Skip to content

Commit 59ad4c0

Browse files
ibuildthecloudibuildthecloud
committed
bug: revert removing github cred check
1 parent 0be969a commit 59ad4c0

File tree

2 files changed

+34
-12
lines changed

2 files changed

+34
-12
lines changed

pkg/engine/call.go

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -49,6 +49,9 @@ func (e *Engine) runCall(ctx Context, tool types.Tool, input string) (*Return, e
4949
"TOOL_CALL_ARGS": strings.Join(toolNameArgs, " "),
5050
"TOOL_CALL_BODY": body,
5151
}))
52+
if err != nil {
53+
return nil, fmt.Errorf("failed to merge inputs for tool calls: %w", err)
54+
}
5255

5356
newCtx := ctx
5457
newCtx.Tool = ctx.Program.ToolSet[ref.ToolID]

pkg/runner/runner.go

Lines changed: 31 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@ import (
66
"errors"
77
"fmt"
88
"sort"
9+
"strings"
910
"sync"
1011
"time"
1112

@@ -791,9 +792,18 @@ func (r *Runner) handleCredentials(callCtx engine.Context, monitor Monitor, env
791792
refresh bool
792793
)
793794

794-
c, exists, err = r.credStore.Get(callCtx.Ctx, credName)
795-
if err != nil {
796-
return nil, fmt.Errorf("failed to get credentials for tool %s: %w", toolName, err)
795+
// Only try to look up the cred if the tool is on GitHub or has an alias.
796+
// If it is a GitHub tool and has an alias, the alias overrides the tool name, so we use it as the credential name.
797+
if isGitHubTool(toolName) && credentialAlias == "" {
798+
c, exists, err = r.credStore.Get(callCtx.Ctx, toolName)
799+
if err != nil {
800+
return nil, fmt.Errorf("failed to get credentials for tool %s: %w", toolName, err)
801+
}
802+
} else if credentialAlias != "" {
803+
c, exists, err = r.credStore.Get(callCtx.Ctx, credentialAlias)
804+
if err != nil {
805+
return nil, fmt.Errorf("failed to get credential %s: %w", credentialAlias, err)
806+
}
797807
}
798808

799809
if c == nil {
@@ -859,17 +869,22 @@ func (r *Runner) handleCredentials(callCtx engine.Context, monitor Monitor, env
859869
}
860870

861871
if !resultCredential.Ephemeral {
862-
if isEmpty {
863-
log.Warnf("Not saving empty credential for tool %s", toolName)
864-
} else {
865-
if refresh {
866-
err = r.credStore.Refresh(callCtx.Ctx, resultCredential)
872+
// Only store the credential if the tool is on GitHub or has an alias, and the credential is non-empty.
873+
if (isGitHubTool(toolName) && callCtx.Program.ToolSet[ref.ToolID].Source.Repo != nil) || credentialAlias != "" {
874+
if isEmpty {
875+
log.Warnf("Not saving empty credential for tool %s", toolName)
867876
} else {
868-
err = r.credStore.Add(callCtx.Ctx, resultCredential)
869-
}
870-
if err != nil {
871-
return nil, fmt.Errorf("failed to save credential for tool %s: %w", toolName, err)
877+
if refresh {
878+
err = r.credStore.Refresh(callCtx.Ctx, resultCredential)
879+
} else {
880+
err = r.credStore.Add(callCtx.Ctx, resultCredential)
881+
}
882+
if err != nil {
883+
return nil, fmt.Errorf("failed to save credential for tool %s: %w", toolName, err)
884+
}
872885
}
886+
} else {
887+
log.Warnf("Not saving credential for tool %s - credentials will only be saved for tools from GitHub, or tools that use aliases.", toolName)
873888
}
874889
}
875890
} else {
@@ -891,3 +906,7 @@ func (r *Runner) handleCredentials(callCtx engine.Context, monitor Monitor, env
891906

892907
return env, nil
893908
}
909+
910+
func isGitHubTool(toolName string) bool {
911+
return strings.HasPrefix(toolName, "github.com")
912+
}

0 commit comments

Comments
 (0)