fix: preserve refresh token when server omits it from refresh response

[elijahr]

Test PR to verify CI runs. See upstream PR: anomalyco#47

[gemini-code-assist]

Summary of Changes

Hello @elijahr, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses a critical bug where the OAuth refresh token could be inadvertently discarded if the authentication server did not explicitly return it during a token refresh operation. Beyond this crucial fix, the PR significantly enhances the project's test coverage by introducing a detailed suite of unit tests. These tests validate various aspects of the Anthropic authentication plugin, including its token management, how it modifies API requests (e.g., headers, tool names), and its handling of system prompts. The integration of Bun for testing further streamlines the development workflow.

Highlights

• OAuth Refresh Token Preservation: Implemented a fix to ensure the existing refresh token is preserved if the authentication server's refresh response omits a new one, preventing token loss during refresh operations.
• Comprehensive Test Suite Introduction: A new, extensive suite of unit tests (index.test.mjs) has been added, covering critical functionalities such as various token refresh scenarios, request header manipulation, tool name prefixing/stripping, system prompt sanitization, OAuth exchange processes, and model cost zeroing.
• Bun Test Integration: The project's package.json has been updated to include a bun test script, formalizing the use of Bun as the test runner for the project.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• bun.lock
  • Added configVersion: 0 entry to the lockfile.
• index.mjs
  • Modified refresh token handling to use the existing auth.refresh token if json.refresh_token is not provided by the server during a token refresh.
• index.test.mjs
  • Added a new file containing comprehensive unit tests for the AnthropicAuthPlugin.
  • Tests cover scenarios such as preserving refresh tokens, using new refresh tokens, handling refresh failures, preventing unnecessary refreshes, refreshing with missing access tokens, setting OAuth headers, preserving custom beta headers, prefixing/stripping tool names, sanitizing system prompts, and handling OAuth exchange success/failure.
• package.json
  • Incremented package version from 0.0.13 to 0.0.14.
  • Added a scripts section with a test command: "test": "bun test".

Ignored Files

• Ignored by pattern: .github/workflows/** (1)
  • .github/workflows/test.yml

Activity

• This pull request is explicitly marked as a "Test PR to verify CI runs," indicating its primary purpose is to validate the continuous integration pipeline.
• It references an upstream pull request (fix: preserve refresh token when server omits it from refresh response anomalyco/opencode-anthropic-auth#47) where the main development work likely occurred.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request correctly addresses an issue where the refresh token was not preserved if the server's refresh response omitted it. The change in index.mjs using the nullish coalescing operator is concise and effective. I'm particularly impressed with the addition of index.test.mjs, which provides a comprehensive suite of tests covering not only the fix but also various other aspects of the plugin's functionality. The new tests are well-structured and cover positive, negative, and edge cases for token refreshing. The updates to package.json and bun.lock are also appropriate. Overall, this is a high-quality contribution.