Skip to content

Auth + Logging Architecture Overhaul — Complete Wiring #393

New issue
New issue
Closed
#394
Closed
Auth + Logging Architecture Overhaul — Complete Wiring#393
#394
Labels
enhancementNew feature or request
@danielmeppiel

Description

@danielmeppiel
danielmeppiel
opened on Mar 20, 2026

Epic: Auth + Logging Architecture Overhaul

Problem Statement

Three architectural gaps compound into broken user experience:

  1. Auth is scattered and inconsistent. 95+ auth touchpoints across the codebase. Four call sites re-implement token lookup differently. Two files bypass GitHubTokenManager entirely. Token binding happens at GitHubPackageDownloader.__init__() — ONE token for all deps.

  2. Logging is ad-hoc. 766+ output calls across 27 files, 13 commands. Each command manually checks verbose/dry_run/partial. No shared lifecycle.

  3. Auth is single-token, not per-dependency. GitHub PATs can be org-scoped. Enterprise policies forbid user-level PATs. A manifest with deps from multiple orgs needs per-org tokens.

Solution

  • AuthResolver — single source of truth for auth. Per-dependency design from day 1 with (host, org) cache key. Wraps GitHubTokenManager, adds host classification, fallback chains, EMU detection, actionable errors.
  • CommandLogger — base class for ALL commands. Lifecycle: start → validate → progress → complete → summary. Verbose/dry-run/diagnostics built in. InstallLogger subclass for install-specific phases.
  • CATEGORY_AUTH in DiagnosticCollector — auth diagnostics in end-of-operation summaries.
  • Per-org env varGITHUB_APM_PAT_{ORG} checked, falls back to global.

Phases

  • Phase 1: Foundation (AuthResolver, CommandLogger, DiagnosticCollector, skill refactor)
  • Phase 2: Auth wiring (github_downloader, validation, bypassing modules, error messages)
  • Phase 3: Logging wiring (ALL 13 commands + support modules, 766+ calls)
  • Phase 4: Tests (unit + integration E2E + script updates)
  • Phase 5: Docs + Agent personas + Skills

Files (47 total: 8 NEW, 39 EDIT/REWRITE)

See plan.md in session workspace for full file list and dependency graph.

Key Decisions

  • AuthContext is frozen (immutable) — thread-safe for parallel downloads
  • CommandLogger delegates to existing _rich_* helpers — no new output primitives
  • Progressive adoption: InstallLogger first, other commands follow same pattern
  • Per-org env var (GITHUB_APM_PAT_{ORG}) checked today; config file deferred to v2

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions