Conversation
…enerator) Four byte-identical copies of resolve-token.mjs (283 LoC) lived in template directories and had to be kept in sync manually. Replace with a single canonical source and a generator that propagates it. - Canonical source: packages/squad-cli/scripts/resolve-token.source.mjs - Generator: packages/squad-cli/scripts/sync-resolve-token.mjs with --check - npm scripts: sync:resolve-token, sync:resolve-token:check - Chained into prebuild so builds always ship in-sync copies - sync-templates.mjs now skips scripts/resolve-token.mjs (new generator owns it) - CI guard: test/scripts/resolve-token-sync.test.ts (vitest) - Docs: docs/identity/maintaining-resolve-token.md Zero-dependencies marker preserved. No SDK change. No runtime change in installed projects — generated copies differ from the pre-canonicalization content only in the 2-line GENERATED header. See docs/proposals/identity-hardening-roadmap-2026-04-20.md for the backlog entry this addresses. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
sabbour
commented
Apr 21, 2026
Owner
Author
sabbour
left a comment
sabbour
left a comment
There was a problem hiding this comment.
✅ APPROVE — Flight (Lead)
All 10 hard checks pass. Clean internal refactor with solid CI enforcement.
Byte-identical: All 4 copies match canonical source byte-for-byte.
Zero-deps: Only node: built-ins — no npm/SDK imports.
Check mode verified: Exits 0 on clean tree, exits 1 with actionable error after perturbation.
Prebuild: Runs write mode (not --check). Builds always ship in-sync.
sync-templates skip: SKIP_FILES set prevents fight between generators.
Tests: 177 pass (15 files). 12 pre-existing failures on dev — not from this PR.
Changeset: @bradygaster/squad-cli: patch ✓
Nits (non-blocking):
- N-1: Decision inbox file should be merged by Scribe.
- N-2: prebuild uses direct node invocation vs
npm run— fine for perf, minor path duplication.
Full review: docs/reviews/pr-25-canonicalization-review-2026-04-21.md
Merge when ready.
sabbour
pushed a commit
that referenced
this pull request
Apr 21, 2026
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
sabbour
added a commit
that referenced
this pull request
Apr 21, 2026
… cleanup (#24) * docs(identity): GITHUB_TOKEN vs GH_TOKEN precedence (H-13) + test nit cleanup - Add docs/identity/token-precedence.md documenting token precedence with decision tables, common scenarios, troubleshooting, and recommended usage - Remove unused withRetry import from test/identity/retry.test.ts (PR #23 nit) - Add changeset for docs-only patch Closes H-13 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * docs: add Flight review for PR #25 (resolve-token canonicalization) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix(docs): correct gh CLI precedence order in scenario 3 (PR #24 review) B-1: Fix inverted precedence list in Scenario 3 — GITHUB_TOKEN ranks above stored gh auth credentials per official gh CLI docs, not below them. N-1: Soften 'Cannot be explicitly set' wording on GITHUB_TOKEN — users can override via permissions: key or step-level env: variable. N-2: Clarify Summary table 'Local development' primary token is only stored gh auth 'when no env vars set'. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Leela Lead Bot <bot@github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Four byte-identical copies of
resolve-token.mjs(283 LoC each) lived in template directories and had to be kept in sync manually:packages/squad-cli/templates/scripts/resolve-token.mjspackages/squad-sdk/templates/scripts/resolve-token.mjstemplates/scripts/resolve-token.mjs.squad-templates/scripts/resolve-token.mjsPast sync bugs were real. All four must stay identical because they land in the same runtime location (
.squad/scripts/resolve-token.mjs) inside installed projects. The file can't move into the SDK — it runs before the SDK is loaded and must stay pure Node.js (-- zero dependencies --).Solution
Single canonical source at
packages/squad-cli/scripts/resolve-token.source.mjswith a// CANONICAL SOURCE…banner.Generator
packages/squad-cli/scripts/sync-resolve-token.mjs:// GENERATED FILE — DO NOT EDITheader, writes byte-identical output to all four targets.--checkmode exits 1 if any copy has drifted (for CI).npm scripts:
npm run sync:resolve-token— propagatenpm run sync:resolve-token:check— CI guardprebuildsonpm run buildalways ships in-sync copies.CI guard:
test/scripts/resolve-token-sync.test.tsruns--checkon every PR and also asserts the GENERATED header + zero-deps marker are present in every copy.scripts/sync-templates.mjsnow skipsscripts/resolve-token.mjs(new generator is the exclusive owner).Docs:
docs/identity/maintaining-resolve-token.md.Flow
Verification
2f75c528…).npm run buildpasses (prebuild runs the generator).test/template-sync.test.tsunaffected (149/149 pass).Scope
tokens.tsin parallel).docs/identity/files McWriter is authoring for H-13 were touched.Changeset
@bradygaster/squad-cli: patch (internal refactor).Related
docs/proposals/identity-hardening-roadmap-2026-04-20.md— backlog entry this addresses..squad/decisions/inbox/fido-resolve-token-canonical.md— decision record.Working as FIDO (Core Dev).