Skip to content

feat(source-control): detect outdated GitHub CLI instead of "Not authenticated"#3808

Draft
Noisemaker111 wants to merge 3 commits into
pingdotgg:mainfrom
Noisemaker111:feat/github-outdated-cli-status
Draft

feat(source-control): detect outdated GitHub CLI instead of "Not authenticated"#3808
Noisemaker111 wants to merge 3 commits into
pingdotgg:mainfrom
Noisemaker111:feat/github-outdated-cli-status

Conversation

@Noisemaker111

@Noisemaker111 Noisemaker111 commented Jul 8, 2026

Copy link
Copy Markdown

feat(source-control): detect outdated GitHub CLI instead of "Not authenticated"

Draft — opening for early feedback. Fixes #3806.

Problem

When the server's gh predates gh auth status --json (gh v2.81.0, cli/cli#11544), the auth probe fails with unknown flag: --json and the Source Control row shows a misleading "Not authenticated" even though the user is signed in. gh auth login never clears it.

What this does

Adds an outdated source-control auth status and surfaces it clearly instead of faking a sign-out.

Contractspackages/contracts/src/sourceControl.ts

  • New outdated literal on SourceControlProviderAuthStatus.

Server

  • SourceControlProviderDiscovery.ts: thread the CLI --version output and host platform (via the existing ambient HostProcessPlatform reference) into parseAuth as optional fields — no change to probeSourceControlProvider's public signature, and existing parseAuth callers/tests keep compiling.
  • GitHubSourceControlProvider.ts: classify the unknown flag: --json / sub-2.81.0 case as outdated, and put an OS-appropriate upgrade command in auth.detail (brew upgrade gh / winget upgrade --id GitHub.cli / sudo apt … gh). Version compare reuses @t3tools/shared/semver.

Webapps/web/src/components/settings/SourceControlSettings.tsx

  • Version number rendered red, an "Outdated CLI" badge, and a copyable upgrade command line, for auth.status === "outdated".

Screenshot

Testing

  • Added unit tests in GitHubSourceControlProvider.test.ts for both detection paths: the --json flag rejection, and the version-gate fallback (with per-platform command assertions).
  • Draft caveat: I couldn't run the repo toolchain in my environment — please let CI run pnpm typecheck + tests. I followed existing patterns (ambient HostProcessPlatform usage, Effect .gen in the probe pipe) but haven't compiled locally.

Deliberately out of scope (separate follow-up PR, if you want it)

  • Package-manager-aware upgrade command — detect brew vs. apt/dnf/pacman vs. winget/scoop/choco/MSI, rather than one default per OS. This is the part that needs a product/design call (how much probing is worth the DX), so I kept it out of this minimal fix.
  • One-click "run upgrade in a terminal at repo root" — the terminal RPC is ScopedThreadRef/project-scoped, and the Settings page only has an environmentId, so wiring a run button there is a larger cross-cutting change.

Note

Detect outdated GitHub CLI and surface platform-specific upgrade command in source control settings

  • Adds an 'outdated' auth status to the source control contract, returned when gh is too old (below v2.81.0) or rejects the --json flag, instead of treating the state as unauthenticated.
  • Adds isOutdatedGitHubCli, parseGitHubCliVersion, and gitHubCliUpgradeCommand helpers in GitHubSourceControlProvider.ts to detect the outdated condition and map the host platform to a specific upgrade command (brew, winget, or apt).
  • Passes CLI version and host platform through SourceControlProviderDiscovery.ts to parseAuth so providers can produce the new status.
  • Renders a warning badge, highlighted version number, and a copyable upgrade command in SourceControlSettings.tsx when auth status is 'outdated'.
📊 Macroscope summarized c529532. 4 files reviewed, 0 issues evaluated, 0 issues filtered, 0 comments posted

🗂️ Filtered Issues

No issues evaluated.

…enticated"

When `gh` is installed but predates `gh auth status --json` (added in gh
v2.81.0, cli/cli#11544), the server's auth probe can't be parsed, so the
Source Control settings row shows a misleading "Not authenticated" — even
though the user is signed in. Running `gh auth login` never clears it.

Add an "outdated" source-control auth status:
- contracts: new `outdated` literal on SourceControlProviderAuthStatus
- server: thread the CLI `--version` output and host platform into parseAuth;
  the GitHub provider classifies the unknown-`--json`-flag / sub-2.81.0 case
  as outdated and puts an OS-appropriate upgrade command in `detail`
- web: red version number + "Outdated CLI" badge + a copyable upgrade command

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@coderabbitai

coderabbitai Bot commented Jul 8, 2026

Copy link
Copy Markdown

Important

Review skipped

Auto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 4729112d-6408-4354-ba1d-7ce6b580b77a

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@github-actions github-actions Bot added vouch:unvouched PR author is not yet trusted in the VOUCHED list. size:L 100-499 changed lines (additions + deletions). labels Jul 8, 2026
Comment thread apps/web/src/components/settings/SourceControlSettings.tsx Outdated
…ommand

- UpgradeCommandLine: `navigator.clipboard` is undefined in non-secure contexts
  and some embedded webviews, so the copy handler threw. Guard it and fall back
  to a hidden-textarea `execCommand("copy")`, only showing "Copied" on success.
- gitHubCliUpgradeCommand: return null for platforms without a known package
  manager (freebsd, openbsd, sunos, aix) instead of an `apt` command that can't
  run there; the row then shows the generic "update it" guidance with no
  command line. Adds a regression test for the freebsd case.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
// A `gh` too old for `auth status --json` can't be parsed here, so the probe
// looks like a sign-out even when the user is authenticated. Surface it as an
// outdated CLI, with the platform-appropriate upgrade command in `detail`.
if (!authStatus.parsed && isOutdatedGitHubCli(input)) {

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🟠 High sourceControl/GitHubSourceControlProvider.ts:105

parseGitHubAuth now returns status: "outdated" when the installed gh is too old, but the readiness checks in CommandPalette.tsx and GitActionsControl.tsx only gate on "unauthenticated" and treat every other status as ready. So a user with an outdated, signed-out gh sees GitHub marked usable, and pull-request actions are incorrectly enabled — they fail at runtime instead of being blocked up front. Either add "outdated" to the set of statuses that block readiness, or document why it should be treated as ready.

🤖 Copy this AI Prompt to have your agent fix this:
In file @apps/server/src/sourceControl/GitHubSourceControlProvider.ts around line 105:

`parseGitHubAuth` now returns `status: "outdated"` when the installed `gh` is too old, but the readiness checks in `CommandPalette.tsx` and `GitActionsControl.tsx` only gate on `"unauthenticated"` and treat every other status as ready. So a user with an outdated, signed-out `gh` sees GitHub marked usable, and pull-request actions are incorrectly enabled — they fail at runtime instead of being blocked up front. Either add `"outdated"` to the set of statuses that block readiness, or document why it should be treated as ready.

…ated

An `outdated` CLI can't confirm sign-in, but the readiness checks only gated on
`unauthenticated`, so GitHub was marked usable and pull-request / publish /
add-project actions were enabled and then failed at runtime. Treat `outdated`
as not-ready (with an "update it" hint) in all three readiness paths:
- CommandPalette add-project readiness
- GitActionsControl publish readiness
- client-runtime add-project remote readiness

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

size:L 100-499 changed lines (additions + deletions). vouch:unvouched PR author is not yet trusted in the VOUCHED list.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

GitHub source control shows "Not authenticated" when gh is outdated (missing auth status --json)

1 participant