { existsSync } from "node:fs";
+import { mkdir, writeFile } from "node:fs/promises";
+import path from "node:path";
+/**
+ * Unified GitHub App credential delivery for `git` and the `gh` CLI.
+ *
+ * Both tools authenticate as the App through a single source of truth: a private
+ * `gh` config directory (`GH_CONFIG_DIR`) whose `hosts.yml` holds the current
+ * installation token. `git` is pointed at `gh auth git-credential` via env-injected
+ * config, so it reads the same token. The token file is rewritten on every proactive
+ * rotation (see github-app-token.ts), so even long-lived child processes (the Codex
+ * app-server) stay fresh — they re-read the file on each call rather than capturing a
+ * token frozen at spawn.
+ *
+ * Nothing is written into any repo/worktree/global git config, so these credentials
+ * never leak into a developer's interactive shell sessions.
+ */
+export const GITHUB_HOST = "github.com";
+/** Path to the per-service `gh` config directory, under the service data dir. */
+export function getGhConfigDir(dataDir) {
+    return path.join(dataDir, "gh-bot");
+}
+/** Resolve an absolute `gh` path so the git credential helper works under restricted PATHs. */
+export function resolveGhBin() {
+    for (const candidate of ["/usr/bin/gh", "/usr/local/bin/gh", "/opt/homebrew/bin/gh"]) {
+        if (existsSync(candidate))
+            return candidate;
+    }
+    return "gh";
+}
+/**
+ * Write `gh`'s `hosts.yml` so that `gh` (and therefore `git`, via
+ * `gh auth git-credential`) authenticate as the App using `token`.
+ */
+export async function writeGhHostsToken(ghConfigDir, token, login) {
+    await mkdir(ghConfigDir, { recursive: true });
+    const hosts = `${GITHUB_HOST}:\n` +
+        `    oauth_token: ${token}\n` +
+        `    user: ${login}\n` +
+        `    git_protocol: https\n`;
+    await writeFile(path.join(ghConfigDir, "hosts.yml"), hosts, { mode: 0o600 });
+}
+/**
+ * Build the environment that makes both `gh` and `git` authenticate as the App.
+ *
+ * - `GH_CONFIG_DIR` points `gh` at the rotated bot config.
+ * - `git` delegates github.com credentials to `gh auth git-credential` (an empty
+ *   helper first clears any inherited/global helper, then ours is appended).
+ * - `GIT_AUTHOR_*`/`GIT_COMMITTER_*` attribute commits to the bot without writing
+ *   `user.name` into any repo config.
+ *
+ * Note on token env vars: the daemon keeps `GH_TOKEN`/`GITHUB_TOKEN` fresh (rotated each
+ * cycle) for in-process consumers that read them directly. They are stripped only when
+ * spawning a long-lived child (see {@link buildAgentChildEnv}) — there they would take
+ * precedence over `GH_CONFIG_DIR` and freeze a stale token captured at spawn.
+ */
+export function buildGitHubCliAuthEnv(opts) {
+    const env = {
+        GH_CONFIG_DIR: opts.ghConfigDir,
+        GIT_TERMINAL_PROMPT: "0",
+        GIT_CONFIG_COUNT: "2",
+        GIT_CONFIG_KEY_0: `credential.https://${GITHUB_HOST}.helper`,
+        GIT_CONFIG_VALUE_0: "",
+        GIT_CONFIG_KEY_1: `credential.https://${GITHUB_HOST}.helper`,
+        GIT_CONFIG_VALUE_1: `!${opts.ghBin} auth git-credential`,
+    };
+    if (opts.identity) {
+        env.GIT_AUTHOR_NAME = opts.identity.name;
+        env.GIT_AUTHOR_EMAIL = opts.identity.email;
+        env.GIT_COMMITTER_NAME = opts.identity.name;
+        env.GIT_COMMITTER_EMAIL = opts.identity.email;
+    }
+    return env;
+}
+/** Apply {@link buildGitHubCliAuthEnv} onto a process env object in place. */
+export function applyGitHubCliAuthEnv(target, opts) {
+    Object.assign(target, buildGitHubCliAuthEnv(opts));
+}
+/**
+ * Build the environment for a long-lived child process (e.g. the Codex app-server).
+ * `GH_TOKEN`/`GITHUB_TOKEN` are stripped so the child resolves credentials through the
+ * inherited `GH_CONFIG_DIR` (re-read fresh on each call) instead of a token frozen at
+ * spawn. The child still inherits the `gh` credential helper and bot identity.
+ */
+export function buildAgentChildEnv(parentEnv = process.env) {
+    const env = { ...parentEnv };
+    delete env.GH_TOKEN;
+    delete env.GITHUB_TOKEN;
+    return env;
+}

package/dist/index.js

@@ -7,8 +7,9 @@ async function main() {
         process.exitCode = cliExitCode;
         return;
     }
-    const [{ CodexAppServerClient }, { getAdjacentEnvFilePaths, loadConfig }, { PatchRelayDatabase }, { enforceRuntimeFilePermissions, enforceServiceEnvPermissions }, { buildHttpServer }, { DatabaseBackedLinearClientProvider }, { createLogger }, { runPreflight }, { PatchRelayService }, { ensureDir },] = await Promise.all([
+    const [{ CodexAppServerClient }, { buildAgentChildEnv }, { getAdjacentEnvFilePaths, loadConfig }, { PatchRelayDatabase }, { enforceRuntimeFilePermissions, enforceServiceEnvPermissions }, { buildHttpServer }, { DatabaseBackedLinearClientProvider }, { createLogger }, { runPreflight }, { PatchRelayService }, { ensureDir },] = await Promise.all([
         import("./codex-app-server.js"),
+        import("./github-cli-auth.js"),
         import("./config.js"),
         import("./db.js"),
         import("./file-permissions.js"),
@@ -36,7 +37,10 @@ async function main() {
     const logger = createLogger(config);
     const db = new PatchRelayDatabase(config.database.path, config.database.wal);
     db.runMigrations();
-    const codex = new CodexAppServerClient(config.runner.codex, logger);
+    // The Codex app-server is long-lived: give it an env without GH_TOKEN/GITHUB_TOKEN so the
+    // agent's git/gh resolve credentials via the inherited GH_CONFIG_DIR (rotated hosts.yml)
+    // rather than a token frozen at spawn.
+    const codex = new CodexAppServerClient(config.runner.codex, logger, undefined, () => buildAgentChildEnv());
     const linearProvider = new DatabaseBackedLinearClientProvider(config, db, logger);
     const service = new PatchRelayService(config, db, codex, linearProvider, logger, configPath);
     await service.start();

package/dist/run-launcher.js

@@ -2,7 +2,6 @@ import { buildHookEnv, runProjectHook } from "./hook-runner.js";
 import { buildRunFailureActivity } from "./linear-session-reporting.js";
 import { loadPatchRelayRepoPrompting } from "./patchrelay-customization.js";
 import { buildRunPrompt as buildPatchRelayRunPrompt, findDisallowedPatchRelayPromptSectionIds, findUnknownPatchRelayPromptSectionIds, mergePromptCustomizationLayers, resolvePromptLayers, } from "./prompting/patchrelay.js";
-import { configureGitHubBotAuthForWorktree } from "./github-worktree-auth.js";
 import { sanitizeDiagnosticText } from "./utils.js";
 function slugify(value) {
     return value.toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/^-+|-+$/g, "").slice(0, 60);
@@ -152,13 +151,10 @@ export class RunLauncher {
         const firstThreadForIssue = !params.issue.threadId;
         try {
             await this.worktreeManager.ensureIssueWorktree(params.project.repoPath, params.project.worktreeRoot, params.worktreePath, params.branchName, { allowExistingOutsideRoot: params.issue.branchName !== undefined });
-            if (params.botIdentity) {
-                await configureGitHubBotAuthForWorktree({
-                    gitBin: this.config.runner.gitBin,
-                    worktreePath: params.worktreePath,
-                    botIdentity: params.botIdentity,
-                });
-            }
+            // GitHub auth (gh + git) and bot commit identity reach the agent via the inherited
+            // process env (GH_CONFIG_DIR + gh credential helper + GIT_AUTHOR/COMMITTER). Nothing
+            // is written into the worktree git config, so credentials never leak into interactive
+            // shell sessions on the shared clone.
             await this.worktreeManager.resetWorktreeToTrackedBranch(params.worktreePath, params.branchName, params.issue, this.logger);
             if (shouldFreshenWorktreeBeforeLaunch({
                 runType: params.runType,

package/dist/service-runtime.js

@@ -15,6 +15,8 @@ export class ServiceRuntime {
     issueQueue;
     ready = false;
     linearConnected = false;
+    githubAppAuthHealthy = true;
+    githubAppAuthError;
     startupError;
     reconcileTimer;
     reconcileInProgress = false;
@@ -57,11 +59,17 @@ export class ServiceRuntime {
     setLinearConnected(connected) {
         this.linearConnected = connected;
     }
+    setGithubAppAuthHealthy(healthy, reason) {
+        this.githubAppAuthHealthy = healthy;
+        this.githubAppAuthError = healthy ? undefined : reason;
+    }
     getReadiness() {
         return {
             ready: this.ready && this.codex.isStarted() && this.linearConnected,
             codexStarted: this.codex.isStarted(),
             linearConnected: this.linearConnected,
+            githubAppAuthHealthy: this.githubAppAuthHealthy,
+            ...(this.githubAppAuthError ? { githubAppAuthError: this.githubAppAuthError } : {}),
             ...(this.startupError ? { startupError: this.startupError } : {}),
         };
     }

package/dist/service.js

@@ -1,4 +1,6 @@
-import { resolveGitHubAppCredentials, createGitHubAppTokenManager, ensureGhWrapper, } from "./github-app-token.js";
+import { resolveGitHubAppCredentials, createGitHubAppTokenManager, getGitHubAppPaths, } from "./github-app-token.js";
+import { applyGitHubCliAuthEnv, resolveGhBin } from "./github-cli-auth.js";
+import { remediateLeakedBotAuth } from "./github-auth-remediation.js";
 import { GitHubWebhookHandler } from "./github-webhook-handler.js";
 import { IssueQueryService } from "./issue-query-service.js";
 import { DatabaseBackedLinearClientProvider } from "./linear-client.js";
@@ -75,7 +77,11 @@ export class PatchRelayService {
         const ghAppCredentials = resolveGitHubAppCredentials();
         if (ghAppCredentials) {
             Object.assign(config.secretSources, ghAppCredentials.secretSources);
-            this.githubAppTokenManager = createGitHubAppTokenManager(ghAppCredentials, logger);
+            this.githubAppTokenManager = createGitHubAppTokenManager(ghAppCredentials, logger, (status) => {
+                // Surface auth health on every rotation so `patchrelay` status reflects it and
+                // a broken token escalates instead of silently failing later git/gh operations.
+                this.runtime.setGithubAppAuthHealthy(status.healthy, status.lastRefreshError ?? undefined);
+            });
         }
         this.codex.on("notification", (notification) => {
             this.orchestrator.handleCodexNotification(notification).catch((error) => {
@@ -126,12 +132,34 @@ export class PatchRelayService {
             this.logger.error("No projects have working Linear auth — service is NOT READY. Run 'patchrelay linear connect' to authorize.");
         }
         if (this.githubAppTokenManager) {
-            await ensureGhWrapper(this.logger);
+            const { ghConfigDir } = getGitHubAppPaths();
+            const ghBin = resolveGhBin();
+            // Point gh + git at the bot config dir before the first rotation and before the
+            // Codex app-server spawns (it inherits this process env). GH_TOKEN/GITHUB_TOKEN are
+            // cleared so the rotated hosts.yml is the single source of truth.
+            applyGitHubCliAuthEnv(process.env, { ghConfigDir, ghBin });
             await this.githubAppTokenManager.start();
             const identity = this.githubAppTokenManager.botIdentity();
             if (identity) {
                 this.orchestrator.botIdentity = identity;
+                // Re-apply with identity so bot commit attribution flows to git via env.
+                applyGitHubCliAuthEnv(process.env, { ghConfigDir, ghBin, identity });
+            }
+            const ghAuthStatus = this.githubAppTokenManager.authStatus();
+            this.runtime.setGithubAppAuthHealthy(ghAuthStatus.healthy, ghAuthStatus.lastRefreshError ?? undefined);
+            if (!ghAuthStatus.healthy) {
+                this.logger.error({ ghAuthStatus }, "GitHub App auth is NOT healthy at startup — git/gh operations will fail until a token is minted");
             }
+            else {
+                this.logger.info({ installationId: ghAuthStatus.installationId, expiresAt: ghAuthStatus.expiresAt }, "GitHub App auth ready — gh + git authenticate as the bot");
+            }
+            // Clean up credentials older versions persisted into managed repo configs.
+            await remediateLeakedBotAuth({
+                gitBin: this.config.runner.gitBin,
+                repoPaths: this.config.repositories.map((repository) => repository.localPath),
+                ...(identity ? { botName: identity.name } : {}),
+                logger: this.logger,
+            });
         }
         await this.runtime.start();
         void this.startupRecovery.recoverDelegatedIssueStateFromLinear().catch((error) => {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "patchrelay",
-  "version": "0.69.5",
+  "version": "0.70.0",
   "license": "MIT",
   "type": "module",
   "repository": {

package/dist/github-worktree-auth.js

@@ -1,20 +0,0 @@
-import { execCommand } from "./utils.js";
-function shellSingleQuote(value) {
-    return `'${value.replace(/'/g, `'"'"'`)}'`;
-}
-export function buildGitHubBotCredentialHelper(tokenFile) {
-    const quotedTokenFile = shellSingleQuote(tokenFile);
-    return `!f() { [ "$1" = get ] || exit 0; echo "username=x-access-token"; echo "password=$(cat ${quotedTokenFile})"; }; f`;
-}
-export async function configureGitHubBotAuthForWorktree(params) {
-    const helper = buildGitHubBotCredentialHelper(params.botIdentity.tokenFile);
-    const gitConfigArgs = ["-C", params.worktreePath, "config"];
-    const gitWorktreeConfigArgs = [...gitConfigArgs, "--worktree"];
-    await execCommand(params.gitBin, [...gitConfigArgs, "extensions.worktreeConfig", "true"], { timeoutMs: 5_000 });
-    await execCommand(params.gitBin, [...gitWorktreeConfigArgs, "user.name", params.botIdentity.name], { timeoutMs: 5_000 });
-    await execCommand(params.gitBin, [...gitWorktreeConfigArgs, "user.email", params.botIdentity.email], { timeoutMs: 5_000 });
-    // Clear inherited GitHub-specific helpers such as `gh auth git-credential`
-    // so git HTTPS operations use the same bot token as the wrapped `gh` CLI.
-    await execCommand(params.gitBin, [...gitWorktreeConfigArgs, "--replace-all", "credential.https://github.com.helper", ""], { timeoutMs: 5_000 });
-    await execCommand(params.gitBin, [...gitWorktreeConfigArgs, "--add", "credential.https://github.com.helper", helper], { timeoutMs: 5_000 });
-}