fix(cloud): keep git_signed_commit visible when GH token lands post-spawn#2313
Merged
Conversation
…pawn The tool was gated on `ctx.token` at session-creation time, which captured `process.env.GH_TOKEN`/`GITHUB_TOKEN` once. If the orchestrator (or a shell init) set the token after the agent process started, the gate failed and the tool was filtered out of the in-process MCP server for the rest of the session — leaving the agent unable to commit at all. Drop the token check from the gate and resolve the token lazily inside the handler. The tool now stays visible in every cloud run; if no token is found at call time it returns a clear error instead of silently disappearing.
tatoalo
approved these changes
May 22, 2026
Contributor
|
Reviews (1): Last reviewed commit: "fix(cloud): keep git_signed_commit visib..." | Re-trigger Greptile |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
git_signed_commitwas gated onctx.tokenat session-creation time. IfGH_TOKEN/GITHUB_TOKENweren't inprocess.envat that exact moment (e.g. set by the orchestrator post-spawn, or only exported in a child shell init), the gate failed and the tool was filtered out of the in-process MCP server for the rest of the session — the agent reported "Waiting for the local PostHog MCP server… to finish connecting" and couldn't commit at all.isEnabled; resolve the token lazily inside the handler viaresolveGithubToken(). The tool now stays visible in every cloud run, and if no token is found at call time it returns a clear error instead of silently disappearing.Test plan
pnpm --filter @posthog/agent test— all 444 tests passpnpm --filter @posthog/agent typecheckcleanregistry.test.ts: cloud-run-without-token now returns the tool (lazy resolve); desktop unchangedgit_signed_commitappears in ToolSearch and commits succeedNotes
This is the smaller of two possible fixes. The proper plumbing — the orchestrator POSTing fresh tokens into the agent server with a git credential helper — lives on
ryan/add_env_propegation(commit1d7baca5) and isn't merged yet. Shipping this now removes the user-visible "tool disappears" symptom; the bridge can land independently.