Add failing tests for issue #466: OAuth all-repo access

[prompt-driven-github]

Summary

Adds failing tests that detect the bug reported in #466 where PDD CLI requests access to ALL repositories instead of allowing selective repository access.

Test Files

• Unit test: tests/test_get_jwt_token.py
• E2E test: tests/test_e2e_issue_466_oauth_all_repo_scope.py

What This PR Contains

• Unit tests that verify the OAuth scope "repo,user" is hardcoded at pdd/get_jwt_token.py:251
• E2E tests that verify the complete authentication flow uses OAuth Apps which fundamentally cannot support selective repository access
• Tests are verified to document the current buggy behavior

Root Cause

PDD CLI uses GitHub OAuth Apps with the repo,user scope, which by architectural design grants access to ALL repositories. This is a fundamental limitation of GitHub OAuth Apps that cannot be worked around by changing scopes. The repo OAuth scope always means "all repositories the user can access" - there is no OAuth scope that provides selective repository access.

Location: pdd/get_jwt_token.py:251 - The DeviceFlow class hardcodes scope = "repo,user"

Solution Required: Migrate from OAuth App to GitHub App for CLI authentication, which would allow users to install the app and select specific repositories during installation.

Test Behavior

These are regression tests that document the current buggy behavior:

• Unit tests verify the hardcoded OAuth scope configuration
• E2E tests verify the authentication flow behavior at the system level
• After implementing the fix (migrating to GitHub Apps), these tests will need to be updated to verify the new selective access functionality

Next Steps

1. Implement the fix by migrating from OAuth App to GitHub App authentication
2. Update the tests to verify selective repository access works
3. Verify both unit and E2E tests pass with the fix
4. Run full test suite to check for regressions
5. Mark PR as ready for review

Fixes #466

---

Generated by PDD agentic bug workflow - Step 10

[prompt-driven-github]

🚀 Job Queued!

Job ID: fRJdryZEkECkjijC5sia
Triggered by: @gltanaka
Label: sync

View Live Progress

[prompt-driven-github]

❌ PDD Execution Failed

Execution failed: PDD command failed with exit code 2.
Output: 2026-03-03 00:51:18,783 - pdd.llm_invoke - INFO - No local LLM model CSV found, will use package default
2026-03-03 00:51:18,793 - pdd.llm_invoke - INFO - LiteLLM disk cache configured at /opt/pdd-repo/pdd/litellm_cache.sqlite
Complete onboarding with pdd setup to install tab completion and configure API
keys.
Usage: pdd sync [OPTIONS] BASENAME
Try 'pdd sync --help' for help.

Error: No such option: --force

[prompt-driven-github]

🚀 Job Queued!

Job ID: pOdbRljzlqRphHW4KSpn
Triggered by: @gltanaka
Label: sync

View Live Progress

[prompt-driven-github]

❌ PDD Execution Failed

Execution failed: PDD command failed with exit code 2.
Output: on and configure API
keys.
Error during 'sync' command:
Usage Error: Basename '#467' contains
invalid characters. Only alphanumeric, underscore, hyphen, and forward slash
(for subdirectories) are allowed.
Usage: pdd sync [OPTIONS] BASENAME
Try 'pdd sync --help' for help.

Error: Basename '#467' contains invalid characters. Only alphanumeric, underscore, hyphen, and forward slash (for subdirectories) are allowed.

[prompt-driven-github]

🚀 Job Queued!

Job ID: XTVK0SmQvhj6Q0f6CORg
Triggered by: @gltanaka
Label: sync

View Live Progress

[prompt-driven-github]

❌ PDD Execution Failed

Execution failed: PDD command failed with exit code 1.
Output: architecture.json found, falling back to include-based dependency graph
Successfully loaded prompt: agentic_sync_identify_modules_LLM
Identifying modules to sync via LLM...
Status: Failed
Message: LLM identified no modules to sync
Cost: $0.6572
Model: anthropic
Error during 'unknown' command:
An unexpected error occurred: Command exited with code 1
📦 Debug snapshot saved to
/tmp/pdd_job_XTVK0SmQvhj6Q0f6CORg_a4ids431/.pdd/core_dumps/pdd-core-20260303T013
758Z.json (attach when reporting bugs)

[prompt-driven-github]

🚀 Job Queued!

Job ID: q17EalMpZVZLNXzVVlm3
Triggered by: @gltanaka
Label: sync

View Live Progress

[prompt-driven-github]

🚀 Job Queued!

Job ID: EOIxbczAb64D47qpZhJ4
Triggered by: @gltanaka
Label: sync

View Live Progress

[prompt-driven-github]

PDD Agentic Sync - Error

Dry-run validation failed:
get_jwt_token: LLM suggested cwd '.' but dry-run still failed: 2026-03-03 02:12:45,044 - pdd.llm_invoke - INFO - No local LLM model CSV found, will use package default
2026-03-03 02:12:45,052 - pdd.llm_invoke - INFO - LiteLLM disk cache configured at /opt/pdd-repo/pdd/litellm_cache.sqlite
Usage: pdd sync [OPTIONS] BASENAME
Try 'pdd sync --help' for help.

Error: No prompt files found for basename 'get_jwt_token' in directory '/tmp/pdd_job_q17EalMpZVZLNXzVVlm3_kt_hk2aa/prompts'.
Expected files with format: 'get_jwt_token_<language>.prompt'

test_get_jwt_token: LLM failed to suggest fix: All agent providers failed: google: Timeout expired
test_e2e_issue_466_oauth_all_repo_scope: LLM failed to suggest fix: All agent providers failed: google: Timeout expired

[prompt-driven-github]

❌ PDD Execution Failed

Execution failed: PDD command failed with exit code 1.
Output: architecture.json found, falling back to include-based dependency graph
Successfully loaded prompt: agentic_sync_identify_modules_LLM
Identifying modules to sync via LLM...
Status: Failed
Message: LLM identified no modules to sync
Cost: $0.7929
Model: anthropic
Error during 'unknown' command:
An unexpected error occurred: Command exited with code 1
📦 Debug snapshot saved to
/tmp/pdd_job_q17EalMpZVZLNXzVVlm3_kt_hk2aa/.pdd/core_dumps/pdd-core-20260303T023
442Z.json (attach when reporting bugs)

[prompt-driven-github]

❌ PDD Execution Failed

Execution failed: PDD command failed with exit code 1.
Output: 03-03 04:06:53,269 - pdd.llm_invoke - INFO - LiteLLM disk cache configured at /opt/pdd-repo/pdd/litellm_cache.sqlite
Fetching issue #467 from promptdriven/pdd...
Status: Failed
Message: Failed to fetch issue: gh: Bad credentials (HTTP 401)
Cost: $0.0000
Model:
Error during 'unknown' command:
An unexpected error occurred: Command exited with code 1
📦 Debug snapshot saved to
/tmp/pdd_job_EOIxbczAb64D47qpZhJ4_7tmnbs48/.pdd/core_dumps/pdd-core-20260303T040
653Z.json (attach when reporting bugs)