revert: Undo beads commit that should have been on feature branch

Agent Relay · Agent Relay · commit 8eab74f61197 · 2026-01-08T18:31:51.000Z
diff --git a/.beads/beads.jsonl b/.beads/beads.jsonl
@@ -44,4 +44,3 @@
 {"id":"agent-relay-323","title":"gh CLI authentication not working in workspace containers","description":"The gh CLI fails with 401 Unauthorized when trying to create PRs or interact with GitHub API.\n\n## Error\n```\nfailed to migrate config: cowardly refusing to continue with multi account migration: couldn't get user name for \"github.com\"\nstatus code: 401 Unauthorized body: \"Bad credentials\"\n```\n\n## Root Cause (FOUND - PARTIALLY FIXED)\nTwo issues:\n1. **API Routing Bug**: teamsRouter at `/api` with `requireAuth` middleware was intercepting `/api/git/token` requests, returning SESSION_EXPIRED instead of allowing workspace token auth. **FIXED in commit 58e6686** but NOT DEPLOYED.\n2. **Token Delivery Chain Broken**: Even with routing fix, full token refresh pipeline not working end-to-end. Verified 2026-01-07: gh CLI still returns 401.\n\n## Current Status (2026-01-07)\n- Routing fix committed but awaiting deployment\n- git-credential-relay mechanism not operational in current environment\n- Full diagnostic needed to confirm:\n  - Is /api/git/token endpoint reachable and returning valid tokens?\n  - Is git-credential-relay script working?\n  - Are env vars (GH_TOKEN, WORKSPACE_TOKEN, CLOUD_API_URL) set correctly?\n\n## Next Steps\n1. Investigate environment setup\n2. Verify token endpoint functionality\n3. Test credential helper chain\n4. Deploy routing fix if not already live\n\n## Related\n- See trajectory traj_jnn4auk30thh for previous debugging\n- New investigation needed: 2026-01-07\n\n## Files\n- src/cloud/server.ts:269-290 (router mount order)\n- src/cloud/api/git.ts (token endpoint)\n- /usr/local/bin/git-credential-relay (credential helper)","priority":90,"status":"blocked","created_at":"2026-01-05T23:00:00Z","tags":["bug","gh-cli","auth","root-cause-found","needs-investigation"],"depends_on":[]}
 {"id":"agent-relay-324","title":"Agent memory metrics showing 0 B for all agents","description":"The Agent Memory & Resources section on the metrics page shows 0 B memory usage, 0% CPU, Unknown trend, and 0 B peak for all agents.\n\n## Root Cause (FOUND)\nThe `ps` command is NOT INSTALLED in workspace containers. The metrics endpoint at line 2419 uses:\n```typescript\nexecSync(`ps -o rss=,pcpu= -p ${worker.pid}`, ...)\n```\nThis fails silently (catch block sets rssBytes = 0) because `ps` doesn't exist.\n\n## Verification\n```bash\n$ which ps\n(not found)\n$ cat /proc/829/status | grep VmRSS\nVmRSS: 626000 kB  # This DOES work!\n```\n\n## Fix\nReplace `ps` with `/proc/{pid}/status` parsing:\n```typescript\n// Instead of ps command, use /proc\nconst status = fs.readFileSync(`/proc/${worker.pid}/status`, 'utf8');\nconst rssMatch = status.match(/VmRSS:\\s+(\\d+)\\s+kB/);\nrssBytes = rssMatch ? parseInt(rssMatch[1], 10) * 1024 : 0;\n\n// For CPU, can use /proc/{pid}/stat over time intervals\n```\n\n## Files\n- src/dashboard-server/server.ts:2416-2428 (metrics endpoint ps usage)","priority":75,"status":"open","created_at":"2026-01-05T23:05:00Z","tags":["bug","metrics","dashboard","root-cause-found"],"depends_on":[]}
 {"id":"agent-relay-325","title":"Mobile header not sticky when test input open and scrolling","description":"On mobile, the header isn't truly sticky. When user opens the test input and scrolls down, the header disappears.\n\n## Steps to Reproduce\n1. Open dashboard on mobile\n2. Open the test input\n3. Scroll down\n4. Header disappears (should stay sticky)\n\n## Expected Behavior\nHeader should remain sticky/fixed at top even when test input is open and user scrolls.\n\n## Investigation Needed\n1. Check header z-index vs test input z-index\n2. Check if test input container creates new stacking context\n3. Verify sticky positioning works with whatever container wraps the scrollable area\n4. May need position: fixed instead of sticky, or adjust container overflow\n\n## Files\n- src/dashboard/react-components/layout/Header.tsx\n- Related input/modal components","priority":70,"status":"open","created_at":"2026-01-05T23:15:00Z","tags":["bug","mobile","ui","header"],"depends_on":[]}
-{"id":"bd-git-auth-fix","title":"Fix Git and GitHub CLI Authentication - Credential Helper Chain","description":"GitHub API operations (git push, gh CLI) fail due to installation tokens not supporting credential helpers.\n\n## Problem\n- /api/git/token endpoint returns GitHub App installation tokens (ghs_*)\n- Installation tokens don't work with git credential helpers (GitHub limitation)\n- Workaround required: embed token directly in HTTPS URL\n- This wastes cycles and breaks automated workflows\n\n## Current Behavior (Broken)\n```bash\ngit config credential.helper /usr/local/bin/git-credential-relay\ngit push origin branch  # FAILS: \"Password authentication not supported\"\n```\n\n## Current Workaround (Unsustainable)\n```bash\nTOKEN=$(curl -s ... /api/git/token)\ngit push \"https://x-access-token:${TOKEN}@github.com/org/repo.git\" branch\n```\n\n## Root Cause\n1. /api/git/token returns `installationToken` (type ghs_*) on line 182 of src/cloud/api/git.ts\n2. Installation tokens are API-only, not for git operations\n3. git-credential-relay expects a token that works, but gets incompatible one\n4. gh CLI wrapper relies on same broken endpoint\n\n## Solution Options\n1. **Option A (Preferred)**: Return userToken or PAT from /api/git/token\n   - Check if userToken is available from Nango\n   - Or generate a real PAT via GitHub API\n   - Keep installation token for API operations\n\n2. **Option B**: Fix git-credential-relay to handle token embedding\n   - Modify helper to inject token into URL automatically\n   - Less clean but might work as fallback\n\n3. **Option C**: Implement new token endpoint\n   - /api/git/pat for git operations\n   - Keep /api/git/token for API operations\n\n## Success Criteria\n- `git push origin branch` works transparently\n- `gh pr create` works transparently\n- Token refresh happens automatically (55-min cache)\n- No URL embedding workarounds needed\n- Agents can focus on work, not auth mechanics\n\n## Investigation Steps\n1. Check Nango service for PAT/user token availability\n2. Review userToken field in current /api/git/token response\n3. Test if userToken works for git operations\n4. If not, implement PAT generation from GitHub API\n5. Update git-credential-relay to use new token source\n6. Test with gh CLI wrapper\n\n## Files to Modify\n- src/cloud/api/git.ts (token endpoint)\n- src/cloud/services/nango.ts (token sources)\n- /usr/local/bin/git-credential-relay (helper)\n- deploy/workspace/gh-relay (gh CLI wrapper)","priority":100,"status":"open","created_at":"2026-01-08T18:30:00Z","tags":["critical","infrastructure","git-auth","automation","blocker"],"depends_on":[]}
