feat(cloud-agent): commit as yourself instead of the Kilo bot

[eshurakov]

Summary

• Add GitHub user-to-server authorization through the existing Kilo GitHub App so Cloud Agent sessions can perform Git transport and GitHub API actions as the signed-in user instead of the installation bot.
• Keep persisted GitHub user credentials in git-token-service: Web encrypts new authorizations with a public-key envelope, while the Worker owns private-key decryption, refresh, disconnect, revocation, and serialized token mutation.

Verification

• Tested the GitHub personal-authorization flow locally through the web UI across different scenarios.
• Verified the Cloud Agent identity setup tip locally in the browser and refined its placement, centering, and dismissal behavior.
• Verified local connect and disconnect behavior against the GitHub user-authorization flow.

Visual Changes

Tip when you pick a repo and personal account is not connected

Integration

Bot is a co-author

[kilo-code-bot]

Code Review Summary

Status: 1 Issue Remaining (Acknowledged, Deferred) | Recommendation: Merge

Executive Summary

The new commit (9b22778af) adds correct handling for stale/terminal refresh tokens during disconnect, with full test coverage. No new issues found.

Changes in latest commit (incremental review)

services/git-token-service/src/github-user-authorization-service.ts

• New DisconnectRefreshResult union type (AuthorizationRow | 'terminal_refresh_token' | null) cleanly models the three outcomes.
• refreshAuthorizationForDisconnect now returns 'terminal_refresh_token' when the refresh token is already expired (by timestamp) or GitHub rejects it with { error: 'bad_refresh_token' }.
• The caller (disconnectUserAuthorization) correctly deletes the row when both access and refresh tokens are definitively expired/invalid, and correctly throws (preserving the row) when the access token is still valid but unrevokable.
• JSON body is parsed once before the response.ok guard — intentional and correct, as GitHub's token endpoint returns 200 with error fields.

services/git-token-service/src/github-user-authorization-service.test.ts

• Four new tests covering: both tokens expired (skip fetch, delete), access expired + GitHub rejects refresh token (delete), unexpired access + expired refresh (retain row, throw), and 422-revocation followed by transient refresh failure (retain row, throw). All scenarios match the updated logic.

Carried-forward issue (unchanged file, deferred by author)

File	Line	Issue
services/git-token-service/src/github-user-authorization-service.ts	448	SUGGESTION (deferred): refreshAuthorizationForDisconnect and refreshAuthorization remain near-identical — only difference is error vs null on DB update conflict. A throwOnConflict flag or shared helper would reduce divergence risk. PR author has acknowledged and deferred to a follow-up.

Files Reviewed (59 files)

• services/git-token-service/src/github-user-authorization-service.ts — 1 suggestion (deferred) ✓
• services/git-token-service/src/github-user-authorization-service.test.ts — New tests verified ✓
• services/cloud-agent-next/src/workspace.ts — Shell injection fix verified ✓
• services/cloud-agent-next/src/workspace.test.ts — Shell injection tests verified ✓
• All other files from previous review — no issues ✓

---

_{Reviewed by claude-4.6-sonnet-20260217 · 528,871 tokens}

_{Review guidance: REVIEW.md from base branch main}

[jeanduplessis]

Reviewed the final combined diff. Solid security posture overall: the webhook signature is verified before the new github_app_authorization revocation branch, timingSafeEqual guards the length/empty-secret bypass, the AAD-bound RSA-AES envelope matches exactly between Web encrypt and Worker decrypt/refresh, both unique indexes back the upsert, the co-author hook + auto-commit trailer are idempotent, and GDPR soft-delete now covers user_github_app_tokens with a test.

One concrete edge-case bug (inline): disconnecting an authorization with expired/dead tokens returns 502 permanently and never removes the local row, leaving the user unable to disconnect or reconnect.

Two non-blocking suggestions:

• refreshAuthorizationForDisconnect duplicates ~50 lines of refreshAuthorization (already acknowledged/deferred — fine to leave).
• sanitizeGitOutput is duplicated across the src and wrapper bundles and can silently drift if a new credential-username scheme is added to only one regex; consider sharing it.