pingdotgg · GuilhermeVieiraDev · May 4, 2026 · May 9, 2026 · May 9, 2026 · May 9, 2026
diff --git a/apps/server/src/sourceControl/GitHubSourceControlProvider.test.ts b/apps/server/src/sourceControl/GitHubSourceControlProvider.test.ts
@@ -7,12 +7,19 @@ import { ChildProcessSpawner } from "effect/unstable/process";
 
 import * as VcsProcess from "../vcs/VcsProcess.ts";
 import * as GitHubCli from "./GitHubCli.ts";
+import { parseGitHubAuthStatus } from "./gitHubAuthStatus.ts";
 import * as GitHubSourceControlProvider from "./GitHubSourceControlProvider.ts";
 
-const processResult = (stdout: string): VcsProcess.VcsProcessOutput => ({
-  exitCode: ChildProcessSpawner.ExitCode(0),
+const processResult = (
+  stdout: string,
+  options?: {
+    readonly stderr?: string;
+    readonly exitCode?: ChildProcessSpawner.ExitCode;
+  },
+): VcsProcess.VcsProcessOutput => ({
+  exitCode: options?.exitCode ?? ChildProcessSpawner.ExitCode(0),
   stdout,
-  stderr: "",
+  stderr: options?.stderr ?? "",
   stdoutTruncated: false,
   stderrTruncated: false,
 });
@@ -157,3 +164,178 @@ it.effect("creates GitHub PRs through provider-neutral input names", () =>
     });
   }),
 );
+
+it("accepts active authenticated GitHub accounts when another account fails", () => {
+  const auth = GitHubSourceControlProvider.discovery.parseAuth(
+    processResult(
+      JSON.stringify({
+        hosts: {
+          "github.com": [
+            {
+              state: "success",
+              active: true,
+              host: "github.com",
+              login: "active-user",
+              tokenSource: "keyring",
+              gitProtocol: "ssh",
+            },
+            {
+              state: "error",
+              active: false,
+              host: "github.com",
+              login: "stale-user",
+              tokenSource: "keyring",
+              gitProtocol: "ssh",
+              error: "The token in keyring is invalid.",
+            },
+          ],
+        },
+      }),
+    ),
+  );
+
+  assert.deepStrictEqual(
+    {
+      status: auth.status,
+      account: auth.account,
+      host: auth.host,
+    },
+    {
+      status: "authenticated",
+      account: Option.some("active-user"),
+      host: Option.some("github.com"),
+    },
+  );
+});
+
+it("parses GitHub auth JSON from stdout when stderr has warnings", () => {
+  const auth = GitHubSourceControlProvider.discovery.parseAuth(
+    processResult(
+      JSON.stringify({
+        hosts: {
+          "github.com": [
+            {
+              state: "success",
+              active: true,
+              host: "github.com",
+              login: "active-user",
+              tokenSource: "keyring",
+              gitProtocol: "ssh",
+            },
+          ],
+        },
+      }),
+      { stderr: "warning: ignored diagnostic from gh\n" },
+    ),
+  );
+
+  assert.deepStrictEqual(
+    {
+      status: auth.status,
+      account: auth.account,
+      host: auth.host,
+    },
+    {
+      status: "authenticated",
+      account: Option.some("active-user"),
+      host: Option.some("github.com"),
+    },
+  );
+});
+
+it("parses GitHub auth status accounts by host and active state", () => {
+  assert.deepStrictEqual(
+    parseGitHubAuthStatus(
+      JSON.stringify({
+        hosts: {
+          "github.com": [
+            {
+              state: "success",
+              active: true,
+              host: "github.com",
+              login: "active-user",
+              tokenSource: "keyring",
+              gitProtocol: "ssh",
+            },
+            {
+              state: "error",
+              active: false,
+              host: "github.com",
+              login: "stale-user",
+              tokenSource: "keyring",
+              gitProtocol: "ssh",
+            },
+          ],
+          "github.example.test": [
+            {
+              state: "success",
+              active: false,
+              host: "github.example.test",
+              login: "enterprise-user",
+              tokenSource: "keyring",
+              gitProtocol: "ssh",
+            },
+          ],
+        },
+      }),
+    ).accounts,
+    [
+      {
+        host: "github.com",
+        account: "active-user",
+        authenticated: true,
+        active: true,
+        error: null,
+      },
+      {
+        host: "github.com",
+        account: "stale-user",
+        authenticated: false,
+        active: false,
+        error: null,
+      },
+      {
+        host: "github.example.test",
+        account: "enterprise-user",
+        authenticated: true,
+        active: false,
+        error: null,
+      },
+    ],
+  );
+});
+
+it("reports unauthenticated when GitHub JSON has accounts but none are valid", () => {
+  const auth = GitHubSourceControlProvider.discovery.parseAuth(
+    processResult(
+      JSON.stringify({
+        hosts: {
+          "github.com": [
+            {
+              state: "error",
+              active: true,
+              host: "github.com",
+              login: "stale-user",
+              tokenSource: "keyring",
+              gitProtocol: "ssh",
+              error: "The token in keyring is invalid.",
+            },
+          ],
+        },
+      }),
+    ),
+  );
+
+  assert.deepStrictEqual(
+    {
+      status: auth.status,
+      host: auth.host,
+      detail: auth.detail,
+    },
+    {
+      status: "unauthenticated",
+      host: Option.some("github.com"),
+      detail: Option.some("The token in keyring is invalid."),
+    },
+  );
+});
diff --git a/apps/server/src/sourceControl/GitHubSourceControlProvider.ts b/apps/server/src/sourceControl/GitHubSourceControlProvider.ts
@@ -10,6 +10,7 @@ import {
 } from "@t3tools/contracts";
 
 import * as GitHubCli from "./GitHubCli.ts";
+import { findAuthenticatedGitHubAccount, parseGitHubAuthStatus } from "./gitHubAuthStatus.ts";
 import * as GitHubPullRequests from "./gitHubPullRequests.ts";
 import * as SourceControlProvider from "./SourceControlProvider.ts";
 import * as SourceControlProviderDiscovery from "./SourceControlProviderDiscovery.ts";
@@ -51,11 +52,28 @@ function toChangeRequest(summary: GitHubCli.GitHubPullRequestSummary): ChangeReq
 
 function parseGitHubAuth(input: SourceControlProviderDiscovery.SourceControlAuthProbeInput) {
   const output = SourceControlProviderDiscovery.combinedAuthOutput(input);
-  const account = SourceControlProviderDiscovery.matchFirst(output, [
-    /Logged in to .* account\s+([^\s(]+)/iu,
-    /Logged in to .* as\s+([^\s(]+)/iu,
-  ]);
-  const host = SourceControlProviderDiscovery.parseCliHost(output);
+  const authStatus = parseGitHubAuthStatus(input.stdout);
+  const authenticatedAccount = findAuthenticatedGitHubAccount(authStatus.accounts);
+  const host = authenticatedAccount?.host;
+
+  if (authenticatedAccount) {
+    return SourceControlProviderDiscovery.providerAuth({
+      status: "authenticated",
+      account: authenticatedAccount.account,
+      host,
+    });
+  }
+
+  const failedAccount = authStatus.accounts.find((entry) => entry.active) ?? authStatus.accounts[0];
+  if (authStatus.parsed) {
+    return SourceControlProviderDiscovery.providerAuth({
+      status: "unauthenticated",
+      host: failedAccount?.host,
+      detail:
+        failedAccount?.error ??
+        "Run `gh auth login` to authenticate GitHub CLI with an active account.",
+    });
+  }
 
   if (input.exitCode !== 0) {
     return SourceControlProviderDiscovery.providerAuth({
@@ -67,10 +85,6 @@ function parseGitHubAuth(input: SourceControlProviderDiscovery.SourceControlAuth
     });
   }
 
-  if (account) {
-    return SourceControlProviderDiscovery.providerAuth({ status: "authenticated", account, host });
-  }
-
   return SourceControlProviderDiscovery.providerAuth({
     status: "unknown",
     host,
@@ -86,7 +100,7 @@ export const discovery = {
   label: "GitHub",
   executable: "gh",
   versionArgs: ["--version"],
-  authArgs: ["auth", "status"],
+  authArgs: ["auth", "status", "--json", "hosts"],
   parseAuth: parseGitHubAuth,
   installHint:
     "Install the GitHub command-line tool (`gh`) via https://cli.github.com/ or your package manager (for example `brew install gh`).",

diff --git a/apps/server/src/sourceControl/GitLabSourceControlProvider.test.ts b/apps/server/src/sourceControl/GitLabSourceControlProvider.test.ts
@@ -1,9 +1,11 @@
 import { assert, it } from "@effect/vitest";
+import { ChildProcessSpawner } from "effect/unstable/process";
 import * as Effect from "effect/Effect";
 import * as Layer from "effect/Layer";
 import * as Option from "effect/Option";
 
 import * as GitLabCli from "./GitLabCli.ts";
+import { parseGitLabAuthStatusHosts } from "./gitLabAuthStatus.ts";
 import * as GitLabSourceControlProvider from "./GitLabSourceControlProvider.ts";
 
 function makeProvider(gitlab: Partial<GitLabCli.GitLabCliShape>) {
@@ -107,3 +109,44 @@ it.effect("creates GitLab MRs through provider-neutral input names", () =>
     });
   }),
 );
+
+it("accepts authenticated GitLab hosts when another configured host fails", () => {
+  const auth = GitLabSourceControlProvider.discovery.parseAuth({
+    exitCode: ChildProcessSpawner.ExitCode(1),
+    stdout: `gitlab.com
+  x gitlab.com: API call failed: 401 Unauthorized
+  ! No token found
+self-hosted.example.test
+  ✓ Logged in to self-hosted.example.test as gitlab-user
+  ✓ Token found: ******
+`,
+    stderr: "",
+  });
+
+  assert.deepStrictEqual(
+    {
+      status: auth.status,
+      account: auth.account,
+      host: auth.host,
+    },
+    {
+      status: "authenticated",
+      account: Option.some("gitlab-user"),
+      host: Option.some("self-hosted.example.test"),
+    },
+  );
+});
+
+it("parses authenticated GitLab auth status hosts with ports and single-label names", () => {
+  assert.deepStrictEqual(
+    parseGitLabAuthStatusHosts(`localhost:8080
+  ✓ Logged in to localhost:8080 as local-user
+selfhosted
+  ✓ Logged in to selfhosted as single-label-user
+`),
+    [
+      { host: "localhost:8080", account: "local-user" },
+      { host: "selfhosted", account: "single-label-user" },
+    ],
+  );
+});
diff --git a/apps/server/src/sourceControl/GitLabSourceControlProvider.ts b/apps/server/src/sourceControl/GitLabSourceControlProvider.ts
@@ -6,6 +6,7 @@ import { SourceControlProviderError, type ChangeRequest } from "@t3tools/contrac
 import * as GitLabCli from "./GitLabCli.ts";
 import * as SourceControlProvider from "./SourceControlProvider.ts";
 import * as SourceControlProviderDiscovery from "./SourceControlProviderDiscovery.ts";
+import { findAuthenticatedGitLabHost, parseGitLabAuthStatusHosts } from "./gitLabAuthStatus.ts";
 
 function providerError(
   operation: string,
@@ -43,12 +44,19 @@ function toChangeRequest(summary: GitLabCli.GitLabMergeRequestSummary): ChangeRe
 
 function parseGitLabAuth(input: SourceControlProviderDiscovery.SourceControlAuthProbeInput) {
   const output = SourceControlProviderDiscovery.combinedAuthOutput(input);
-  const account = SourceControlProviderDiscovery.matchFirst(output, [
-    /Logged in to .* as\s+([^\s(]+)/iu,
-    /Logged in to .* account\s+([^\s(]+)/iu,
-    /account:\s*([^\s(]+)/iu,
-  ]);
-  const host = SourceControlProviderDiscovery.parseCliHost(output);
+  const authenticatedHost = findAuthenticatedGitLabHost(parseGitLabAuthStatusHosts(output));
+  const account =
+    authenticatedHost?.account ??
+    SourceControlProviderDiscovery.matchFirst(output, [
+      /Logged in to .* as\s+([^\s(]+)/iu,
+      /Logged in to .* account\s+([^\s(]+)/iu,
+      /account:\s*([^\s(]+)/iu,
+    ]);
+  const host = authenticatedHost?.host ?? SourceControlProviderDiscovery.parseCliHost(output);
+
+  if (account) {
+    return SourceControlProviderDiscovery.providerAuth({ status: "authenticated", account, host });
+  }
 
   if (input.exitCode !== 0) {
     return SourceControlProviderDiscovery.providerAuth({
@@ -60,10 +68,6 @@ function parseGitLabAuth(input: SourceControlProviderDiscovery.SourceControlAuth
     });
   }
 
-  if (account) {
-    return SourceControlProviderDiscovery.providerAuth({ status: "authenticated", account, host });
-  }
-
   return SourceControlProviderDiscovery.providerAuth({
     status: "unknown",
     host,
@@ -73,6 +77,25 @@ function parseGitLabAuth(input: SourceControlProviderDiscovery.SourceControlAuth
   });
 }
 
+function refineUnknownGitLabRemote(
+  input: SourceControlProviderDiscovery.SourceControlUnknownRemoteRefinementInput,
+) {
+  const host = input.context.provider.name;
+  const authenticated = parseGitLabAuthStatusHosts(
+    SourceControlProviderDiscovery.combinedAuthOutput(input.auth),
+  ).some((entry) => entry.account !== null && entry.host === host);
+
+  if (!authenticated) {
+    return null;
+  }
+
+  return {
+    kind: "gitlab",
+    name: "GitLab Self-Hosted",
+    baseUrl: input.context.provider.baseUrl,
+  } as const;
+}
+
 export const discovery = {
   type: "cli",
   kind: "gitlab",
@@ -81,6 +104,7 @@ export const discovery = {
   versionArgs: ["--version"],
   authArgs: ["auth", "status"],
   parseAuth: parseGitLabAuth,
+  refineUnknownRemote: refineUnknownGitLabRemote,
   installHint:
     "Install the GitLab command-line tool (`glab`) from https://gitlab.com/gitlab-org/cli or your package manager (for example `brew install glab`).",
 } satisfies SourceControlProviderDiscovery.SourceControlCliDiscoverySpec;