Skip to content

feat(config): implement hash-based auth.json change detection #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
activadee merged 5 commits into from
Jan 4, 2026
Merged

feat(config): implement hash-based auth.json change detection #4

activadee merged 5 commits into from
Jan 4, 2026

Conversation

@activadee
Copy link
Owner

@activadee activadee commented Jan 4, 2026

Summary

  • Add hash-based change detection mechanism to optimize auth.json sync operations
  • Implement new OpenCode Auth GitHub workflow with validation and automation
  • Add comprehensive test coverage for config and watcher modules (477 lines of tests)
  • Update schema and type definitions to support hash-based detection
  • Enhance core modules (config, watcher, index) with change detection logic

closes #1

@activadee
Implementation complete. Here's a summary of changes:
aa056a7 
## Files Modified

### lib/types.ts
- Added authFileHash?: string field to AuthSyncConfig interface

### lib/config.ts
- Added writeFile import
- Added getConfigPath() function to find existing config file path
- Added saveConfig() function to persist config with hash

### lib/watcher.ts
- Added crypto.createHash import for SHA-256 hashing
- Added computeHash() function to compute SHA-256 hash of content
- Added WatcherOptions interface with debounceMs and storedHash
- Updated WatcherCallbacks.onCredentialsChange signature to include hash parameter
- Changed hash comparison logic: compares current hash against stored hash instead of string comparison

### index.ts
- Updated imports to include getConfigPath, saveConfig, AuthSyncConfig
- Added persistHash() function to save hash to config after successful sync
- Updated handleCredentialsChange callback to handle hash parameter and persist on success
- Updated watcher call to pass storedHash from config

### lib/watcher.test.ts (new file)
- Unit tests for computeHash() function (6 tests)
- Unit tests for hash comparison in watcher (9 tests)

### lib/config.test.ts
- Added tests for saveConfig() function (3 tests)
- Added tests for get

Attempt: att-49ee1ad5-3e93-4979-a4d4-53c3e4732eae
Profile: apg-70541e2b-d01c-4d50-a814-7025ac222ebe
@github-actions
Copy link
Contributor

github-actions bot commented Jan 4, 2026
edited
Loading

AI Review Summary

Verdict: APPROVE
Commit: ab63333

Findings

  • [LOW] README.md:57 – Documentation inconsistency: authFileHash vs authFileHashes
    • The README documents the config field as 'authFileHash' (singular), but the actual implementation uses 'authFileHashes' (plural) as a Record<string, string>. This mismatch could confuse users trying to manually edit their config.
    • Suggested fix: | authFileHashes | object | (auto-managed) | Per-repository SHA-256 hashes of last synced auth.json (managed by plugin) |

Overall Assessment

Excellent implementation of hash-based change detection with comprehensive test coverage and proper per-repository tracking. Previously flagged issue regarding hash persistence after partial failures has been resolved. One minor documentation inconsistency noted (low severity).

github-actions bot and others added 4 commits January 4, 2026 13:48
@github-actions
[skip ci] docs: document authFileHash configuration option
2dbebf6
@activadee
Fixed. Now the hash is persisted if at least one repo sync succeeds, pre
0b981d4 
Attempt: att-49ee1ad5-3e93-4979-a4d4-53c3e4732eae
Profile: apg-70541e2b-d01c-4d50-a814-7025ac222ebe
@activadee
Done. Implemented per-repo hash tracking with individual failure toasts.
ab63333 
**Changes:**

| File | Change |
|------|--------|
| lib/types.ts | authFileHash?: string → authFileHashes?: Record<string, string> |
| schema.json | Updated to object type with string values |
| index.ts | Per-repo filtering, individual hash updates, toast per failed repo |
| lib/config.test.ts | Updated all tests for new structure |

**Behavior:**

On restart, only repos with stale/missing hashes sync. Failed repos retry automatically.

Attempt: att-49ee1ad5-3e93-4979-a4d4-53c3e4732eae
Profile: apg-70541e2b-d01c-4d50-a814-7025ac222ebe
@github-actions
[skip ci] docs: fix authFileHashes field name and type in config table
b8a9e5c
@activadee activadee merged commit a725514 into main Jan 4, 2026
@activadee activadee deleted the OAS/OAS-2-oas-2-implement-hash-based-auth.json-change-detection-to-optimiz branch January 4, 2026 13:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[OAS-2] Implement hash-based auth.json change detection to optimize secret syncing

2 participants

@activadee