Skip to content

fix(server): fall back to plain gh auth status on CLIs without --json#3943

Open
webdevtodayjason wants to merge 2 commits into
pingdotgg:mainfrom
webdevtodayjason:fix/gh-auth-status-json-fallback
Open

fix(server): fall back to plain gh auth status on CLIs without --json#3943
webdevtodayjason wants to merge 2 commits into
pingdotgg:mainfrom
webdevtodayjason:fix/gh-auth-status-json-fallback

Conversation

@webdevtodayjason

@webdevtodayjason webdevtodayjason commented Jul 13, 2026

Copy link
Copy Markdown

Fixes #3806.

Problem

GitHub auth discovery probes with gh auth status --json hosts. The --json flag landed in gh 2.81; older CLIs exit non-zero with unknown flag: --json, so parseGitHubAuthStatus sees no JSON, and the probe reports Not authenticated — with a detail line telling the user to sign in. Users then run gh auth login repeatedly, which never helps, because the login is fine and the CLI version is the problem.

Reproduced on Linux with gh 2.45.0 (Ubuntu's package), fully logged in:

$ gh auth status --json hosts
unknown flag: --json                     # exit 1

$ gh auth status
github.com
  ✓ Logged in to github.com account octocat (~/.config/gh/hosts.yml)

T3 reported: auth: { status: "unauthenticated", detail: "unknown flag: --json" }.

Fix

  • Add an optional authFallbackArgs to SourceControlCliDiscoverySpec. It is retried only when the primary auth probe exits non-zero and did not resolve an account, so there is no extra process spawn on the happy path, and no behavior change for providers that do not set it.
  • Give the GitHub spec authFallbackArgs: ["auth", "status"].
  • Parse the human-readable output when the JSON parse yields nothing (parseGitHubAuthStatusText), handling both the current Logged in to <host> account <login> and the older Logged in to <host> as <login> phrasings, plus Active account: and failed-login lines. This mirrors the existing text parsing in gitLabAuthStatus.ts.

Verification

Built the server from this branch and ran it against a gh stub that rejects --json and prints the 2.45.0 text output:

before after
auth.status unauthenticated authenticated
auth.account octocat
auth.detail unknown flag: --json
  • vp test run apps/server/src/sourceControl/ — 93 passed (12 files), including 4 new tests: three parser cases (current phrasing, legacy as <login> phrasing, failed login stays unauthenticated) and one discovery-level test asserting the fallback runs and recovers the account when --json is rejected.
  • vp run --filter t3 typecheck — clean.
  • vp check — 0 errors.

Notes

Scoped to GitHub deliberately. GitLab/Azure/Bitbucket specs are untouched; the new spec field is opt-in, so the same mechanism is available if another CLI ever needs it.


Note

Low Risk
Scoped to opt-in GitHub auth discovery and parsing; happy path unchanged and genuine sign-out messages are preserved without extra CLI calls.

Overview
Fixes false unauthenticated GitHub discovery when gh is older than 2.81 and rejects auth status --json hosts with errors like unknown flag: --json.

Discovery gains optional authFallbackArgs on CLI specs and looksLikeUnsupportedInvocation so a second probe runs only when the primary command fails with an unsupported-flag/command pattern—not when the user is genuinely signed out. GitHub sets authFallbackArgs: ["auth", "status"].

Auth parsing adds parseGitHubAuthStatusText for human-readable gh auth status output (current account phrasing, legacy as <login>, active/failed lines). parseGitHubAuth uses JSON when it parses, otherwise plain text from combined stdout/stderr.

Tests cover the text parser, end-to-end fallback recovery, and the case where a modern CLI reports sign-out without triggering fallback.

Reviewed by Cursor Bugbot for commit 2a2e502. Bugbot is set up for automated code reviews on this repo. Configure here.

Note

Fall back to plain gh auth status when GitHub CLI does not support --json

  • Adds authFallbackArgs to the CLI discovery spec and parseGitHubAuthStatusText to parse human-readable gh auth status output from older GitHub CLI versions.
  • When the primary JSON-based auth probe (gh auth status --json hosts) exits non-zero with an "unknown flag" error, SourceControlProviderDiscovery retries using the plain gh auth status command.
  • Fallback is skipped when the primary probe returns a genuine sign-out on a modern CLI, preserving the specific sign-out detail.
  • gitHubAuthStatus.ts handles both current (account) and legacy (as) phrasing in plain-text output.

Macroscope summarized 2a2e502.

GitHub auth discovery runs `gh auth status --json hosts`. CLIs older than
2.81 do not support the flag, exit non-zero with `unknown flag: --json`,
and are reported as unauthenticated no matter how many times the user runs
`gh auth login` — the message points at the login, but the cause is the CLI
version.

Add an optional `authFallbackArgs` to the CLI discovery spec, retried only
when the primary probe exits non-zero without resolving an account, and give
the GitHub spec a `gh auth status` fallback whose human-readable output is
parsed (both the current `account <login>` and the older `as <login>`
phrasings). Behavior is unchanged for providers that do not set the new field,
and for any CLI where the primary probe already succeeds.

Fixes pingdotgg#3806
@coderabbitai

coderabbitai Bot commented Jul 13, 2026

Copy link
Copy Markdown

Important

Review skipped

Auto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 49bb1282-a5c7-40a4-a0cf-fab42bc64c26

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@github-actions github-actions Bot added size:L 100-499 changed lines (additions + deletions). vouch:unvouched PR author is not yet trusted in the VOUCHED list. labels Jul 13, 2026

@cursor cursor Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes using high effort and found 1 potential issue.

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.

Want fixes drafted automatically? Bugbot Autofix can create code changes for findings. A team admin can enable Autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit b4a5abc. Configure here.

Comment thread apps/server/src/sourceControl/SourceControlProviderDiscovery.ts
@macroscopeapp

macroscopeapp Bot commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

Approvability

Verdict: Needs human review

This PR introduces new text parsing logic with multiple regex patterns and modifies the source control discovery flow with conditional fallback behavior. While the backward compatibility intent is clear and tests are comprehensive, the new parsing capability and discovery flow changes warrant human review.

You can customize Macroscope's approvability policy. Learn more.

Address review feedback: the auth fallback previously ran whenever the
primary probe exited non-zero and was not authenticated, which includes a
modern CLI that is simply signed out. That ran the fallback needlessly and
could replace the primary's specific error with a generic sign-in hint.

Gate the fallback on `looksLikeUnsupportedInvocation` — a non-zero exit whose
output matches the Cobra `unknown flag/command` signal — so it fires only when
the CLI is too old for the primary args. A genuine sign-out keeps its detail
and skips the fallback. Adds a regression test.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01FLywDkpwfSx6Q7DxgxYBME
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

size:L 100-499 changed lines (additions + deletions). vouch:unvouched PR author is not yet trusted in the VOUCHED list.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

GitHub source control shows "Not authenticated" when gh is outdated (missing auth status --json)

2 participants