remove old gh env var (#35)

Author: ctate

AGENTS.md

@@ -32,7 +32,6 @@ console.error('Error occurred:', error)
 - **No exceptions**: This applies to ALL log levels (info, error, success, command, console.log, console.error, console.warn, etc.)
 
 #### Sensitive Data That Must NEVER Appear in Logs:
-- API keys and tokens (ANTHROPIC_API_KEY, OPENAI_API_KEY, GITHUB_TOKEN, etc.)
 - Vercel credentials (VERCEL_TOKEN, VERCEL_TEAM_ID, VERCEL_PROJECT_ID)
 - User IDs and personal information
 - File paths and repository URLs
@@ -120,7 +119,6 @@ Never expose these in logs or to the client:
 - `VERCEL_PROJECT_ID` - Vercel project identifier
 - `ANTHROPIC_API_KEY` - Anthropic/Claude API key
 - `OPENAI_API_KEY` - OpenAI API key
-- `GITHUB_TOKEN` - GitHub API token
 - `JWE_SECRET` - Encryption secret
 - `ENCRYPTION_KEY` - Encryption key
 - Any user-provided API keys

lib/github/client.ts

@@ -17,11 +17,3 @@ export async function getOctokit(): Promise<Octokit> {
     auth: userToken || undefined,
   })
 }
-
-/**
- * @deprecated Use getOctokit() instead for per-user authentication
- * Legacy client using GITHUB_TOKEN env var - kept for backwards compatibility
- */
-export const octokit = new Octokit({
-  auth: process.env.GITHUB_TOKEN,
-})

lib/sandbox/config.ts

@@ -42,9 +42,9 @@ export function validateEnvironmentVariables(
   }
 
   // Check for GitHub token for private repositories
-  // Use user's token if provided, otherwise fall back to GITHUB_TOKEN
-  if (!githubToken && !process.env.GITHUB_TOKEN) {
-    errors.push('GITHUB_TOKEN is required for repository access. Please connect your GitHub account.')
+  // Use user's token if provided
+  if (!githubToken) {
+    errors.push('GitHub is required for repository access. Please connect your GitHub account.')
   }
 
   // Check for Vercel sandbox environment variables
@@ -67,18 +67,15 @@ export function validateEnvironmentVariables(
 }
 
 export function createAuthenticatedRepoUrl(repoUrl: string, githubToken?: string | null): string {
-  // Use user's token if provided, otherwise fall back to GITHUB_TOKEN
-  const token = githubToken || process.env.GITHUB_TOKEN
-
-  if (!token) {
+  if (!githubToken) {
     return repoUrl
   }
 
   try {
     const url = new URL(repoUrl)
     if (url.hostname === 'github.com') {
       // Add GitHub token for authentication
-      url.username = token
+      url.username = githubToken
       url.password = 'x-oauth-basic'
     }
     return url.toString()

lib/sandbox/creation.ts

@@ -340,27 +340,6 @@ export async function createSandbox(config: SandboxConfig, logger: TaskLogger):
       await logger.info('Git repository detected')
     }
 
-    // Add debugging information about Git state
-    await logger.info('Debugging Git repository state')
-    const gitStatusDebug = await runCommandInSandbox(sandbox, 'git', ['status', '--porcelain'])
-    await logger.info('Git status checked')
-
-    const gitBranchDebug = await runCommandInSandbox(sandbox, 'git', ['branch', '-a'])
-    await logger.info('Git branches checked')
-
-    const gitRemoteDebug = await runCommandInSandbox(sandbox, 'git', ['remote', '-v'])
-    await logger.info('Git remotes checked')
-
-    // Configure Git to use GitHub token for authentication
-    if (process.env.GITHUB_TOKEN) {
-      await logger.info('Configuring Git authentication with GitHub token')
-      await runCommandInSandbox(sandbox, 'git', ['config', 'credential.helper', 'store'])
-
-      // Create credentials file with GitHub token
-      const credentialsContent = `https://${process.env.GITHUB_TOKEN}:x-oauth-basic@github.com`
-      await runCommandInSandbox(sandbox, 'sh', ['-c', `echo "${credentialsContent}" > ~/.git-credentials`])
-    }
-
     let branchName: string
 
     if (config.existingBranchName) {