farhoodlabs/skills
8
0
Fork 1
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix: isolate gh CLI config per agent to prevent token mixing

Browse Source 
Set GH_CONFIG_DIR=$AGENT_HOME/.config/gh before gh auth login so
each agent writes to its own directory rather than the shared global
config. This prevents tokens from different agents bleeding into one
another's gh auth state.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
Goose
2026-04-15 23:56:51 +00:00
parent 5218aee586
commit 45faadc681
2 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
github-app-token/scripts/generate-token.sh
+7 -2
View File
@@ -41,7 +41,12 @@ GH_TOKEN_FILE="${GH_TOKEN_FILE:-$(mktemp)}"
printf '%s' "$TOKEN" > "$GH_TOKEN_FILE"
chmod 600 "$GH_TOKEN_FILE"
# --- Authenticate gh CLI ---
# --- Authenticate gh CLI with per-agent config isolation ---
# Each agent gets its own GH_CONFIG_DIR so tokens never bleed across agents.
export GH_CONFIG_DIR="${AGENT_HOME:+${AGENT_HOME}/.config/gh}"
GH_CONFIG_DIR="${GH_CONFIG_DIR:-$(mktemp -d)}"
mkdir -p "$GH_CONFIG_DIR"
gh auth login --with-token < "$GH_TOKEN_FILE"
echo "Authenticated. Token written to $GH_TOKEN_FILE (expires in 1 hour)."
echo "Authenticated. Token written to $GH_TOKEN_FILE (expires in 1 hour). GH_CONFIG_DIR=$GH_CONFIG_DIR"