feat(identity): GitHub App identity for agent git operations#970
Open
sabbour wants to merge 12 commits intobradygaster:devfrom
Open
feat(identity): GitHub App identity for agent git operations#970sabbour wants to merge 12 commits intobradygaster:devfrom
sabbour wants to merge 12 commits intobradygaster:devfrom
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
Adds a new SDK/CLI “identity” capability so Squad agents can authenticate GitHub operations (commit/push/PR) as GitHub App bot identities, with token lifecycle management and spawn-time GH_TOKEN injection.
Changes:
- Introduces
@bradygaster/squad-sdk/identitymodule (role slug mapping, storage, JWT + installation token exchange + caching, formatting, exec wrappers). - Injects role-based GH_TOKEN into
spawnAgent()and adds/updates identity-related documentation + templates. - Adds a standalone E2E identity test runner plus unit tests for identity behaviors.
Reviewed changes
Copilot reviewed 51 out of 60 changed files in this pull request and generated 9 comments.
Show a summary per file
| File | Description |
|---|---|
| test/identity/tokens.test.ts | Unit tests for JWT + token exchange + caching + env override (contains an exp mismatch vs implementation). |
| test/identity/storage.test.ts | Unit tests for identity config/app registration storage helpers. |
| test/identity/spawn-token-injection.test.ts | Verifies spawn-time GH_TOKEN injection behavior via mocks. |
| test/identity/role-slugs.test.ts | Tests canonical role slug mapping behavior. |
| test/identity/formatting.test.ts | Tests comment/commit message formatting helpers. |
| test/identity/exec.test.ts | Tests GH_TOKEN-scoped execution wrappers. |
| scripts/test-identity-e2e.mjs | Local E2E runner that exercises real GitHub App workflow (has token-leak risk on failure). |
| packages/squad-sdk/src/index.ts | Re-exports the new identity module from the SDK root barrel. |
| packages/squad-sdk/src/identity/* | New identity implementation: types, storage, role slugs, formatting, tokens, exec. |
| packages/squad-sdk/package.json | Adds ./identity export but changes version to a prerelease (guarded by CI). |
| packages/squad-cli/src/cli/shell/spawn.ts | Adds role-based GH_TOKEN injection before session creation. |
| packages/squad-cli/src/cli/index.ts | Exposes runIdentity from the CLI module exports. |
| packages/squad-cli/src/cli-entry.ts | Wires the identity command entry point. |
| docs/proposals/avatars/README.md | New avatar docs (markdown table formatting issue). |
| docs/proposals/agent-avatar-prompts.md | Avatar generation prompts (markdown table formatting issue). |
| .squad/templates/issue-lifecycle.md | Adds PR attribution line for identity-configured runs. |
| .squad/decisions.md (+ related inbox file deletions) | Merges identity decisions into the consolidated decisions log. |
| .gitignore | Ignores .squad/identity/keys/. |
| .github/agents/squad.agent.md | Adds identity block/instructions (breaks template-sync + uses require() with ESM dist). |
| .changeset/* | Adds changesets for SDK/CLI identity work. |
sabbour
added a commit
to sabbour/squad
that referenced
this pull request
Apr 13, 2026
- Fix JWT comment: 10min → 9min to match actual exp=now+540 (tokens.ts) - Reset SDK version to 0.9.1 to match dev branch (package.json) - Add sanitizeError helper to prevent token leaks in E2E test logs - Add 'lead' fallback in spawn.ts when role-specific token unavailable - Fix test assertion: exp ~= 540s not 600s (tokens.test.ts) Closes bradygaster#970 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
sabbour
force-pushed
the
squad/agent-github-identity
branch
from
b4768f7 to
4f61876
Compare
sabbour
added a commit
to sabbour/squad
that referenced
this pull request
Apr 13, 2026
- Fix JWT comment: 10min → 9min to match actual exp=now+540 (tokens.ts) - Reset SDK version to 0.9.1 to match dev branch (package.json) - Add sanitizeError helper to prevent token leaks in E2E test logs - Add 'lead' fallback in spawn.ts when role-specific token unavailable - Fix test assertion: exp ~= 540s not 600s (tokens.test.ts) Closes bradygaster#970 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
sabbour
added a commit
to sabbour/squad
that referenced
this pull request
Apr 13, 2026
1. Add vi.unstubAllGlobals() to tokens.test.ts afterEach 2. Derive owner/repo from git remote in E2E script (was hardcoded) 3. Same fix for git workflow section of E2E script 4. Make token resolution non-fatal in agent template (remove process.exit) 5. Sync all 5 squad.agent.md copies to be byte-identical 6. Tighten 'ui' role pattern to avoid matching 'Build Engineer' Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
sabbour
added a commit
to sabbour/squad
that referenced
this pull request
Apr 14, 2026
…throw safety
- Remove clearTokenCache() from token snippet in all 5 template copies (unnecessary in fresh process)
- Change literal BRANCH to {branch} placeholder in push command across all templates
- Wrap resolveToken() in try-catch for graceful null fallback on any error
- Threads 2/4/5 addressed with reply-only (no code change needed)
Closes bradygaster#970
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Comment on lines
+205
to
+212
| const roleSlug = process.argv[2]; | ||
| if (!roleSlug) { | ||
| process.exit(0); | ||
| } | ||
|
|
||
| const token = await resolveToken(process.cwd(), roleSlug); | ||
| if (token) { | ||
| process.stdout.write(token); |
There was a problem hiding this comment.
The script resolves the identity root using process.cwd(), but agents are instructed to execute the script via an absolute path (node {team_root}/.squad/scripts/resolve-token.mjs ...) while their current working directory may be a worktree or subdir. This will make lookups under .squad/identity/ fail unless the caller happens to cd to the team root first. Derive projectRoot from the script’s own location (e.g., import.meta.url → dirname → ../..) or accept an explicit --root/second argv param and use that instead of process.cwd().
Comment on lines
+245
to
+252
| const token = await resolveToken(PROJECT_ROOT, 'lead'); | ||
| if (!token) { | ||
| fail('resolveToken returns a token', 'got null'); | ||
| } else if (typeof token !== 'string' || token.length < 10) { | ||
| fail('resolveToken returns a valid token string', `got ${typeof token}, length=${token?.length}`); | ||
| } else { | ||
| pass(`resolveToken returns a token (${token.substring(0, 8)}...)`); | ||
| } |
There was a problem hiding this comment.
This E2E script logs the first 8 characters of the installation token (token.substring(0, 8)). Even partial token disclosure is unnecessary and can end up in CI logs or shared terminals. Prefer logging a non-sensitive signal (e.g., token length, expiry time, or just “resolved”) and avoid printing any token substring.
sabbour
added a commit
to sabbour/squad
that referenced
this pull request
Apr 14, 2026
Replace token.substring() calls with non-sensitive signals (length, status) to prevent accidental token disclosure in CI logs. Closes review thread 28 on bradygaster#970 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
sabbour
added a commit
to sabbour/squad
that referenced
this pull request
Apr 14, 2026
- Fix resolve-token.mjs to derive project root from script location - Clear setTimeout in waitForManifestCode on all resolution paths - Remove unreachable choice '3' handler from identity menu - Verify .gitignore covers .squad/identity/keys/ Closes review threads 24-27 on bradygaster#970 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
sabbour-squad-lead Bot
pushed a commit
to sabbour/squad
that referenced
this pull request
Apr 14, 2026
Merged 10 inbox decision files into decisions.md with date formatting. Updated EECOM and FIDO history.md with team update notes. Decision archival deferred (12151→23823 bytes, still under 51200 threshold). PR review feedback fixes logged (identity cwd, timeout, logging, SDk export). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
sabbour
added a commit
to sabbour/squad
that referenced
this pull request
Apr 14, 2026
- Test resolve-token.mjs derives project root from script location, not cwd - Test waitForManifestCode timeout cleanup behavior - Test identity menu only handles valid choices - Test .gitignore covers .squad/identity/keys/ - Test no token substring disclosure in e2e script Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Author
✅ Identity E2E Verification — All Tests PassingTest Results (sabbour/squad with real GitHub Apps)Base E2E (
Multi-Identity Interaction (
Unit/Regression Tests — 107/107 passed (13 test files) Evidence: Cross-Identity PRSee sabbour/squad#17 — PR created by Apps Tested
|
Owner
|
This is cool, @sabbour - do you have a sample repo you could show folks where this is in use? |
Author
|
@bradygaster here's an example sabbour#20 |
sabbour
force-pushed
the
squad/agent-github-identity
branch
from
a7f2273 to
841e415
Compare
Squashed 67 commits from squad/agent-github-identity onto upstream/dev.
sabbour
force-pushed
the
squad/agent-github-identity
branch
from
841e415 to
1df2494
Compare
Comment on lines
1
to
6
| { | ||
| "name": "@bradygaster/squad-sdk", | ||
| "version": "0.9.1", | ||
| "version": "0.9.1-build.5", | ||
| "description": "Squad SDK — Programmable multi-agent runtime for GitHub Copilot", | ||
| "type": "module", | ||
| "main": "./dist/index.js", |
There was a problem hiding this comment.
@bradygaster/squad-sdk is set to a prerelease build version (0.9.1-build.5). This violates the repo’s “no prerelease versions on dev/main” policy (and will likely fail the prerelease version guard CI), and it also puts SDK/CLI out of sync (squad-cli is 0.9.1). Please revert both packages to strict MAJOR.MINOR.PATCH and rely on changesets for the release bump instead of committing -build.* versions.
| '@bradygaster/squad-cli': patch | ||
| --- | ||
|
|
||
| Auto-ignore identity secrets on `squad init` and `squad upgrade`. `.squad/identity/keys/` (GitHub App private PEMs), `.squad/identity/apps/` (per-role installation metadata), `.squad/identity/config.json`, and per-role token caches matching `.squad-*-token` / `.squad-*-token.json` (e.g. `.squad-hermes-token` holding `ghs_*` installation tokens) are now appended to `.gitignore` so they cannot be accidentally committed. |
There was a problem hiding this comment.
The release note in this changeset claims init/upgrade will auto-append ignores for identity secrets (apps/, config.json, token caches, etc.), but this PR only adds .squad/identity/keys/ to the repo root .gitignore and does not update the init/upgrade gitignore enforcement lists (e.g. ensureGitignore()’s GITIGNORE_ENTRIES). Please either implement the described auto-ignore behavior or adjust this changeset text to match what actually ships.
Suggested change
| Auto-ignore identity secrets on `squad init` and `squad upgrade`. `.squad/identity/keys/` (GitHub App private PEMs), `.squad/identity/apps/` (per-role installation metadata), `.squad/identity/config.json`, and per-role token caches matching `.squad-*-token` / `.squad-*-token.json` (e.g. `.squad-hermes-token` holding `ghs_*` installation tokens) are now appended to `.gitignore` so they cannot be accidentally committed. | |
| Add `.squad/identity/keys/` to the repository root `.gitignore` so GitHub App private PEMs are less likely to be accidentally committed. |
Comment on lines
+767
to
+777
| const crossCleanupToken = await resolveToken(PROJECT_ROOT, identityA.roleKey); | ||
| execSync( | ||
| `git push origin --delete ${branch}`, | ||
| { | ||
| cwd: PROJECT_ROOT, | ||
| encoding: 'utf-8', | ||
| stdio: 'pipe', | ||
| timeout: 30_000, | ||
| env: { ...process.env, GH_TOKEN: crossCleanupToken }, | ||
| }, | ||
| ); |
There was a problem hiding this comment.
Cross-identity cleanup deletes the remote branch via git push origin --delete ... while only setting GH_TOKEN in the environment. git does not use GH_TOKEN for authentication, so this will usually fall back to the developer’s credentials (or fail), undermining the goal of verifying bot-token-only workflows. Please delete the branch using a token-authenticated push (consistent with earlier https://x-access-token:${token}@github.com/... usage) or another explicit credential mechanism.
Comment on lines
+343
to
+345
| {only if identity configured:} | ||
| GIT IDENTITY: Commit as `{app_slug}[bot]`. Push with token: `TOKEN=$(node {team_root}/.squad/scripts/resolve-token.mjs '{role_slug}'); if [ -n "$TOKEN" ]; then git push https://x-access-token:${TOKEN}@github.com/{owner}/{repo}.git {branch}; else git push; fi`. PR: `if [ -n "$TOKEN" ]; then GH_TOKEN=$TOKEN gh pr create --repo {owner}/{repo} ...; else gh pr create ...; fi`. PR body: `🤖 [{app_slug}](https://github.com/apps/{app_slug})`. | ||
| {end identity block} |
There was a problem hiding this comment.
This mirror template’s identity snippet differs from the canonical .squad-templates/squad.agent.md (template-sync requires byte-for-byte parity). Please re-sync from .squad-templates/ after fixing the canonical snippet so this file matches exactly.
* feat(identity): add GitHub App-based agent identity module Squashed 67 commits from squad/agent-github-identity onto upstream/dev. * feat(identity): hardening + kickstart sync quick wins - TokenResolveError structured type (kind: not-configured | runtime) - H-01: AbortController + Promise.race 10s fetch timeout - H-02: PEM validation via createPrivateKey before signing - H-03: partial env detection — loud error when 1-2 of 3 vars set - H-07: SQUAD_IDENTITY_MOCK / SQUAD_IDENTITY_MOCK_TOKEN mock hook - Role aliases: resolveRoleSlug() maps shorthand to canonical slugs - scribe added to RoleSlug union; ALL_ROLES constant exported from SDK - isCliInvocation ESM dual-mode guard in resolve-token.mjs - resolveTokenWithDiagnostics() + clearTokenCache() public API - Cache keyed by projectRoot:roleKey (prevents cross-test pollution) - All 142 identity tests pass Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * docs: Flight review of PR #21 — identity hardening Reviewed 13 findings from identity-hardening + kickstart-sync proposals. Verdict: request changes (2 blocking: changeset naming, stale template copies). 142/142 tests green. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix(identity): correct changeset package names + sync resolve-token.mjs copies - .changeset/identity-hardening.md: @squad/sdk -> @bradygaster/squad-sdk, @squad/cli -> @bradygaster/squad-cli (unknown names silently ignored by changesets tooling) - Sync .squad-templates/scripts/resolve-token.mjs to canonical hardened version - Sync packages/squad-sdk/templates/scripts/resolve-token.mjs likewise - Sync templates/scripts/resolve-token.mjs likewise (stamp code picks up packages/squad-cli/templates/ from dist and templates/ from bundled root; .squad-templates/ and squad-sdk/templates/ are legacy paths that may be resolved in edge cases — dedup refactor tracked in decision inbox) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * docs: Flight approves PR #21 after blocker fixes Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Leela Lead Bot <bot@github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Add `squad identity doctor` (H-10) and `squad identity explain` (H-11) subcommands to the identity CLI. - `squad identity doctor [--role <slug>] [--no-network] [--json]`: 9-step live health check (config, app reg, PEM presence, mode 0o600, PEM crypto validation, .gitignore coverage, JWT signing, installation token fetch, expected scopes). Exits 1 on any failure. - `squad identity explain <role> [--live] [--json]`: Resolution trace showing input/alias, env var presence (masked), filesystem file inventory, cache state, and expected source. Always exits 0. Use --live for end-to-end fetch confirmation. SDK additions: - `peekTokenCache(squadDir, roleKey)`: inspect cache state without fetch - `getInstallationPermissions(token)`: fetch permissions for scope check Tests: 22 new tests (10 doctor, 12 explain). All 164 identity tests pass. Changeset: @bradygaster/squad-cli minor Closes #H-10 #H-11 Co-authored-by: Leela Lead Bot <bot@github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* feat(identity): retry with backoff + PR22 nit cleanup (H-03)
- Add RetryPolicy interface with maxRetries/initialDelayMs/maxDelayMs/onRetry/random
- Add GitHubApiError class (carries status + retryAfterMs for Retry-After support)
- Add RetryExhaustedError marker class for caller diagnosis
- resolveTokenWithDiagnostics/resolveToken accept optional retryPolicy — opt-in,
backward-compatible. Each retry gets its own 10s AbortController budget.
- TokenResolveError gains retriesExhausted: boolean field
- Export GitHubApiError, RetryExhaustedError, RetryPolicy from SDK public API
N-1: getInstallationPermissions — single GET /installation call (removed redundant
/installation/repositories preflight)
N-2: getInstallationPermissions — dedicated AbortController per fetch
N-3: doctor mode-0o600 check — detect drvfs quirk (mode=0o777 on NTFS-mounted WSL
paths) and skip assertion with ⚠ skipped (drvfs) detail
Tests: 12 new retry cases + 1 drvfs doctor case (177 total, was 164)
Docs: docs/identity/retry-policy.md
Skill: .copilot/skills/injectable-random/SKILL.md
Closes #H-03
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* docs: Flight review of PR #23 — H-03 retry resilience ✅ Approve
Review artifacts for PR #23 (identity retry resilience + PR #22 nit cleanup).
Verdict: Approve. All 10 hard checks pass, all 3 PR #22 nits verified fixed.
One non-blocking nit flagged (dead import in test file).
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Leela Lead Bot <bot@github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
# Conflicts: # .squad-templates/scripts/resolve-token.mjs # packages/squad-cli/src/cli/commands/identity.ts # packages/squad-cli/templates/scripts/resolve-token.mjs # packages/squad-sdk/src/identity/exec.ts # packages/squad-sdk/src/identity/index.ts # packages/squad-sdk/src/identity/tokens.ts # packages/squad-sdk/src/identity/types.ts # packages/squad-sdk/templates/scripts/resolve-token.mjs # templates/scripts/resolve-token.mjs # test/identity/exec.test.ts # test/identity/tokens.test.ts
…-09, H-12, H-14) (#26) H-12: Dedup concurrent same-role token resolution. Add an inFlight Map<string, Promise<TokenResolveResult>> in front of the existing token cache. Two callers for the same (squadDir, role) that both miss the cache now share a single getInstallationToken invocation. The in-flight slot is released via .finally on success AND failure so the next call starts fresh. H-14: Surface PEM key age. Add getKeyAgeDays(projectRoot, role) in identity/storage.ts — returns integer days since the PEM file's mtime, or null when the file is missing or stat fails (e.g., WSL drvfs / restricted mounts — silently skipped). squad identity status — inline 'key age: Nd' per role, dim/yellow/red. squad identity doctor — new check 'keys/<role>.pem age within rotation window'. ok <60d, warn >=60d, fail >=SQUAD_IDENTITY_KEY_MAX_AGE_DAYS (default 90, env-overridable). H-09: Additive sync cache-only resolver. Add resolveTokenSync(squadDir, role) — returns cached token if present and outside the 10-minute refresh margin, or null. Does NOT read disk, sign a JWT, call the GitHub API, or populate the cache. Respects the SQUAD_IDENTITY_MOCK hook for parity with the async path. shell/spawn.ts::spawnAgent now tries resolveTokenSync first and falls through to the async resolveToken on miss. Public async resolveToken API is unchanged — this ships as a new named export, semver minor (not a breaking change). Tests: 17 new across test/identity/{dedup,key-age,sync-resolve}.test.ts. All 194 identity tests pass under npx vitest run test/identity/. Changeset: @bradygaster/squad-sdk minor, @bradygaster/squad-cli patch. Closes H-09, H-12, H-14 in docs/proposals/identity-hardening-roadmap-2026-04-20.md. Co-authored-by: Leela Lead Bot <bot@github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…enerator) (#25) Four byte-identical copies of resolve-token.mjs (283 LoC) lived in template directories and had to be kept in sync manually. Replace with a single canonical source and a generator that propagates it. - Canonical source: packages/squad-cli/scripts/resolve-token.source.mjs - Generator: packages/squad-cli/scripts/sync-resolve-token.mjs with --check - npm scripts: sync:resolve-token, sync:resolve-token:check - Chained into prebuild so builds always ship in-sync copies - sync-templates.mjs now skips scripts/resolve-token.mjs (new generator owns it) - CI guard: test/scripts/resolve-token-sync.test.ts (vitest) - Docs: docs/identity/maintaining-resolve-token.md Zero-dependencies marker preserved. No SDK change. No runtime change in installed projects — generated copies differ from the pre-canonicalization content only in the 2-line GENERATED header. See docs/proposals/identity-hardening-roadmap-2026-04-20.md for the backlog entry this addresses. Co-authored-by: FIDO <fido@squad.local> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
… cleanup (#24) * docs(identity): GITHUB_TOKEN vs GH_TOKEN precedence (H-13) + test nit cleanup - Add docs/identity/token-precedence.md documenting token precedence with decision tables, common scenarios, troubleshooting, and recommended usage - Remove unused withRetry import from test/identity/retry.test.ts (PR #23 nit) - Add changeset for docs-only patch Closes H-13 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * docs: add Flight review for PR #25 (resolve-token canonicalization) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix(docs): correct gh CLI precedence order in scenario 3 (PR #24 review) B-1: Fix inverted precedence list in Scenario 3 — GITHUB_TOKEN ranks above stored gh auth credentials per official gh CLI docs, not below them. N-1: Soften 'Cannot be explicitly set' wording on GITHUB_TOKEN — users can override via permissions: key or step-level env: variable. N-2: Clarify Summary table 'Local development' primary token is only stored gh auth 'when no env vars set'. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Leela Lead Bot <bot@github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Author
|
🔄 Forward-port complete: squad/agent-github-identity merged origin/dev Three PRs merged into upstream base:
Changes: 97 files, 14,329 additions |
Flight reviewed template session-export pattern and reviewer role-slug patterns. All 6 concerns (A-F) passed. FIDO it.todo ruling: current first-match-wins behavior is semantically correct — reviewer is lead-tier. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
) * fix(identity): cover all gh write commands and map reviewer roles to lead - Template GIT IDENTITY block now uses session-level export GH_TOKEN pattern so every gh write command (review, comment, merge, edit, issue comment) uses the bot identity instead of falling through to the authenticated user. - Added code review, reviewer, watchdog patterns to role-slug resolution so compound roles like 'Code Reviewer & Watchdog' route to lead tier. - Compact template mention updated to reference expanded block. - Fixes identity inconsistency seen on kickstart PRs bradygaster#986/bradygaster#989/bradygaster#990. Closes bradygaster#986 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * test(identity): adversarial compound-role coverage Add describe('compound and edge-case roles') block to role-slugs.test.ts covering the class of bug where compound role strings (e.g. "Code Reviewer & Watchdog") fell through to the 'backend' default. Tests added: - Production regression: "Code Reviewer & Watchdog" → lead - "Lead, Architect" → lead - "Security Architect" → lead (architect wins over security) - "Code Reviewer" alone → lead - "Reviewer" alone → lead - "Watchdog" alone → lead - "Senior Code Review Engineer" → lead - "Backend & Reviewer" → lead (first-match: reviewer pos 4 beats backend pos 11) - "Frontend Reviewer" → lead (first-match: reviewer pos 4 beats frontend pos 6) - Case variants: CODE REVIEWER, code reviewer, Code Reviewer → all lead - Whitespace: " Code Reviewer " → lead (substring match handles padding) - Empty string → backend (DEFAULT_SLUG) - "Quantum Bard" (unknown) → backend (DEFAULT_SLUG) Two it.todo items flagged for Flight ruling: - "Backend & Reviewer" ordering concern - "Frontend Reviewer" ordering concern Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * chore(fido): append compound-role adversarial session to history Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: eecom[bot] <eecom[bot]@users.noreply.github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
… consistency fix (PR #27)
Author
|
🔄 Refreshed
Fixes the inconsistency observed on kickstart PRs where reviewer agents posted as the user instead of their bot identity. |
Comment on lines
+1
to
+34
| /** | ||
| * Tests for waitForManifestCode timeout cleanup behavior. | ||
| * | ||
| * Verifies that the local HTTP server started during GitHub App manifest | ||
| * flow properly clears its timeout timer on all code paths: | ||
| * - Success (code received) | ||
| * - Server error | ||
| * - Timeout expiry | ||
| * | ||
| * These tests verify observable behavior (resolves/rejects correctly, | ||
| * doesn't hang) rather than inspecting internal timer handles directly. | ||
| * | ||
| * @see packages/squad-cli/src/cli/commands/identity.ts — waitForManifestCode | ||
| * @module test/identity/manifest-timeout | ||
| */ | ||
|
|
||
| import { describe, it, expect, vi, afterEach } from 'vitest'; | ||
| import http from 'node:http'; | ||
|
|
||
| afterEach(() => { | ||
| vi.restoreAllMocks(); | ||
| vi.useRealTimers(); | ||
| }); | ||
|
|
||
| describe('waitForManifestCode timeout behavior', () => { | ||
| it('resolves with code when callback receives ?code= param', async () => { | ||
| const result = await waitForCodeWithKnownPort(30_000, 'test-code-abc'); | ||
|
|
||
| expect(result.code).toBe('test-code-abc'); | ||
| expect(result.port).toBeGreaterThan(0); | ||
| }, { timeout: 10_000 }); | ||
|
|
||
| it('resolves without hanging when code arrives (timer cleared)', async () => { | ||
| const result = await waitForCodeWithKnownPort(60_000, 'test-code-123'); |
There was a problem hiding this comment.
These tests claim to cover waitForManifestCode (per header/@see), but the file never imports or calls the production waitForManifestCode implementation. As written, it only tests a local helper (waitForCodeWithKnownPort), so regressions in the real CLI code won’t be caught. Please update the tests to exercise waitForManifestCode directly (or rename/re-scope the test to reflect what it actually covers).
Comment on lines
+4
to
+5
| * Maps role titles/patterns to the 8 canonical identity slugs. | ||
| * Used to resolve which GitHub App identity an agent should use. |
There was a problem hiding this comment.
The module comment says this maps to “the 8 canonical identity slugs”, but RoleSlug includes 9 values (including scribe). Please update the comment to match the actual set so future readers don’t assume the slug set is smaller than it is.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Agent GitHub Identity via GitHub Apps
Summary
Gives each Squad agent a distinct GitHub App identity so commits, PRs, and comments are attributed to the correct role (e.g.,
sabbour-squad-lead[bot]). Uses GitHub Apps for per-agent authentication rather than shared tokens.Role Avatars
Each role gets a unique avatar for visual identification in GitHub activity:
Token Resolution — Standalone Script
Token resolution uses
.squad/scripts/resolve-token.mjs, a self-contained script shipped bysquad init/squad upgrade. It requires no npm dependency — only Node.js built-in modules (node:fs,node:path,node:crypto). Spawned agents call:TOKEN=$(node .squad/scripts/resolve-token.mjs 'lead')Key Files Changed
templates/scripts/resolve-token.mjs— standalone token resolution script (new)packages/squad-cli/src/cli/core/templates.ts— manifest entry to ship the scriptpackages/squad-sdk/src/config/init.ts— createsscripts/dir during inittemplates/squad.agent.md.template— agent prompt with identity blockpackages/squad-cli/src/cli/commands/identity.ts— identity create/import/status CLIpackages/squad-cli/src/cli/shell/spawn.ts— token injection during agent spawndocs/proposals/agent-github-identity.md— full design proposalBranch Cleanup
Unrelated
.squad/state changes (agent history, decisions) and package.json version bumps have been reverted. The PR diff shows only identity feature changes.