From 5570a10bf4607e5d34cee82b2389fda233515c00 Mon Sep 17 00:00:00 2001 From: Vincent Koc Date: Fri, 19 Jun 2026 05:25:44 +0800 Subject: [PATCH] refactor(auth): remove stale external auth persist wrapper --- src/agents/auth-profiles/external-auth.ts | 31 +--------- .../auth-profiles/external-oauth.test.ts | 61 +------------------ ...-external-auth-passthrough.test-support.ts | 1 - src/agents/auth-profiles/order.test.ts | 1 - 4 files changed, 2 insertions(+), 92 deletions(-) diff --git a/src/agents/auth-profiles/external-auth.ts b/src/agents/auth-profiles/external-auth.ts index 90db012d8bd..70bfcd68c43 100644 --- a/src/agents/auth-profiles/external-auth.ts +++ b/src/agents/auth-profiles/external-auth.ts @@ -12,10 +12,9 @@ import * as externalCliSync from "./external-cli-sync.js"; import { areOAuthCredentialsEquivalent, overlayRuntimeExternalOAuthProfiles, - shouldPersistRuntimeExternalOAuthProfile, type RuntimeExternalOAuthProfile, } from "./oauth-shared.js"; -import type { AuthProfileStore, OAuthCredential } from "./types.js"; +import type { AuthProfileStore } from "./types.js"; type ExternalAuthProfileMap = Map; type ResolveExternalAuthProfiles = typeof resolveExternalAuthProfilesWithPlugins; @@ -148,34 +147,6 @@ export function overlayExternalAuthProfiles( }); } -/** Return whether an external runtime OAuth profile should be persisted. */ -export function shouldPersistExternalAuthProfile(params: { - store: AuthProfileStore; - profileId: string; - credential: OAuthCredential; - agentDir?: string; - env?: NodeJS.ProcessEnv; - config?: OpenClawConfig; - externalCliProviderIds?: Iterable; - externalCliProfileIds?: Iterable; -}): boolean { - const profiles = listRuntimeExternalAuthProfiles({ - store: params.store, - agentDir: params.agentDir, - env: params.env, - externalCli: { - config: params.config, - externalCliProviderIds: params.externalCliProviderIds, - externalCliProfileIds: params.externalCliProfileIds, - }, - }); - return shouldPersistRuntimeExternalOAuthProfile({ - profileId: params.profileId, - credential: params.credential, - profiles, - }); -} - /** Persist safe external CLI OAuth profiles that own their local profile slot. */ export function syncPersistedExternalCliAuthProfiles( store: AuthProfileStore, diff --git a/src/agents/auth-profiles/external-oauth.test.ts b/src/agents/auth-profiles/external-oauth.test.ts index cacc66cec9e..ff729401989 100644 --- a/src/agents/auth-profiles/external-oauth.test.ts +++ b/src/agents/auth-profiles/external-oauth.test.ts @@ -5,11 +5,7 @@ */ import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; import type { ProviderExternalAuthProfile } from "../../plugins/types.js"; -import { - testing, - overlayExternalAuthProfiles, - shouldPersistExternalAuthProfile, -} from "./external-auth.js"; +import { testing, overlayExternalAuthProfiles } from "./external-auth.js"; import { readManagedExternalCliCredential } from "./external-cli-sync.js"; import type { AuthProfileStore, OAuthCredential } from "./types.js"; @@ -134,61 +130,6 @@ describe("auth external oauth helpers", () => { expect(overlaid.profiles["openai:work"]).toEqual(store.profiles["openai:work"]); }); - it("omits exact runtime-only overlays from persisted store writes", () => { - const credential = createCredential(); - resolveExternalAuthProfilesWithPluginsMock.mockReturnValueOnce([ - { - profileId: "openai:default", - credential, - }, - ]); - - const shouldPersist = shouldPersistExternalAuthProfile({ - store: createStore({ "openai:default": credential }), - profileId: "openai:default", - credential, - }); - - expect(shouldPersist).toBe(false); - }); - - it("keeps persisted copies when the external overlay is marked persisted", () => { - const credential = createCredential(); - resolveExternalAuthProfilesWithPluginsMock.mockReturnValueOnce([ - { - profileId: "openai:default", - credential, - persistence: "persisted", - }, - ]); - - const shouldPersist = shouldPersistExternalAuthProfile({ - store: createStore({ "openai:default": credential }), - profileId: "openai:default", - credential, - }); - - expect(shouldPersist).toBe(true); - }); - - it("keeps stale local copies when runtime overlay no longer matches", () => { - const credential = createCredential(); - resolveExternalAuthProfilesWithPluginsMock.mockReturnValueOnce([ - { - profileId: "openai:default", - credential: createCredential({ access: "fresh-access-token" }), - }, - ]); - - const shouldPersist = shouldPersistExternalAuthProfile({ - store: createStore({ "openai:default": credential }), - profileId: "openai:default", - credential, - }); - - expect(shouldPersist).toBe(true); - }); - it("keeps Codex CLI OAuth from replacing stored inline token material", () => { readCodexCliCredentialsCachedMock.mockReturnValue( createCredential({ diff --git a/src/agents/auth-profiles/oauth-external-auth-passthrough.test-support.ts b/src/agents/auth-profiles/oauth-external-auth-passthrough.test-support.ts index f6d561d9889..6677975aa90 100644 --- a/src/agents/auth-profiles/oauth-external-auth-passthrough.test-support.ts +++ b/src/agents/auth-profiles/oauth-external-auth-passthrough.test-support.ts @@ -8,6 +8,5 @@ import { vi } from "vitest"; vi.mock("./external-auth.js", () => ({ listRuntimeExternalAuthProfiles: () => [], overlayExternalAuthProfiles: (store: T) => store, - shouldPersistExternalAuthProfile: () => true, syncPersistedExternalCliAuthProfiles: (store: T) => store, })); diff --git a/src/agents/auth-profiles/order.test.ts b/src/agents/auth-profiles/order.test.ts index 07057a010d0..6ac132ad1d9 100644 --- a/src/agents/auth-profiles/order.test.ts +++ b/src/agents/auth-profiles/order.test.ts @@ -39,7 +39,6 @@ vi.mock("../../plugins/plugin-metadata-snapshot.js", () => ({ vi.mock("./external-auth.js", () => ({ listRuntimeExternalAuthProfiles: () => [], overlayExternalAuthProfiles: (store: T) => store, - shouldPersistExternalAuthProfile: () => true, })); import { isStoredCredentialCompatibleWithAuthProvider, resolveAuthProfileOrder } from "./order.js";