feat(auth): add DISABLE_GOOGLE_AUTH and DISABLE_GITHUB_AUTH env vars

[waleedlatif1]

Summary

• Add DISABLE_GOOGLE_AUTH and DISABLE_GITHUB_AUTH env vars to explicitly hide OAuth login buttons even when credentials are configured
• Follow existing DISABLE_ prefix convention with z.boolean() schema and isTruthy feature flags
• Add env vars to helm charts (values, schema, production example)

Type of Change

• New feature

Testing

Tested manually

Checklist

• Code follows project style guidelines
• Self-reviewed my changes
• Tests added/updated and passing
• No new warnings introduced
• I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
docs	Skipped		Apr 7, 2026 7:17pm

[cursor]

PR Summary

Medium Risk
Touches authentication provider configuration and login UI availability; misconfiguration could unintentionally hide OAuth login options or prevent social sign-in.

Overview
Adds DISABLE_GOOGLE_AUTH and DISABLE_GITHUB_AUTH env vars (and corresponding isGoogleAuthDisabled/isGithubAuthDisabled feature flags) to explicitly disable Google/GitHub OAuth login even when credentials are present.

Updates auth setup to conditionally register google/github in socialProviders, and updates the OAuth provider availability checker so the login UI hides these providers when disabled. Helm chart values.yaml, values.schema.json, and the production example are updated to document/configure the new env vars.

^{Reviewed by Cursor Bugbot for commit 02d3c2a. Configure here.}

[greptile-apps]

Greptile Summary

This PR adds DISABLE_GOOGLE_AUTH and DISABLE_GITHUB_AUTH environment variables, enabling operators to explicitly suppress OAuth login buttons even when credentials are configured. This is useful for deployments that configure OAuth credentials solely for tool integrations but want to restrict social login methods.

• Adds two env vars following the established z.boolean().optional() + isTruthy() feature-flag pattern (consistent with DISABLE_INVITATIONS, DISABLE_PUBLIC_API, etc.)
• Guards githubAvailable / googleAvailable in oauth-provider-checker.tsx with both credential presence AND the new disable flags
• Conditionally registers GitHub/Google social providers in auth.ts via safe object-spread (...(!isGithubAuthDisabled && { github: ... }); ...false in object context is a no-op)
• Updates Helm chart values.yaml, values.schema.json, and the production example with empty-string defaults and commented-out usage examples

Confidence Score: 5/5

Safe to merge — implementation is correct, consistent with existing patterns, and introduces no regressions.

All changes follow the established DISABLE_ flag pattern (z.boolean().optional() + isTruthy()). The conditional spread in auth.ts is safe JavaScript. The oauth-provider-checker correctly AND-gates credentials and the new flags. No P0 or P1 issues found.

No files require special attention — all changes are clean and consistent.

Important Files Changed

Filename	Overview
apps/sim/app/(auth)/components/oauth-provider-checker.tsx	Adds credential + disable-flag guard for GitHub/Google availability; server-side only, logic is correct
apps/sim/lib/auth/auth.ts	Conditionally registers GitHub/Google social providers using safe object-spread pattern; ...false is a no-op
apps/sim/lib/core/config/env.ts	Adds DISABLE_GOOGLE_AUTH and DISABLE_GITHUB_AUTH as z.boolean().optional(), consistent with all other DISABLE_ flags
apps/sim/lib/core/config/feature-flags.ts	Exports isGoogleAuthDisabled and isGithubAuthDisabled using the established isTruthy() pattern
helm/sim/examples/values-production.yaml	Adds commented-out examples for the new disable flags alongside existing OAuth credential entries
helm/sim/values.schema.json	Adds string-type JSON schema entries for both new env vars, consistent with other disable-flag entries
helm/sim/values.yaml	Adds empty-string defaults for both new env vars; isTruthy("") correctly returns false

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A([User requests login page]) --> B[getOAuthProviderStatus called server-side]

    B --> C{GITHUB credentials set?}
    C -- No --> D[githubAvailable = false]
    C -- Yes --> E{isGithubAuthDisabled?}
    E -- Yes --> D
    E -- No --> F[githubAvailable = true]

    B --> G{GOOGLE credentials set?}
    G -- No --> H[googleAvailable = false]
    G -- Yes --> I{isGoogleAuthDisabled?}
    I -- Yes --> H
    I -- No --> J[googleAvailable = true]

    D & F --> K[Return provider status]
    H & J --> K

    K --> L[OAuthProviderChecker renders]
    L --> M{githubAvailable?}
    M -- Yes --> N[Render GitHub login button]
    M -- No --> O[Hide GitHub login button]
    L --> P{googleAvailable?}
    P -- Yes --> Q[Render Google login button]
    P -- No --> R[Hide Google login button]

    subgraph auth_init[auth.ts Initialization]
        S([auth.ts loads]) --> T{isGithubAuthDisabled?}
        T -- No --> U[Register GitHub social provider]
        T -- Yes --> V[Skip GitHub provider]
        S --> W{isGoogleAuthDisabled?}
        W -- No --> X[Register Google social provider]
        W -- Yes --> Y[Skip Google provider]
    end

Loading

_{Reviews (3): Last reviewed commit: "lint" | Re-trigger Greptile}

[waleedlatif1]

@greptile

[waleedlatif1]

@cursor review

[cursor]

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

^{Reviewed by Cursor Bugbot for commit 02d3c2a. Configure here.}

[waleedlatif1]

@greptile

[waleedlatif1]

@cursor review

[cursor]

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

^{Reviewed by Cursor Bugbot for commit 02d3c2a. Configure here.}