fix(opencode): serialize concurrent auth.json writes#36362
Open
1837620622 wants to merge 1 commit into
Open
Conversation
Auth.set/remove used an unlocked read-modify-write of auth.json, so parallel logins could clobber each other and silently drop providers. Serialize mutations with a process-local semaphore (same pattern as snapshot/edit locks) so concurrent sets all survive. Closes anomalyco#30396
Author
|
Review ping when convenient 🙏 Serializes concurrent |
CreatorGhost
added a commit
to CreatorGhost/TheCode
that referenced
this pull request
Jul 12, 2026
Addresses CodeRabbit review finding on the anomalyco#36362 port.
CreatorGhost
added a commit
to CreatorGhost/TheCode
that referenced
this pull request
Jul 12, 2026
Addresses CodeRabbit review finding on the anomalyco#36362 port.
CreatorGhost
added a commit
to CreatorGhost/TheCode
that referenced
this pull request
Jul 12, 2026
* fix(opencode): serialize concurrent auth.json writes Ported from upstream anomalyco#36362. * test(auth): cover concurrent set/remove interaction Addresses CodeRabbit review finding on the anomalyco#36362 port.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Issue for this PR
Closes #30396
Type of change
What does this PR do?
Auth.set/Auth.removeperformed an unlocked read-modify-write ofauth.json:Two concurrent
set()calls read the same snapshot, so the second write overwrites the first and a provider silently vanishes. Parallel provider logins (or app startup that persists multiple keys) hit this.Minimal fix: serialize mutations with
Semaphore.makeUnsafe(1)+lock.withPermits(1)(...)in the Auth layer (same in-process pattern as snapshot/edit locks). Reads (get/all) stay lock-free.Source evidence (current
dev)packages/opencode/src/auth/index.ts—set/removehad no mutual exclusion around RMWAuth.setcalls must leave all three keysHow did you verify your code works?
set is safe under concurrent callsinpackages/opencode/test/auth/auth.test.tsbun test test/auth/auth.test.ts— 5 pass (including concurrent set)Author
35034498+1837620622@users.noreply.github.com(GitHub-verified noreply)Checklist
Closes #30396)