[Bug]: Git integration treats 1Password shell-plugin gh auth as unauthenticated

[harshPPatel]

Before submitting

• I searched existing issues and did not find a duplicate.
• I included enough detail to reproduce or investigate the problem.

Area

apps/server

Steps to reproduce

1. Configure GitHub CLI through 1Password Shell Plugins, not through gh auth login.
2. Confirm the plugin is working in Terminal:

op plugin inspect gh

Expected output includes:

✔ Alias for "gh" configured
✔ Aliases sourced (/Users/<user>/.config/op/plugins.sh)
✔ Configured as global default:
GitHub Personal Access Token ...

3. In Terminal, gh is provided by the 1Password alias, e.g.:

type gh

Output:

gh is an alias for op plugin run -- gh

4. Start T3 Code desktop app version 0.0.20.
5. Open a repo with GitHub remote and use a Git action that needs gh integration, or wait for PR/status-related GitHub checks.
6. Observe the toast/error from the app.

Expected behavior

T3 Code should either:

• support 1Password shell-plugin-backed gh authentication, or
• detect that gh auth is shell-plugin-based and show a precise message explaining that direct gh execution in the app does not currently inherit shell-plugin auth.

It should not generically instruct the user to run gh auth login when the user has a valid 1Password shell-plugin setup.

Actual behavior

The app reports:

GitHub CLI failed in execute: GitHub CLI is not authenticated. Run `gh auth login` and retry.

This is misleading for users whose gh auth is provided by 1Password Shell Plugins.

Impact

Major degradation or frequent failure

Version or commit

0.0.20

Environment

macOS, T3 Code desktop app 0.0.20, GitHub CLI via 1Password Shell Plugins, zsh, gh configured as alias to op plugin run -- gh

Logs or stack traces

You can paste these:


Toast shown by app:
GitHub CLI failed in execute: GitHub CLI is not authenticated. Run `gh auth login` and retry.



$ op plugin inspect gh
GitHub CLI

Configured Aliases

✔ Alias for "gh" configured
✔ Aliases sourced (/Users/hpatel/.config/op/plugins.sh)

Configured Credentials

✔ Configured as global default:
CREDENTIAL TYPE                 ITEM                                           VAULT
GitHub Personal Access Token    1Password CLI: GitHub Personal Access Token    Personal



$ type gh
gh is an alias for op plugin run -- gh


Optional extra detail if useful:

$ gh auth status
You are not logged into any GitHub hosts. To log in, run: gh auth login

That last command is the important distinction: direct gh is unauthenticated, but shell-plugin gh is configured.

Screenshots, recordings, or supporting files

Screenshot 2026-04-18 at 3.42.02 PM.png

Workaround

Use standalone GitHub CLI auth instead of the 1Password shell plugin:

gh auth login

Or otherwise provide GH_TOKEN directly to the app/server process.

Useful implementation notes for the team

From code inspection:

• The app invokes gh directly via runProcess("gh", ...) in [GitHubCli.ts · L104].
• Desktop shell env sync only imports a small set of variables like PATH and SSH_AUTH_SOCK, not shell aliases/functions, in [syncShellEnvironment.ts · L19].
• The current error normalization hardcodes the guidance to run gh auth login in [GitHubCli.ts · L29].
• GitHub status/PR checks are also used in background polling, so blindly switching everything to op plugin run -- gh may cause unwanted auth prompts during passive refresh in [GitStatusBroadcaster.ts · L29].