fix(shared): trim tokens in getTokenFromConfig to prevent broken git clone URLs (#1067)

msukkari · claude · web-flow · commit e381a38ceed1 · 2026-04-01T11:29:24.000-07:00
* fix(shared): trim tokens in getTokenFromConfig to prevent broken git clone URLs Tokens with trailing newlines (common with env vars, .env files, and cloud secrets) get URL-encoded as %0A, causing fatal git credential parse errors. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * docs: add CHANGELOG entry for #1067 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * changelog nit --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -12,6 +12,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Fixed
 - Fixed `GET /api/mcp` hanging with zero bytes by returning `405 Method Not Allowed` per the MCP Streamable HTTP spec [#1064](https://github.com/sourcebot-dev/sourcebot/pull/1064)
+- Fixed tokens with trailing newlines breaking git clone URLs by adding `.trim()` in `getTokenFromConfig()` [#1067](https://github.com/sourcebot-dev/sourcebot/pull/1067)
 
 ### Removed
 - Removed "general" settings page with options to change organization name and domain. [#1065](https://github.com/sourcebot-dev/sourcebot/pull/1065)
diff --git a/packages/shared/src/crypto.ts b/packages/shared/src/crypto.ts
@@ -107,7 +107,7 @@ export const getTokenFromConfig = async (token: Token): Promise<string> => {
             throw new Error(`Environment variable ${token.env} not found.`);
         }
 
-        return envToken;
+        return envToken.trim();
     } else if ('googleCloudSecret' in token) {
         try {
             const client = new SecretManagerServiceClient();
@@ -119,7 +119,7 @@ export const getTokenFromConfig = async (token: Token): Promise<string> => {
                 throw new Error(`Secret ${token.googleCloudSecret} not found.`);
             }
 
-            return response.payload.data.toString();
+            return response.payload.data.toString().trim();
         } catch (error) {
             throw new Error(`Failed to access Google Cloud secret ${token.googleCloudSecret}: ${error instanceof Error ? error.message : String(error)}`);
         }

Original file line number	Diff line number	Diff line change
`@@ -107,7 +107,7 @@ export const getTokenFromConfig = async (token: Token): Promise<string> => {`
`107`	`107`	throw new Error(`Environment variable ${token.env} not found.`);
`108`	`108`	`}`
`109`	`109`
`110`		`- return envToken;`
	`110`	`+ return envToken.trim();`
`111`	`111`	`} else if ('googleCloudSecret' in token) {`
`112`	`112`	`try {`
`113`	`113`	`const client = new SecretManagerServiceClient();`
`@@ -119,7 +119,7 @@ export const getTokenFromConfig = async (token: Token): Promise<string> => {`
`119`	`119`	throw new Error(`Secret ${token.googleCloudSecret} not found.`);
`120`	`120`	`}`
`121`	`121`
`122`		`- return response.payload.data.toString();`
	`122`	`+ return response.payload.data.toString().trim();`
`123`	`123`	`} catch (error) {`
`124`	`124`	throw new Error(`Failed to access Google Cloud secret ${token.googleCloudSecret}: ${error instanceof Error ? error.message : String(error)}`);
`125`	`125`	`}`