Support multiple-account auth in fj (per-invocation account/credential override) #157

New issue

Open

opened 2026-06-12 16:51:28 +00:00 by gerri · 0 comments

gerri commented 2026-06-12 16:51:28 +00:00

Member

Copy link

Problem

fj authenticates against rasterhub.com via a single git-credential helper tied to one account (here, the human operator stephen). Our agent fleet needs to post PR comments and formal reviews as a separate QA account (gerri) so agent activity is attributable and distinct from the operator, and so reviews on agent-authored PRs aren't blocked by "can't review your own pull." Today every fj action attributes to the default account, so we work around it by calling the Forgejo API directly with a PAT (e.g. POST /repos/{o}/{r}/pulls/{n}/reviews with Authorization: token <gerri-PAT>), bypassing fj entirely.

Request

Let fj select the account/credential per invocation, e.g.:

• an env var (FJ_TOKEN / FJ_ACCOUNT) and/or a --token / --account flag, and/or
• named credential profiles (fj auth login --account gerri; fj --account gerri pr review ...).

Default behavior unchanged when no override is given.

Must be flexible for BOTH account types (operator requirement)

The account model must not assume a single forge or a fjord-managed identity. Profiles must be keyed per (host, account), covering both:

• a fjord account (rasterhub.com / fjord-managed identity, e.g. stephen, gerri), and
• a standalone single-instance Forgejo account (an arbitrary host + token, not fjord-managed).

So an agent can act on a customer's independent Forgejo instance under that instance's own account, with credentials scoped to that (host, account) pair, while rasterhub.com fjord identities continue to work side by side. Selection (env/flag/profile) resolves the right token for the target host + chosen account.

Acceptance

• fj pr review / fj pr comment / fj issue create can post as a specified non-default account given that account's token.
• The default (box-helper) account is used when no override is set.
• Per-(host, account) profiles: both fjord (rasterhub.com) and standalone arbitrary-host Forgejo accounts are selectable, with credentials scoped to the host they belong to.
• Token/account never logged.

Use case

Multi-agent fleet on usw-dev-01: lanes post QA reviews as gerri, the lead/operator act as stephen. Agents may also need to act on a customer's independent Forgejo instance under its own standalone account. Filed by gerri to dogfood the need.

## Problem `fj` authenticates against rasterhub.com via a single git-credential helper tied to one account (here, the human operator `stephen`). Our agent fleet needs to post PR comments and **formal reviews** as a separate QA account (`gerri`) so agent activity is attributable and distinct from the operator, and so reviews on agent-authored PRs aren't blocked by "can't review your own pull." Today every `fj` action attributes to the default account, so we work around it by calling the Forgejo API directly with a PAT (e.g. `POST /repos/{o}/{r}/pulls/{n}/reviews` with `Authorization: token <gerri-PAT>`), bypassing `fj` entirely. ## Request Let `fj` select the account/credential per invocation, e.g.: - an env var (`FJ_TOKEN` / `FJ_ACCOUNT`) and/or a `--token` / `--account` flag, and/or - named credential profiles (`fj auth login --account gerri`; `fj --account gerri pr review ...`). Default behavior unchanged when no override is given. ### Must be flexible for BOTH account types (operator requirement) The account model must not assume a single forge or a fjord-managed identity. Profiles must be keyed per **(host, account)**, covering both: - a **fjord account** (rasterhub.com / fjord-managed identity, e.g. `stephen`, `gerri`), and - a **standalone single-instance Forgejo account** (an arbitrary host + token, not fjord-managed). So an agent can act on a customer's independent Forgejo instance under that instance's own account, with credentials scoped to that `(host, account)` pair, while rasterhub.com fjord identities continue to work side by side. Selection (env/flag/profile) resolves the right token for the target host + chosen account. ## Acceptance - `fj pr review` / `fj pr comment` / `fj issue create` can post as a specified non-default account given that account's token. - The default (box-helper) account is used when no override is set. - Per-(host, account) profiles: both fjord (rasterhub.com) and standalone arbitrary-host Forgejo accounts are selectable, with credentials scoped to the host they belong to. - Token/account never logged. ## Use case Multi-agent fleet on usw-dev-01: lanes post QA reviews as `gerri`, the lead/operator act as `stephen`. Agents may also need to act on a customer's independent Forgejo instance under its own standalone account. Filed by gerri to dogfood the need.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

wip/claude-1/rasterstate-fj

feat/166-lock-unlock

wip/codex-4/rasterstate-fj

feat/168-rerun-failed

feat/169-repo-collaborator

feat/172-create-template

feat/164-pr-merge-auto

wip/claude-2/rasterstate-fj

feat/170-list-filters

feat/171-color-control

feat/165-pr-create-fill

feat/165-pr-create-fill-codex

wip/claude-3/rasterstate-fj

wip/codex-2/rasterstate-fj

fix/123-extend-friendly-errors-409-422

fix/159-merge-reason

wip/claude-4/rasterstate-fj

fix/158-issue-add-assignee-endpoint

fix/147b-keychain-noentry-fallback

feat/147-file-token-store

feat/133-release-scripting

feat/139-workflow-run-handle

feat/140-body-file

fix/pr-comment-test-green

wip/codex-3/rasterstate-fj

feat/137-org-secrets-vars

feat/132-tag-branch-refs

feat/138-run-list-filters

feat/131-pr-comment-edit

feat/134-error-ux-exit-codes

feat/136-api-body-input

feat/135-run-exit-status

feat/113-pr-list-filters

fix/111-list-paginate

fix/112-json-readonly

feat/114-pr-labels

fix/115-version-pipe

fix/91-runlog-auth-error

feat/98-issue-edit-labels

fix/96-keychain-fallback

feat/97-issue-create-labels

fix/99-readme-json-global

fix/alias-quoted-args

fix/remote-scp-colon-owner

harden/hostname-validation

fix/json-path-numeric-object-keys

fix/debug-body-preview-utf8-panic

wip/codex-1/rasterstate-fj

readme-drop-github

feat/stack-review-enriched

feat/stack-sync

feat/stack-new-real

feat/work-context-enriched

feat/agent-review-impl

feat/agent-explain-impl

feat/agent-provider

feat/stack-review

feat/stack-new

feat/work-continue

feat/work-resume-session

feat/work-context-impl

feat/work-stack-agent-commands

adopt-fjord-actions

ci/coverage-strict-gate

refactor/coverage-region-exclude

refactor/converge-json-path

refactor/split-client-resolve

test/api-coverage-round4

test/api-coverage-round3

test/cov-ignore-drift-guard

test/e2e-smoke-coverage

test/command-tree-guard

refactor/split-workflow-artifacts

chore/coverage-intent-config

test/api-label-milestone-hook

test/output-and-repo-core

refactor/split-issue-comments

refactor/split-repo-social

refactor/split-pr-module

test/api-wiremock

test/backfill-pure-helpers

cleanup/hoist-truncate-human-size

feat/run-download-and-workflow-list

feat/parity-followups

feat/actions-logs-and-gh-parity

sso-pat-guidance

test/observability-smoke

v0.2.0

v0.1.3

v0.1.2

v0.1.1

v0.1.0

Labels

Clear labels   

backlog

Accepted but not scheduled

  

blocked

Blocked or stalled waiting on external progress

  

converted

Converted into tracked work

  

opportunity

Potential product or business opportunity

  

p1

Priority 1

  

p2

Priority 2

  

p3

Priority 3

  

parked

Paused intentionally until later

No labels

backlog

blocked

converted

opportunity

p1

p2

p3

parked

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

rasterstate/fj#157

No description provided.