🩹 [Patch]: Prevent Concurrent Access Token Refresh with Mutex Lock

[Copilot]

Problem

When multiple runspaces concurrently call functions utilizing Invoke-GitHubAPI, there's a risk of triggering multiple simultaneous refresh attempts of the same context's GitHub access token. This concurrency leads to race conditions, redundant token refreshes, and potential conflicts or errors.

Solution

Implemented synchronization using System.Threading.Mutex to ensure only a single refresh operation per context occurs at a time:

Key Features

• Context-specific named mutexes: Each context gets a unique mutex name "GitHubTokenRefresh_{ContextID}" with character sanitization for filesystem compatibility
• 30-second timeout: Reasonable timeout with graceful fallback if mutex acquisition fails
• Double-check pattern: After acquiring the mutex, re-validates if refresh is still needed (another process might have already completed it)
• Proper resource management: Uses try/finally blocks to guarantee mutex release and disposal

Implementation Details

# Create a unique mutex name for this context
$mutexName = "GitHubTokenRefresh_$($Context.ID -replace '[\\/:*?"<>|]', '_')"
$mutex = New-Object System.Threading.Mutex($false, $mutexName)

try {
    $mutexAcquired = $mutex.WaitOne(30000) # 30 second timeout
    
    # Double-check if we still need to refresh after acquiring the mutex
    if ($accessTokenValidity.TotalHours -gt $script:GitHub.Config.AccessTokenGracePeriodInHours) {
        return # Another process already refreshed it
    }
    
    # Proceed with token refresh...
} finally {
    # Always release and dispose mutex
    if ($mutexAcquired -and $mutex) { $mutex.ReleaseMutex() }
    if ($mutex) { $mutex.Dispose() }
}

Benefits

• ✅ Eliminates race conditions: Only one token refresh per context at a time
• ✅ Prevents redundant API calls: Subsequent processes wait and reuse refreshed tokens
• ✅ Maintains backward compatibility: No breaking changes to function signatures
• ✅ Robust error handling: Graceful handling of mutex timeouts and disposal errors
• ✅ Resource safety: Proper cleanup prevents mutex leaks

Testing

Added comprehensive unit tests covering:

• Mutex creation and disposal
• Character sanitization for context IDs
• Code structure verification (try/finally blocks, double-check pattern)
• Syntax validation

The implementation successfully addresses the concurrent token refresh issue while maintaining full backward compatibility with existing code.

Fixes #392.

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.