feat(settings): auto-propagate GitHub PAT to running agents (#211)#402
Merged
vybe merged 2 commits intoApr 19, 2026
Merged
Conversation
…i#211) When the global GitHub PAT is updated in Settings, push the new value into each running agent's .env so agents pick it up without a restart. Reuses the existing agent-side /api/credentials/read + /api/credentials/inject endpoints — no new agent-server routes. Per-agent PATs (Abilityai#347) and agents that never had GITHUB_PAT in .env are skipped. Delete PAT does NOT propagate. Partial failures are reported per agent and never block the PAT save. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Adds a Global PAT Auto-Propagation section to github-sync.md covering eligibility rules, the read-modify-inject mechanism, response shape, and delete non-propagation. Updates feature-flows index and project_index. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
vybe
approved these changes
Apr 19, 2026
Contributor
vybe
left a comment
vybe
left a comment
There was a problem hiding this comment.
Approved via /validate-pr — docs, tests, security all clean.
6 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
.envwhen it is updated in Settings, so agents pick up the new token without a restart..envdoes not currently containGITHUB_PAT.DELETEdoes NOT propagate./api/credentials/readand/api/credentials/injectendpoints — no new agent-server surface.Changes
src/backend/services/github_pat_propagation_service.py— new service; reads each target agent's.env, patches theGITHUB_PATline (preserving all other keys and the agent's own escaping format), and writes it back. Runs concurrently viaasyncio.gatherwith per-agent error isolation.src/backend/routers/settings.py—update_github_patnow calls the propagation service afterdb.set_setting(...)and returns the per-agent status. Propagation failures are caught and reported in the response so the PAT save is never rolled back.src/backend/models.py— addsAgentPropagationStatusandGithubPatPropagationResultPydantic models.src/frontend/src/views/Settings.vue— renders the propagation result below the PAT status line (success count, failed list, skipped reasons).tests/test_github_pat_propagation_unit.py— 11 unit tests covering env patching, per-agent PAT skip, no-PAT-in-env skip, stopped-agent skip, merge preserves other keys, partial-failure isolation.docs/memory/feature-flows/platform-settings.md— documents the auto-propagation behavior.Acceptance Criteria
GITHUB_PATTest Plan
python -m pytest tests/test_github_pat_propagation_unit.py -v(11/11 pass)GITHUB_PATinjected. Update global PAT via Settings UI → only the third has.envupdated; UI shows"PAT updated and applied to 1 of 1 running agents".Closes #211
🤖 Generated with Claude Code