test: cross-identity E2E#17
Closed
sabbour-squad-lead[bot] wants to merge 66 commits intodevfrom
Closed
Conversation
Add docs/proposals/agent-github-identity.md covering per-agent GitHub App identity for Squad members. Covers architecture, bootstrap flow, credential management, API design, phased rollout, and alternatives analysis. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Merged 5 inbox decisions to decisions.md: - CI deletion guard and source tree canary (Booster) - Copilot git safety rules (RETRO) - User directive on GitHub Apps scope (Ahmed Sabbour) - Agent GitHub Identity via Per-Agent GitHub Apps (Flight) - Versioning Policy — No Prerelease Versions on dev/main (Flight) Archived 5 agent history files (>15KB): - EECOM, FIDO, Flight, PAO, Procedures Updated cross-agent history with team updates per decision scope. Decision file size: 12.1KB → 17.4KB Inbox files deleted: 5 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Reframe GitHub API gaps as non-issues for Squad (label routing is
the intended design, not a workaround)
- Update naming convention to {agent}-{user}-squad (three-dimensional
scoping: agent × user × repo-via-installation)
- Add Registration vs Installation model with scaling analysis
- Add Developer Onboarding section (cloning story, three paths to keys)
- Add One App Per Agent Per Repo as rejected alternative
- Update Hybrid approach as no longer needed
- Remove answered Open Questions (naming collisions, org vs user)
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…hub-identity proposal
- Naming Convention: split into Tier 1 (default: {agent}-{user}-squad) and
Tier 2 (repo-qualified: {agent}-{user}-{repo}-squad) with explicit decision
logic for the CLI to pick the right tier based on existing registrations
- Concrete Scaling Numbers: add mixed-scenario rows for own+cloned repos
- The Cloning Story: split into 'own repo' and 'foreign repo' subsections;
foreign-repo section covers the naming collision case and introduces the
repo-owner model (only the repo owner registers apps; contributors use fallback)
- Open Questions: add Q5 on whether repo-owner model should be the canonical
recommendation (answer: yes, CI-only is the default; self-registration is opt-in)
Closes no issue — targeted proposal update requested by Ahmed Sabbour.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Rewrite the GitHub identity proposal to recommend one shared GitHub App
per user ({user}-squad) instead of one app per agent. The shared model
eliminates cascading complexity from the per-agent approach:
- 34-char name limit no longer a concern
- No cross-repo naming collisions or two-tier naming logic
- One credential to manage instead of N
- One browser confirmation instead of N
- 100-app registration cap irrelevant (always 1)
Agent attribution moves to structured comment bodies and commit message
prefixes. Per-agent apps preserved as documented Advanced Mode for users
who need GitHub-native per-agent filtering.
Closes bradygaster#76
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Design system and detailed prompts for 8 Squad role avatars (Lead, Frontend, Backend, Tester, DevOps, Docs, Security, Data). Flat geometric icons on dark background, role-specific accent colors, optimized for GitHub profile picture sizes (40px–256px). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Restructure the agent GitHub identity proposal from a two-option (shared vs per-agent) model into three tiers: - Tier 1: Shared App (simplest — one app for all) - Tier 2: Per-Role Apps (recommended — ~8 apps, one per role) - Tier 3: Per-Agent Apps (advanced — one app per agent) Per-role is the sweet spot: 8 stable role slugs (lead, frontend, backend, tester, devops, docs, security, data) map agents to role apps like sabbour-squad-lead[bot]. Bot name shows what KIND of specialist spoke; comment body shows which specific agent. Updated all sections: comparison tables, bootstrap flow, credential management, API architecture, scaling, phased rollout, and decision. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…r design) Merged 5 user directives from Ahmed Sabbour on GitHub Apps naming/scope: - Three-dimensional identity (team member × user × repository) - Registration-as-installation cross-repo model - Cross-repo naming collision edge case - Role-based app model (1 app per role per user) - Avatar generation for visual role identity Merged INCO design decision: unified avatar system for role personas (dark background, geometric motifs, 40×40px optimization) Team updates appended to Flight and INCO history. Inbox cleared (6 files deleted). Decisions.md +4,167 bytes (17.4KB → 21.6KB). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
8 role avatars: lead, frontend, backend, tester, devops, docs, security, data. Geometric design system on dark navy background with role-specific accent colors. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Proactive tests for the identity module being built by EECOM. Written against the proposal spec — will need the identity module exports to land before they pass. Covers: - resolveRoleSlug: standard mappings, aliases, case insensitivity, fallback - formatComment: emoji + bold name + role header, multi-line, empty body - formatCommitMessage: [AgentName] prefix, conventional commits, spaces - Storage: loadIdentityConfig, saveIdentityConfig, loadAppRegistration, hasPrivateKey Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- SDK module: types, role slug resolution, credential storage, formatting - CLI command: squad identity status / create - Subpath export: @bradygaster/squad-sdk/identity - All 34 identity tests pass Closes #1068 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Merge 3 decision inbox entries into decisions.md: - Fork-based workflow for GitHub App identity (user directive) - Copilot CLI integration with identity module (user directive) - Identity storage functions are synchronous (EECOM decision) - Update EECOM history with team orchestration context - Update FIDO history with team orchestration context - Inbox entries removed post-merge Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…tion - UPDATE 1: Added 'Fork → Install → Work → PR' subsection explaining that identity apps are installed on repos you own/control (forks), not upstream. Clarifies the natural GitHub workflow and covers shared/team repo scenarios. - UPDATE 2: Added new 'Copilot CLI Integration' section explaining how GH_TOKEN injection works when agents are spawned. Shows that agents need zero code changes - they just use 'gh' normally while Squad sets GH_TOKEN in the environment. Includes the flow diagram for 'task' tool spawning. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- tokens.ts: generateAppJWT (RS256 via node:crypto), getInstallationToken (fetch GitHub API), resolveToken (cached high-level resolver) - identity.ts CLI: replace stub with GitHub App Manifest flow supporting --role, --all, and --simple flags - .gitignore: add .squad/identity/keys/ to prevent PEM commits - Export token functions from identity barrel - 11 new tests covering JWT structure, payload fields, cache behavior, error handling, and graceful null returns Zero new npm dependencies — uses node:crypto, node:http, node:child_process. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…20:11:04Z) Merged: - EECOM decision: Token Lifecycle — No External Dependencies (dated 2025-07-25) - Inbox file deleted: eecom-tokens.md Updated: - .squad/agents/eecom/history.md: Added orchestration complete timestamp - .squad/agents/flight/history.md: Added team update with Flight's proposal integration work Archive: - decisions.md: 0 entries >30 days (no archival needed) - history.md files: Both <15KB (no summarization needed) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
GitHub rejects localhost URLs for hook_attributes. Since Squad doesn't use webhooks, set to https://example.com/no-op with active: false. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The manifest was built with redirect_url localhost:0 before the server started. Now the actual port is injected when the form page is served, after the server is listening and the port is known. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…nstructions - Add ROLE_DESCRIPTIONS map with human-readable descriptions for all 8 roles + shared - Pass description to GitHub App manifest so apps are created with proper descriptions - Use gh api CLI for manifest code exchange (reliable in WSL) with fetch fallback - Print avatar upload link and file path after successful app creation Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The installation ID lookup also uses fetch, which fails in WSL due to DNS/TLS issues. Added curl fallback matching the gh-api pattern used for the manifest code exchange. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
After creating a GitHub App via the manifest flow, automatically opens the browser to the installation page and polls for the installation ID (every 2s, up to 60s). Falls back to the manual install message on timeout. Closes #4 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Closes #2 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copies identity spawn template (GIT IDENTITY block + Pre-Spawn Identity Resolution) to .squad-templates/squad.agent.md and templates/squad.agent.md.template to satisfy template-sync test. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Replace manual file copying with npm link for both CLI and SDK, plus 'squad upgrade' to deploy the latest squad.agent.md automatically. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Replaces the two-step cd+link dance with direct path linking. One command from the target repo does everything. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The local variable tokenPath was referenced as undefined constant TOKEN_PATH, causing a build failure. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
npm link registers the squad binary globally, so npx is unnecessary. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
When a GitHub App identity already exists in another Squad repo, users can now import it instead of hitting a 'name already taken' error: squad identity create --import /path/to/other-repo squad identity create --role lead --import /path/to/other-repo The import flow copies the PEM key and app registration, resets the installationId, then triggers the installation resolution flow so the user can install the app on the current repository. Also improves error handling: when the manifest flow fails because the app name is already taken, the CLI now suggests using --import instead of showing a generic error. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Before opening the browser for the manifest flow, presents a menu: (1) Create new app (2) Import from another repo (reuse existing app) (3) Install existing app on this repo (opens install page) Or type a custom app name GitHub has no API to pre-check app name availability, so this prevents the user from hitting the 'name already taken' dead end. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Both 'import from another repo' and 'install on this repo' need the source repo path for the PEM key. Merged into a single option that imports + resolves installation. Prevents the 3/4 failure case. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Node.js doesn't expand ~ like the shell does. Also handles when user types the full .squad/identity path instead of just the repo root. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
1. Add vi.unstubAllGlobals() to tokens.test.ts afterEach 2. Derive owner/repo from git remote in E2E script (was hardcoded) 3. Same fix for git workflow section of E2E script 4. Make token resolution non-fatal in agent template (remove process.exit) 5. Sync all 5 squad.agent.md copies to be byte-identical 6. Tighten 'ui' role pattern to avoid matching 'Build Engineer' Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
After installation resolves, immediately test the full chain: PEM → JWT → installation token. Shows ✓ on success, ⚠ warning on failure (non-fatal — identity never blocks work). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Rewrite 'Copilot CLI Integration (Implemented)' section to accurately reflect the actual implementation: - Added 'How It Works' overview explaining coordinator-level injection - Updated token resolution code to ESM syntax with conditional fallback - Added 'Multi-Repo Usage' subsection explaining --import and app reuse - Added CLI commands reference table - Updated end-to-end example with conditional push/PR handling - Graceful fallback now explicitly shows token left empty on failure This replaces stale CommonJS snippets and clarifies the identity system's reliability guarantees. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…ment parallel token scoping Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…throw safety
- Remove clearTokenCache() from token snippet in all 5 template copies (unnecessary in fresh process)
- Change literal BRANCH to {branch} placeholder in push command across all templates
- Wrap resolveToken() in try-catch for graceful null fallback on any error
- Threads 2/4/5 addressed with reply-only (no code change needed)
Closes bradygaster#970
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
… path
Replace hardcoded `pathToFileURL('{team_root}/packages/squad-sdk/dist/identity/tokens.js')`
with `import('@bradygaster/squad-sdk/identity')` so token resolution works in consumer
repos (not just inside the Squad monorepo). Also use `process.cwd()` instead of
`'{team_root}'` since the agent always runs from the repo root.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Token resolution no longer requires @bradygaster/squad-sdk in the target project's node_modules. Instead, squad init/upgrade drops a self-contained .squad/scripts/resolve-token.mjs that uses only Node.js built-in modules. Agent prompts reference this local script. Also reverts unrelated .squad/ state changes, avatar images, and package.json version bumps that had accumulated on this branch. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Pre-generated avatars for each role (lead, frontend, backend, tester, devops, docs, security, data). Used as GitHub App logos during squad identity create. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Replace token.substring() calls with non-sensitive signals (length, status) to prevent accidental token disclosure in CI logs. Closes review thread 28 on bradygaster#970 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Fix resolve-token.mjs to derive project root from script location - Clear setTimeout in waitForManifestCode on all resolution paths - Remove unreachable choice '3' handler from identity menu - Verify .gitignore covers .squad/identity/keys/ Closes review threads 24-27 on bradygaster#970 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Tests importing from @bradygaster/squad-sdk/identity were failing because the exports map entry was never added when the identity module was created. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Merged 10 inbox decision files into decisions.md with date formatting. Updated EECOM and FIDO history.md with team update notes. Decision archival deferred (12151→23823 bytes, still under 51200 threshold). PR review feedback fixes logged (identity cwd, timeout, logging, SDk export). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Test resolve-token.mjs derives project root from script location, not cwd - Test waitForManifestCode timeout cleanup behavior - Test identity menu only handles valid choices - Test .gitignore covers .squad/identity/keys/ - Test no token substring disclosure in e2e script Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Archive 3 decisions entries (2025-07-xx, >30 days old). Summarize FIDO history.md (24KB → 6KB) per HARD GATE. Add session logs: orchestration-log, session log. Update FIDO history with identity test session completion. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Exercises bot-to-bot collaboration patterns: - Bot creates PR with proper attribution - Bot posts role-formatted comments - Bot submits PR reviews - Token lifecycle (cache, clear, refresh) - Cross-identity verification (when multiple apps configured) - Full cleanup of all GitHub artifacts Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
|
⚙️ IdentityB (backend) Cross-identity comment from sabbour-squad-backend. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Cross-identity test — safe to close