fix(cli): persist login token durably on detached/headless boxes#38
Merged
Conversation
`instant login` from a detached/headless context (e.g. `nohup instant login &` on an agent box) printed "✓ Logged in" while persisting NOTHING the next `instant whoami` could read — so the very next command said "Not logged in". This undercuts the "frictionless for agents" promise. Root cause: cliconfig.Save() trusted secretstore.Set()'s nil return as proof of durable persistence. On a detached box the keychain backend's Available() probe is a false positive (a probing Get returning ErrNotFound reads as "available, just empty"), and the subsequent Set returns nil even though the write lands in an ephemeral/locked session keyring the NEXT process can't read. Fix: new persistSecret() in cliconfig does write-then-readback validation. If Set returns success but the immediate Get either errors or returns a mismatched value, persistSecret falls through to the 0600 file fallback so the token lands in ~/.instant-config. If both keychain and file fail, runLogin returns an error with the raw token + an `export INSTANT_TOKEN=…` escape hatch — no more false-success banner on a totally-failed persist.
100% patch coverage (diff-cover --fail-under=100): - cliconfig/headless_persist_test.go: table-driven tests for all four persistSecret outcomes — silent-keychain-write (Set ok, Get mismatch) falls back to 0600 file + survives Load(); Set-error fallback; durable round-trip skips the file write (no plaintext leak on working keychain); both-fail propagates the error with the token payload. - cmd/login_persist_test.go: asserts that the Save-failure path returns NO success banner, surfaces the INSTANT_TOKEN escape hatch, and embeds the raw token in the error — verifying the agent-recoverable path end-to-end. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
persistSecret()incliconfigdoes write-then-readback: afterSet, immediatelyGetand confirm the value round-trips; mismatch → fall back to 0600 file at~/.instant-configrunLoginno longer prints the success banner ifSave()fails both keychain and file; returns an error with the raw token +export INSTANT_TOKEN=…escape hatch so headless agents can proceed in-flowpersistSecretoutcomes +Save-failure path assertionsWhy
Wave-3 B5:
instant loginfrom a headless/detached box (nohup, CI runner, container) printed "✓ Logged in" while persisting nothing the next command could read — the keychain backend'sAvailable()probe is a false positive on detached boxes (a probingGetreturningErrNotFoundreads as "available, just empty"). The token landed in an ephemeral session keyring that the next process couldn't see.Test plan
go test ./cmd/ ./internal/cliconfig/ -run TestLogin— all passgo build ./...— clean build🤖 Generated with Claude Code