Skip to content

[dev] [Marfuen] mariano/gcp-refresh #1901

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
github-actions wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[dev] [Marfuen] mariano/gcp-refresh #1901

github-actions wants to merge 1 commit into from

Conversation

@github-actions
Copy link
Contributor

@github-actions github-actions bot commented Dec 11, 2025

This is an automated pull request to merge mariano/gcp-refresh into dev.
It was created by the [Auto Pull Request] action.

@vercel
Copy link

vercel bot commented Dec 11, 2025

The latest updates on your projects. Learn more about Vercel for GitHub.

2 Skipped Deployments
Project Deployment Preview Comments Updated (UTC)
app Skipped Skipped Dec 11, 2025 5:02pm
portal Skipped Skipped Dec 11, 2025 5:02pm

@cursor
Copy link

cursor bot commented Dec 11, 2025
edited
Loading

PR Summary

Improves OAuth token handling by checking refresh needs, obtaining a valid access token, adding detailed logs, and failing fast on missing tokens during cloud security scans.

  • Backend
    • Cloud Security (apps/api/src/cloud-security/cloud-security.service.ts)
      • OAuth token management:
        • Check needsRefresh via credentialVaultService.needsRefresh and log result.
        • Acquire valid token with getValidAccessToken (supports refresh); error-log and return failure if unavailable.
        • Log whether a refreshed or existing token is used.
        • Update decrypted credentials with fresh access_token before scanning.
      • Error handling/logging: More explicit logs for token retrieval failures.

Written by Cursor Bugbot for commit 886f5ff. This will update automatically on new commits. Configure here.

@graphite-app graphite-app bot requested a review from Marfuen December 11, 2025 17:02
@graphite-app
Copy link

graphite-app bot commented Dec 11, 2025

Graphite Automations

"Auto-assign PRs to Author" took an action on this PR • (12/11/25)

1 reviewer was added to this PR based on Mariano Fuentes's automation.

cursor[bot]
cursor bot reviewed Dec 11, 2025
View reviewed changes
apps/api/src/cloud-security/cloud-security.service.ts

this.logger.log(
`Using ${needsRefresh ? 'refreshed' : 'existing'} access token for ${providerSlug}`,
);
Copy link

@cursor cursor bot Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Misleading log message after failed token refresh

The log message uses the needsRefresh variable captured earlier to determine whether to say "refreshed" or "existing" token. However, getValidAccessToken can fail to refresh and fall back to returning the existing token. In this case, needsRefresh would be true but the actual token returned is the existing (not refreshed) one. The log would incorrectly say "Using refreshed access token" when it's actually the existing potentially-expiring token.

Fix in Cursor Fix in Web

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

@Marfuen Marfuen Awaiting requested review from Marfuen

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

automated-pr

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Marfuen