Skip to content

fix: add 3s timeout to keychain init to prevent hang on Linux SSH sessions #16

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Arul- merged 2 commits into from
Apr 24, 2026
Merged

fix: add 3s timeout to keychain init to prevent hang on Linux SSH sessions #16

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
5c887d4
fix: add 3s timeout to keychain init to prevent hang on Linux without…
Slach Mar 19, 2026
cb16ef6
fix: skip keychain on Linux without display to prevent event loop hang
Slach Mar 19, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions src/auth/secure-credential-store.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,17 @@ export class SecureCredentialStore {
*/
private async initializeKeychain(): Promise<void> {
try {
// On Linux without a display session, libsecret's D-Bus call to the Secret
// Service blocks the Node.js event loop indefinitely — the keyring daemon is
// running but locked, and the GUI unlock dialog never appears in SSH/headless
// environments. Since @napi-rs/keyring uses native N-API (not async I/O),
// Promise.race cannot interrupt it. Bail out early instead.
if (process.platform === 'linux' && !process.env.DISPLAY && !process.env.WAYLAND_DISPLAY) {
this.keychainAvailable = false;
logger.debug('Skipping OS keychain: Linux without display (headless/SSH) — using encrypted file storage');
return;
Comment on lines +61 to +69
Copy link

Copilot AI Apr 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The PR title/description say a 3s timeout is added around the keychain test (and mention a "Keychain test timed out after 3000ms" debug message), but the implementation here instead unconditionally skips keychain initialization on Linux when DISPLAY/WAYLAND_DISPLAY are unset and does not implement any timeout. Either update the PR metadata/log expectations to match this behavior, or implement the promised timeout via a cancelable mechanism (e.g., run the keyring test in a worker/child process that can be terminated).

Copilot uses AI. Check for mistakes.
Comment on lines +66 to +69
Copy link

Copilot AI Apr 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change disables OS keychain usage for all Linux runs without DISPLAY/WAYLAND_DISPLAY, even if the Secret Service is already unlocked and usable in a headless session. Consider adding an explicit override (e.g., env var or config) to force keychain usage, so headless environments that do have a working keyring aren’t silently downgraded to encrypted-file storage.

Copilot uses AI. Check for mistakes.
}

// Dynamically import keyring
const keyring = await import('@napi-rs/keyring');
this.Entry = keyring.Entry;
Expand Down
Loading