Add multiple git credentials support with migration

Author: chriswritescode-dev

Dockerfile

@@ -21,6 +21,11 @@ RUN apt-get update && apt-get install -y \
     python3-venv \
     && rm -rf /var/lib/apt/lists/*
 
+RUN curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg \
+  && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | tee /etc/apt/sources.list.d/github-cli.list > /dev/null \
+  && apt-get update && apt-get install -y gh \
+  && rm -rf /var/lib/apt/lists/*
+
 RUN corepack enable && corepack prepare pnpm@9.15.0 --activate
 
 RUN curl -fsSL https://bun.sh/install | bash && \

backend/src/db/migrations.ts

@@ -121,9 +121,55 @@ export function runMigrations(db: Database): void {
       logger.error('Failed to migrate local_path format:', error)
     }
 
+    migrateGitTokenToCredentials(db)
+    
     logger.info('Database migrations completed successfully')
   } catch (error) {
     logger.error('Failed to run database migrations:', error)
     throw error
   }
 }
+
+function migrateGitTokenToCredentials(db: Database): void {
+  try {
+    const rows = db.prepare('SELECT user_id, preferences FROM user_preferences').all() as Array<{
+      user_id: string
+      preferences: string
+    }>
+
+    for (const row of rows) {
+      try {
+        const parsed = JSON.parse(row.preferences) as Record<string, unknown>
+        const gitToken = parsed.gitToken as string | undefined
+        const existingCredentials = parsed.gitCredentials as Array<unknown> | undefined
+
+        if (!gitToken) {
+          continue
+        }
+
+        if (existingCredentials && existingCredentials.length > 0) {
+          continue
+        }
+
+        const { gitToken: _, ...rest } = parsed
+        const migrated = {
+          ...rest,
+          gitCredentials: [{
+            name: 'GitHub',
+            host: 'https://github.com/',
+            token: gitToken,
+          }],
+        }
+
+        db.prepare('UPDATE user_preferences SET preferences = ? WHERE user_id = ?')
+          .run(JSON.stringify(migrated), row.user_id)
+
+        logger.info(`Migrated gitToken to gitCredentials for user: ${row.user_id}`)
+      } catch (parseError) {
+        logger.error(`Failed to parse preferences for user ${row.user_id}:`, parseError)
+      }
+    }
+  } catch (error) {
+    logger.error('Failed to migrate gitToken to gitCredentials:', error)
+  }
+}

backend/src/routes/repos.ts

@@ -14,15 +14,17 @@ import path from 'path'
 
 export function createRepoRoutes(database: Database) {
   const app = new Hono()
-  
+
   app.post('/', async (c) => {
     try {
       const body = await c.req.json()
-      const { repoUrl, localPath, branch, openCodeConfigName, useWorktree } = body
-      
+      const { repoUrl, localPath, branch, openCodeConfigName, useWorktree, provider } = body
+
       if (!repoUrl && !localPath) {
         return c.json({ error: 'Either repoUrl or localPath is required' }, 400)
       }
+
+      logger.info(`Creating repo - URL: ${repoUrl}, Provider: ${provider || 'auto-detect'}`)
 
       let repo
       if (localPath) {

backend/src/routes/settings.ts

@@ -12,7 +12,6 @@ import {
 import { logger } from '../utils/logger'
 import { opencodeServerManager } from '../services/opencode-single-server'
 import { DEFAULT_AGENTS_MD } from '../index'
-import { createGitHubGitEnv } from '../utils/git-auth'
 import { exec } from 'child_process'
 import { promisify } from 'util'
 
@@ -46,9 +45,7 @@ const UpdateCustomCommandSchema = z.object({
   promptTemplate: z.string().min(1).max(10000),
 })
 
-const ValidateGitTokenSchema = z.object({
-  gitToken: z.string(),
-})
+
 
 const ConnectMcpDirectorySchema = z.object({
   directory: z.string().min(1),
@@ -86,13 +83,16 @@ export function createSettingsRoutes(db: Database) {
       const settings = settingsService.updateSettings(validated.preferences, userId)
 
       let serverRestarted = false
-      if (validated.preferences.gitToken !== undefined && 
-          validated.preferences.gitToken !== currentSettings.preferences.gitToken) {
-        logger.info('GitHub token changed, restarting OpenCode server')
-        await opencodeServerManager.restart()
-        serverRestarted = true
+      if (validated.preferences.gitCredentials !== undefined) {
+        const currentCreds = JSON.stringify(currentSettings.preferences.gitCredentials || [])
+        const newCreds = JSON.stringify(validated.preferences.gitCredentials)
+        if (currentCreds !== newCreds) {
+          logger.info('Git credentials changed, restarting OpenCode server')
+          await opencodeServerManager.restart()
+          serverRestarted = true
+        }
       }
-      
+
       return c.json({ ...settings, serverRestarted })
     } catch (error) {
       logger.error('Failed to update settings:', error)
@@ -459,72 +459,6 @@ export function createSettingsRoutes(db: Database) {
     }
   })
 
-  app.post('/validate-git-token', async (c) => {
-    try {
-      const body = await c.req.json()
-      const { gitToken } = ValidateGitTokenSchema.parse(body)
-      
-      if (!gitToken) {
-        return c.json({ valid: true, message: 'No token provided' })
-      }
-
-      // Test the token by trying to access a public GitHub repo via git ls-remote
-      const testRepoUrl = 'https://github.com/octocat/Hello-World.git'
-      const env = createGitHubGitEnv(gitToken)
-      
-      try {
-        await execAsync(`git ls-remote ${testRepoUrl}`, { 
-          env: { ...process.env, ...env },
-          timeout: 10000
-        })
-        
-        // If command succeeded (exit code 0), token is valid
-        // stderr may contain warnings but that's ok
-        return c.json({ 
-          valid: true, 
-          message: 'Token is valid' 
-        })
-      } catch (error) {
-        logger.error('Git token validation failed:', error)
-        
-        if (error instanceof Error) {
-          const errorMsg = error.message.toLowerCase()
-          
-          if (errorMsg.includes('authentication failed') || 
-              errorMsg.includes('not authorized') ||
-              errorMsg.includes('invalid username or token') ||
-              errorMsg.includes('password authentication is not supported') ||
-              errorMsg.includes('401') ||
-              errorMsg.includes('403') ||
-              errorMsg.includes('code 128')) {
-            return c.json({ 
-              valid: false, 
-              message: 'Invalid GitHub token. Please check your token and permissions.' 
-            })
-          }
-          
-          if (errorMsg.includes('timeout') || errorMsg.includes('network')) {
-            return c.json({ 
-              valid: false, 
-              message: 'Network error - could not validate token. Please try again.' 
-            })
-          }
-        }
-        
-        return c.json({ 
-          valid: false, 
-          message: 'Failed to validate token: ' + (error instanceof Error ? error.message : 'Unknown error')
-        })
-      }
-    } catch (error) {
-      logger.error('Token validation endpoint error:', error)
-      if (error instanceof z.ZodError) {
-        return c.json({ error: 'Invalid request data', details: error.issues }, 400)
-      }
-      return c.json({ error: 'Failed to validate token' }, 500)
-    }
-  })
-
   // MCP directory-aware endpoints
   app.post('/mcp/:name/connectdirectory', async (c) => {
     try {

backend/src/services/git-operations.ts

@@ -3,7 +3,7 @@ import { logger } from '../utils/logger'
 import { SettingsService } from './settings'
 import type { Database } from 'bun:sqlite'
 import path from 'path'
-import { createGitHubGitEnv, createNoPromptGitEnv } from '../utils/git-auth'
+import { createGitEnv, createNoPromptGitEnv } from '../utils/git-auth'
 
 async function hasCommits(repoPath: string): Promise<boolean> {
   try {
@@ -18,15 +18,11 @@ function getGitEnvironment(database: Database): Record<string, string> {
   try {
     const settingsService = new SettingsService(database)
     const settings = settingsService.getSettings('default')
-    const gitToken = settings.preferences.gitToken
+    const gitCredentials = settings.preferences.gitCredentials || []
 
-    if (gitToken) {
-      return createGitHubGitEnv(gitToken)
-    }
-
-    return createNoPromptGitEnv()
+    return createGitEnv(gitCredentials)
   } catch (error) {
-    logger.warn('Failed to get git token from settings:', error)
+    logger.warn('Failed to get git credentials from settings:', error)
     return createNoPromptGitEnv()
   }
 }

backend/src/services/opencode-single-server.ts

@@ -1,10 +1,11 @@
 import { spawn, execSync } from 'child_process'
 import path from 'path'
 import { logger } from '../utils/logger'
-import { createGitHubGitEnv, createNoPromptGitEnv } from '../utils/git-auth'
+import { createGitEnv, createNoPromptGitEnv } from '../utils/git-auth'
 import { SettingsService } from './settings'
 import { getWorkspacePath, getOpenCodeConfigFilePath, ENV } from '@opencode-manager/shared/config/env'
 import type { Database } from 'bun:sqlite'
+import type { GitCredential } from '../utils/git-auth'
 
 const OPENCODE_SERVER_PORT = ENV.OPENCODE.PORT
 const OPENCODE_SERVER_DIRECTORY = getWorkspacePath()
@@ -54,18 +55,18 @@ class OpenCodeServerManager {
     }
 
     const isDevelopment = ENV.SERVER.NODE_ENV !== 'production'
-    
-    let gitToken = ''
+
+    let gitCredentials: GitCredential[] = []
     if (this.db) {
       try {
         const settingsService = new SettingsService(this.db)
         const settings = settingsService.getSettings('default')
-        gitToken = settings.preferences.gitToken || ''
+        gitCredentials = settings.preferences.gitCredentials || []
       } catch (error) {
-        logger.warn('Failed to get git token from settings:', error)
+        logger.warn('Failed to get git credentials from settings:', error)
       }
     }
-    
+
     const existingProcesses = await this.findProcessesByPort(OPENCODE_SERVER_PORT)
     if (existingProcesses.length > 0) {
       logger.info(`OpenCode server already running on port ${OPENCODE_SERVER_PORT}`)
@@ -105,7 +106,7 @@ class OpenCodeServerManager {
     logger.info(`OpenCode XDG_CONFIG_HOME: ${path.join(OPENCODE_SERVER_DIRECTORY, '.config')}`)
     logger.info(`OpenCode will use ?directory= parameter for session isolation`)
 
-    const gitEnv = gitToken ? createGitHubGitEnv(gitToken) : createNoPromptGitEnv()
+    const gitEnv = createGitEnv(gitCredentials)
 
     let stderrOutput = ''
 

backend/src/services/repo.ts

@@ -5,7 +5,7 @@ import type { Database } from 'bun:sqlite'
 import type { Repo, CreateRepoInput } from '../types/repo'
 import { logger } from '../utils/logger'
 import { SettingsService } from './settings'
-import { createGitEnvForRepoUrl, createNoPromptGitEnv, createGitHubGitEnv } from '../utils/git-auth'
+import { createGitEnv, createNoPromptGitEnv, createGitHubGitEnv, isGitHubHttpsUrl } from '../utils/git-auth'
 import { getReposPath } from '@opencode-manager/shared/config/env'
 import path from 'path'
 
@@ -34,27 +34,36 @@ async function executeGitWithFallback(
   options: GitCommandOptions = {}
 ): Promise<string> {
   const { cwd, env = createNoPromptGitEnv(), silent } = options
-  
+
   try {
     return await executeCommand(cmd, { cwd, env, silent })
   } catch (error: any) {
     if (!isAuthenticationError(error)) {
       throw error
     }
-    
-    logger.warn(`Git command failed with auth, trying gh auth fallback`)
+
+    logger.warn(`Git command failed with auth, trying CLI fallbacks`)
+
+    const url = cmd.find(arg => arg.includes('http://') || arg.includes('https://'))
+    if (!url) {
+      return await executeCommand(cmd, { cwd, env: createNoPromptGitEnv(), silent })
+    }
+
     try {
-      const ghToken = (await executeCommand(['gh', 'auth', 'token'])).trim()
-      const ghEnv = createGitHubGitEnv(ghToken)
-      return await executeCommand(cmd, { cwd, env: ghEnv, silent })
-    } catch (ghError: any) {
-      if (!isAuthenticationError(ghError)) {
-        throw ghError
+      if (isGitHubHttpsUrl(url)) {
+        logger.warn(`Detected GitHub URL, trying gh auth token`)
+        const ghToken = (await executeCommand(['gh', 'auth', 'token'])).trim()
+        const ghEnv = createGitHubGitEnv(ghToken)
+        return await executeCommand(cmd, { cwd, env: ghEnv, silent })
       }
-      
-      logger.warn(`Git command failed with gh auth, trying without auth (public repo)`)
-      return await executeCommand(cmd, { cwd, env: createNoPromptGitEnv(), silent })
+
+
+    } catch (cliError: any) {
+      logger.warn(`CLI auth fallback failed:`, cliError.message)
     }
+
+    logger.warn(`All auth fallbacks failed, trying without auth (public repo)`)
+    return await executeCommand(cmd, { cwd, env: createNoPromptGitEnv(), silent })
   }
 }
 
@@ -87,17 +96,13 @@ async function safeGetCurrentBranch(repoPath: string): Promise<string | null> {
   }
 }
 
-function getGitEnv(database: Database, repoUrl?: string | null): Record<string, string> {
+function getGitEnv(database: Database): Record<string, string> {
   try {
     const settingsService = new SettingsService(database)
     const settings = settingsService.getSettings('default')
-    const gitToken = settings.preferences.gitToken
-
-    if (!repoUrl) {
-      return createNoPromptGitEnv()
-    }
+    const gitCredentials = settings.preferences.gitCredentials || []
 
-    return createGitEnvForRepoUrl(repoUrl, gitToken)
+    return createGitEnv(gitCredentials)
   } catch {
     return createNoPromptGitEnv()
   }
@@ -225,7 +230,7 @@ export async function cloneRepo(
   const repo = db.createRepo(database, createRepoInput)
 
   try {
-    const env = getGitEnv(database, normalizedRepoUrl)
+    const env = getGitEnv(database)
 
     if (shouldUseWorktree) {
       logger.info(`Creating worktree for branch: ${branch}`)
@@ -408,7 +413,7 @@ export async function getCurrentBranch(repo: Repo): Promise<string | null> {
 export async function listBranches(database: Database, repo: Repo): Promise<{ local: string[], all: string[], current: string | null }> {
   try {
     const repoPath = path.resolve(getReposPath(), repo.localPath)
-    const env = getGitEnv(database, repo.repoUrl)
+    const env = getGitEnv(database)
 
     if (!repo.isLocal) {
       try {
@@ -457,7 +462,7 @@ export async function switchBranch(database: Database, repoId: number, branch: s
 
   try {
     const repoPath = path.resolve(getReposPath(), repo.localPath)
-    const env = getGitEnv(database, repo.repoUrl)
+    const env = getGitEnv(database)
 
     const sanitizedBranch = branch
       .replace(/^refs\/heads\//, '')
@@ -537,7 +542,7 @@ export async function pullRepo(database: Database, repoId: number): Promise<void
   }
 
   try {
-    const env = getGitEnv(database, repo.repoUrl)
+    const env = getGitEnv(database)
 
     logger.info(`Pulling repo: ${repo.repoUrl}`)
     await executeCommand(['git', '-C', path.resolve(getReposPath(), repo.localPath), 'pull'], { env })