Skip to content

fix: proxy auth cleanup & lockfile hygiene#345

Merged
davideast merged 3 commits intomainfrom
fix/proxy-auth-cleanup
Apr 23, 2026
Merged

fix: proxy auth cleanup & lockfile hygiene#345
davideast merged 3 commits intomainfrom
fix/proxy-auth-cleanup

Conversation

@davideast
Copy link
Copy Markdown
Collaborator

@davideast davideast commented Apr 23, 2026

fix: proxy auth cleanup & lockfile hygiene

Fixes a duplicated auth pattern, an unsafe non-null assertion, and a split-brain lockfile that broke ADK tests in CI.

Changes

1. Extract shared buildAuthHeaders utility

Files: src/auth.ts (new), src/client.ts, src/proxy/client.ts

PR #314 introduced a second buildAuthHeaders function in the proxy module that duplicated the logic already in StitchToolClient. Both are now backed by a single shared utility in src/auth.ts.

The shared function also includes a defensive throw when neither apiKey nor accessToken is provided, replacing the unsafe config.apiKey! non-null assertion from #314.

// src/auth.ts — single source of truth
export function buildAuthHeaders(opts: AuthHeaderOptions): Record<string, string> {
  if (opts.apiKey) return { 'X-Goog-Api-Key': opts.apiKey };
  if (opts.accessToken) { /* Bearer + quota project */ }
  throw new Error('No authentication credentials provided.');
}

2. Sync bun.lock with devDependencies from #253

File: bun.lock

PR #253 (ADK support) added @google/adk and @google/genai to devDependencies and updated package-lock.json — but this repo uses Bun (packageManager: bun@1.3.1) and CI runs bun install. The bun.lock was never updated, so these packages were never installed, causing all 5 ADK tests to fail with Cannot find module '@google/adk'.

3. Remove package-lock.json, gitignore it

Files: package-lock.json (deleted), .gitignore

Having two lockfiles is the root cause of issue #2. The package-lock.json misled the #253 contributor into thinking npm install was sufficient. Removing it and adding it to .gitignore ensures all contributors use bun install and only bun.lock is the source of truth.

Test plan

  • tsc --noEmit — clean
  • vitest run147 tests passing (20 test files, 0 failures)
  • ADK tests specifically pass: adk-adapter.test.ts (3), adk-subpath.test.ts (2)
  • Proxy auth tests pass unchanged (14 tests from feat(proxy): support accessToken auth alongside apiKey #314)
  • SDK client auth tests pass unchanged (21 tests)

@davideast
refactor: extract shared buildAuthHeaders to eliminate duplication
d614b8e 
Creates src/auth.ts with a shared buildAuthHeaders() utility that
replaces the duplicated auth header logic in both StitchToolClient
(client.ts) and StitchProxy (proxy/client.ts).

The shared function includes a defensive throw when neither apiKey
nor accessToken is provided, removing the unsafe config.apiKey!
non-null assertion from PR #314.

Follow-up to #314.
@davideast
fix: sync bun.lock with devDependencies added in #253
dbcb542 
PR #253 (ADK support) added @google/adk and @google/genai to
devDependencies and updated package-lock.json, but did not run
bun install to update bun.lock. Since CI uses bun install (reading
bun.lock), these packages were never installed, causing adk tests
to fail with 'Cannot find module @google/adk'.
@davideast
chore: remove package-lock.json, gitignore it
1c78a67 
This repo uses Bun (packageManager: bun@1.3.1) and CI runs bun install.
The stale package-lock.json misled PR #253 into thinking npm install
was sufficient, causing devDependencies to go unresolved in CI.

Single lockfile (bun.lock) prevents split-brain dependency resolution.
@davideast davideast merged commit bbacfbb into main Apr 23, 2026
6 checks passed
@davideast davideast deleted the fix/proxy-auth-cleanup branch April 23, 2026 23:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@davideast