bugfix-309-setup-crash: Refactor CLI token handling to prioritize command line input, enhancing user guidance on token requirements. Update tests to ensure correct behavior for token validation and fallback mechanisms.

Author: efraespada

build/cli/index.js

@@ -47651,9 +47651,11 @@ program
         process.exit(1);
     }
     (0, logger_1.logInfo)(`📦 Repository: ${gitInfo.owner}/${gitInfo.repo}`);
-    if (!(0, setup_files_1.hasValidSetupToken)(cwd)) {
+    const hasTokenFromCli = Boolean(options.token && String(options.token).trim());
+    if (!hasTokenFromCli && !(0, setup_files_1.hasValidSetupToken)(cwd)) {
         (0, logger_1.logError)('🛑 Setup requires PERSONAL_ACCESS_TOKEN with a valid token.');
         (0, logger_1.logInfo)('   You can:');
+        (0, logger_1.logInfo)('   • Pass it on the command line: copilot setup --token <your_github_token>');
         (0, logger_1.logInfo)('   • Add it to your environment: export PERSONAL_ACCESS_TOKEN=your_github_token');
         if ((0, setup_files_1.setupEnvFileExists)(cwd)) {
             (0, logger_1.logInfo)('   • Or add PERSONAL_ACCESS_TOKEN=your_github_token to your existing .env file');

src/__tests__/cli.test.ts

@@ -34,13 +34,7 @@ jest.mock('../data/repository/ai_repository', () => ({
   })),
 }));
 
-jest.mock('../utils/setup_files', () => {
-  const actual = jest.requireActual<typeof import('../utils/setup_files')>('../utils/setup_files');
-  return {
-    ...actual,
-    hasValidSetupToken: jest.fn((cwd: string) => actual.hasValidSetupToken(cwd)),
-  };
-});
+jest.mock('../utils/setup_files', () => jest.requireActual<typeof import('../utils/setup_files')>('../utils/setup_files'));
 
 describe('CLI', () => {
   let exitSpy: jest.SpyInstance;
@@ -291,9 +285,6 @@ describe('CLI', () => {
     });
 
     it('proceeds when --token is provided even if env/.env has no token', async () => {
-      const { hasValidSetupToken } = require('../utils/setup_files');
-      (hasValidSetupToken as jest.Mock).mockReturnValue(false);
-
       await program.parseAsync(['node', 'cli', 'setup', '--token', 'ghp_abcdefghijklmnopqrstuvwxyz12']);
 
       expect(exitSpy).not.toHaveBeenCalled();

src/cli.ts

@@ -6,7 +6,7 @@ import * as dotenv from 'dotenv';
 import { runLocalAction } from './actions/local_action';
 import { IssueRepository } from './data/repository/issue_repository';
 import { ACTIONS, ERRORS, INPUT_KEYS, OPENCODE_DEFAULT_MODEL, TITLE } from './utils/constants';
-import { getSetupToken, hasValidSetupToken, setupEnvFileExists } from './utils/setup_files';
+import { getSetupToken, setupEnvFileExists } from './utils/setup_files';
 import { logError, logInfo } from './utils/logger';
 import { getCliDoPrompt } from './prompts';
 import { Ai } from './data/model/ai';
@@ -444,8 +444,8 @@ program
     }
     logInfo(`📦 Repository: ${gitInfo.owner}/${gitInfo.repo}`);
 
-    const hasTokenFromCli = Boolean(options.token && String(options.token).trim());
-    if (!hasTokenFromCli && !hasValidSetupToken(cwd)) {
+    const token = getSetupToken(cwd, options.token);
+    if (!token) {
       logError('🛑 Setup requires PERSONAL_ACCESS_TOKEN with a valid token.');
       logInfo('   You can:');
       logInfo('   • Pass it on the command line: copilot setup --token <your_github_token>');
@@ -464,7 +464,7 @@ program
       [INPUT_KEYS.DEBUG]: options.debug.toString(),
       [INPUT_KEYS.SINGLE_ACTION]: ACTIONS.INITIAL_SETUP,
       [INPUT_KEYS.SINGLE_ACTION_ISSUE]: 1,
-      [INPUT_KEYS.TOKEN]: options.token || process.env.PERSONAL_ACCESS_TOKEN || getSetupToken(cwd),
+      [INPUT_KEYS.TOKEN]: token,
       repo: {
         owner: gitInfo.owner,
         repo: gitInfo.repo,

src/data/model/__tests__/project_detail.test.ts

@@ -49,5 +49,16 @@ describe('ProjectDetail', () => {
       const p = new ProjectDetail({ type: 'user', owner: 'jane', number: 3 });
       expect(p.publicUrl).toBe('https://github.com/users/jane/projects/3');
     });
+
+    it('returns empty string when number is invalid (missing or <= 0)', () => {
+      const pEmpty = new ProjectDetail({ type: 'organization', owner: 'acme' });
+      expect(pEmpty.publicUrl).toBe('');
+
+      const pZero = new ProjectDetail({ type: 'organization', owner: 'acme', number: 0 });
+      expect(pZero.publicUrl).toBe('');
+
+      const pNegative = new ProjectDetail({ type: 'organization', owner: 'acme', number: -1 });
+      expect(pNegative.publicUrl).toBe('');
+    });
   });
 });

src/data/model/project_detail.ts

@@ -19,11 +19,15 @@ export class ProjectDetail {
     /**
      * Returns the full public URL to the project (board).
      * Uses the URL from the API when present and valid; otherwise builds it from owner, type and number.
+     * Returns empty string when project number is invalid (e.g. missing from API).
      */
     get publicUrl(): string {
         if (this.url && typeof this.url === 'string' && this.url.startsWith('https://')) {
             return this.url;
         }
+        if (typeof this.number !== 'number' || this.number <= 0) {
+            return '';
+        }
         const path = this.type === 'organization' ? 'orgs' : 'users';
         return `https://github.com/${path}/${this.owner}/projects/${this.number}`;
     }

src/utils/__tests__/setup_files.test.ts

@@ -224,6 +224,18 @@ describe('setup_files', () => {
       fs.writeFileSync(path.join(tmpDir, '.env'), 'PERSONAL_ACCESS_TOKEN=ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx');
       expect(hasValidSetupToken(tmpDir)).toBe(true);
     });
+
+    it('returns true when valid override is passed (e.g. CLI --token)', () => {
+      delete process.env[ENV_TOKEN_KEY];
+      expect(hasValidSetupToken(tmpDir, 'ghp_override_token_xxxxxxxxxxxxxxxxxx')).toBe(true);
+    });
+
+    it('falls back to env/.env when override is invalid (placeholder or too short)', () => {
+      delete process.env[ENV_TOKEN_KEY];
+      fs.writeFileSync(path.join(tmpDir, '.env'), 'PERSONAL_ACCESS_TOKEN=ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx');
+      expect(hasValidSetupToken(tmpDir, 'github_pat_11..')).toBe(true);
+      expect(hasValidSetupToken(tmpDir, 'short')).toBe(true);
+    });
   });
 
   describe('getSetupToken', () => {
@@ -244,6 +256,20 @@ describe('setup_files', () => {
       fs.writeFileSync(path.join(tmpDir, '.env'), 'PERSONAL_ACCESS_TOKEN=github_pat_11..');
       expect(getSetupToken(tmpDir)).toBeUndefined();
     });
+
+    it('returns valid override first (CLI token priority)', () => {
+      delete process.env[ENV_TOKEN_KEY];
+      fs.writeFileSync(path.join(tmpDir, '.env'), 'PERSONAL_ACCESS_TOKEN=ghp_from_env_file_xxxxxxxxxxxxxxxxxx');
+      expect(getSetupToken(tmpDir, 'ghp_cli_token_xxxxxxxxxxxxxxxxxxxxxxxx')).toBe('ghp_cli_token_xxxxxxxxxxxxxxxxxxxxxxxx');
+    });
+
+    it('falls back to env then .env when override is invalid', () => {
+      process.env[ENV_TOKEN_KEY] = 'ghp_from_env_xxxxxxxxxxxxxxxxxxxxxxxxxx';
+      fs.writeFileSync(path.join(tmpDir, '.env'), 'PERSONAL_ACCESS_TOKEN=ghp_from_file_xxxxxxxxxxxxxxxxxxxx');
+      expect(getSetupToken(tmpDir, 'github_pat_11..')).toBe('ghp_from_env_xxxxxxxxxxxxxxxxxxxxxxxxxx');
+      delete process.env[ENV_TOKEN_KEY];
+      expect(getSetupToken(tmpDir, 'short')).toBe('ghp_from_file_xxxxxxxxxxxxxxxxxxxx');
+    });
   });
 
   describe('setupEnvFileExists', () => {

src/utils/setup_files.ts

@@ -129,18 +129,19 @@ export function ensureEnvWithToken(cwd: string): void {
 
 function isTokenValueValid(token: string): boolean {
   const t = token.trim();
-  return (
-    t.length >= MIN_VALID_TOKEN_LENGTH &&
-    t !== ENV_PLACEHOLDER_VALUE &&
-    !t.startsWith('github_pat_11..')
-  );
+  return t.length >= MIN_VALID_TOKEN_LENGTH && t !== ENV_PLACEHOLDER_VALUE;
 }
 
 /**
- * Returns the PERSONAL_ACCESS_TOKEN to use for setup (from environment or .env in cwd).
- * Same resolution order as hasValidSetupToken; returns undefined if no valid token is found.
+ * Resolves the PERSONAL_ACCESS_TOKEN for setup from a single priority order:
+ * 1. override (e.g. CLI --token) if provided and valid,
+ * 2. process.env.PERSONAL_ACCESS_TOKEN,
+ * 3. .env file in cwd.
+ * Returns undefined if no valid token is found.
  */
-export function getSetupToken(cwd: string): string | undefined {
+export function getSetupToken(cwd: string, override?: string): string | undefined {
+  const overrideTrimmed = override?.trim();
+  if (overrideTrimmed && isTokenValueValid(overrideTrimmed)) return overrideTrimmed;
   const fromEnv = process.env[ENV_TOKEN_KEY]?.trim();
   if (fromEnv && isTokenValueValid(fromEnv)) return fromEnv;
   const envPath = path.join(cwd, '.env');
@@ -150,11 +151,11 @@ export function getSetupToken(cwd: string): string | undefined {
 }
 
 /**
- * Returns true if PERSONAL_ACCESS_TOKEN is available and looks like a real token
- * (from environment or .env), not the placeholder. Setup should only continue when this is true.
+ * Returns true if a valid setup token is available (same resolution order as getSetupToken).
+ * Pass an optional override (e.g. CLI --token) so validation considers all sources consistently.
  */
-export function hasValidSetupToken(cwd: string): boolean {
-  return getSetupToken(cwd) !== undefined;
+export function hasValidSetupToken(cwd: string, override?: string): boolean {
+  return getSetupToken(cwd, override) !== undefined;
 }
 
 /** Returns true if a .env file exists in the given directory. */