Skip to content

fix: promptContinue prevents TUI from overwriting quota/verify output#583

Closed
amartidandqdq wants to merge 1 commit into
NoeFabris:mainfrom
amartidandqdq:fix/tui-prompt-continue
Closed

fix: promptContinue prevents TUI from overwriting quota/verify output#583
amartidandqdq wants to merge 1 commit into
NoeFabris:mainfrom
amartidandqdq:fix/tui-prompt-continue

Conversation

@amartidandqdq

Copy link
Copy Markdown

Fixes #537. Based on PR #562 by @lawRathod.

Problem: When executing opencode auth login and selecting Check quotas, Verify one account, or Verify all accounts, the output is printed but immediately overwritten by the TUI menu.

Fix: Added promptContinue() helper that waits for Enter before returning to main menu. Added calls after all informational outputs: quota checks, account toggles, verification statuses, model configuration.

@greptile-apps

greptile-apps Bot commented Jun 10, 2026

Copy link
Copy Markdown
Contributor

Greptile Summary

This PR fixes the TUI overwrite bug by introducing a promptContinue() helper that pauses for Enter after displaying quota, verification, and toggle output before returning to the auth menu. The fix is well-implemented in cli.ts and applied consistently across all relevant branches in plugin.ts.

  • promptContinue helper (src/plugin/cli.ts): Correctly guarded with isTTY(), uses try/finally to close the readline interface, and is exported and imported cleanly. Applied to all 10 output sites in the auth loop.
  • Undocumented apiKey change (src/plugin.ts line 1453): apiKey changes from \"\" to \"antigravity-oauth\" with no mention in the PR description. Depending on how the opencode plugin framework uses LoaderResult.apiKey, this non-empty literal could be injected as an auth header on outgoing requests.
  • Undocumented import path change (src/plugin.ts line 2): @opencode-ai/plugin becomes @opencode-ai/plugin/tool without explanation — likely a valid correction, but worth a note.

Confidence Score: 3/5

The promptContinue fix itself is safe, but the silent apiKey change from an empty string to a literal "antigravity-oauth" string in the loader return value could affect how the framework authenticates outgoing requests and warrants explicit verification before merging.

The promptContinue implementation is correct and complete. The risk comes from two unrelated, undocumented changes bundled into the PR: the apiKey value is now a non-empty literal string that the opencode framework may use to inject authentication headers, and the import sub-path has changed. Until the intended behavior of the apiKey change is confirmed, it is unclear whether real request authentication could be affected.

src/plugin.ts — the apiKey and import path changes near the top and loader return need clarification.

Important Files Changed

Filename Overview
src/plugin.ts Adds 10 promptContinue() calls after all informational output paths in the auth menu loop. Also includes two undocumented changes: apiKey changed from "" to "antigravity-oauth" (potential auth regression) and the tool import path changed from @opencode-ai/plugin to @opencode-ai/plugin/tool.
src/plugin/cli.ts Adds promptContinue() helper with correct TTY guard and try/finally cleanup. Also adds one call inside the configure-models case in promptLoginMode. Implementation is clean and consistent with the file's existing patterns.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[promptLoginMode returns menuResult] --> B{menuResult.mode}
    B -->|check| C[Print quota output]
    B -->|manage| D[Toggle account, print status]
    B -->|verify-all| E{accounts.length == 0?}
    E -->|yes| F[Print No accounts available]
    E -->|no| G[Verify each account, print summary]
    B -->|verify| H{verifyAccountIndex?}
    H -->|undefined| I[promptAccountIndexForVerification]
    I -->|cancelled| J[Print Verification cancelled]
    I -->|index found| K[Verify single account]
    H -->|defined| K
    K -->|ok| L[Print ready status]
    K -->|blocked| M[Print blocked + URL]
    K -->|error| N[Print error]
    C --> PC1[promptContinue]
    D --> PC2[promptContinue]
    F --> PC3[promptContinue]
    G --> PC4[promptContinue]
    J --> PC5[promptContinue]
    L --> PC6[promptContinue]
    M --> PC7[promptContinue]
    N --> PC8[promptContinue]
    PC1 & PC2 & PC3 & PC4 & PC5 & PC6 & PC7 & PC8 --> CONT[continue — back to promptLoginMode]
Loading
Prompt To Fix All With AI
Fix the following 3 code review issues. Work through them one at a time, proposing concise fixes.

---

### Issue 1 of 3
src/plugin.ts:1453
**Undocumented `apiKey` change may inject a literal string as an auth header**

The PR description only mentions `promptContinue`, but `apiKey` has quietly changed from `""` to `"antigravity-oauth"`. Depending on how the opencode plugin framework consumes `LoaderResult.apiKey`, a non-empty value could cause the framework to populate an `Authorization: Bearer antigravity-oauth` header on outgoing requests. While the custom `fetch` override handles real OAuth token injection, if the framework adds API-key-based headers independently before or after that path, the literal string could leak into requests or override the proper OAuth header.

### Issue 2 of 3
src/plugin.ts:2
**Undocumented import path change is not explained in the PR**

The import was changed from `@opencode-ai/plugin` to `@opencode-ai/plugin/tool`. This sub-path change is unrelated to the stated `promptContinue` fix and is not mentioned in the PR description. If `@opencode-ai/plugin` previously resolved to a different entry point than `@opencode-ai/plugin/tool`, the API surface available to this module may differ in subtle ways. A brief note on why this correction was needed would be helpful.

### Issue 3 of 3
src/plugin/cli.ts:22-30
**`promptContinue` silently no-ops in non-TTY but other prompt helpers do not guard the same way**

`promptContinue` guards with `if (!isTTY()) return`, which is correct. However, `promptProjectId` and `promptAddAnotherAccount` do not have this guard — they will try to call `rl.question` on a non-TTY stdin without protection. While this inconsistency pre-exists this PR, the new function establishes the right pattern that the existing helpers don't follow, which may cause confusion about whether the guard is actually required.

Reviews (1): Last reviewed commit: "fix: promptContinue prevents TUI from ov..." | Re-trigger Greptile

Comment thread src/plugin.ts

return {
apiKey: "",
apiKey: "antigravity-oauth",

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Undocumented apiKey change may inject a literal string as an auth header

The PR description only mentions promptContinue, but apiKey has quietly changed from "" to "antigravity-oauth". Depending on how the opencode plugin framework consumes LoaderResult.apiKey, a non-empty value could cause the framework to populate an Authorization: Bearer antigravity-oauth header on outgoing requests. While the custom fetch override handles real OAuth token injection, if the framework adds API-key-based headers independently before or after that path, the literal string could leak into requests or override the proper OAuth header. Is this change intentional? What does the opencode framework do with a non-empty apiKey when a custom fetch is also provided? Was "" causing the provider to be treated as unauthenticated?

Prompt To Fix With AI
This is a comment left during a code review.
Path: src/plugin.ts
Line: 1453

Comment:
**Undocumented `apiKey` change may inject a literal string as an auth header**

The PR description only mentions `promptContinue`, but `apiKey` has quietly changed from `""` to `"antigravity-oauth"`. Depending on how the opencode plugin framework consumes `LoaderResult.apiKey`, a non-empty value could cause the framework to populate an `Authorization: Bearer antigravity-oauth` header on outgoing requests. While the custom `fetch` override handles real OAuth token injection, if the framework adds API-key-based headers independently before or after that path, the literal string could leak into requests or override the proper OAuth header. Is this change intentional? What does the opencode framework do with a non-empty `apiKey` when a custom `fetch` is also provided? Was `""` causing the provider to be treated as unauthenticated?

How can I resolve this? If you propose a fix, please make it concise.

Comment thread src/plugin.ts
@@ -1,5 +1,5 @@
import { exec } from "node:child_process";
import { tool } from "@opencode-ai/plugin";
import { tool } from "@opencode-ai/plugin/tool";

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Undocumented import path change is not explained in the PR

The import was changed from @opencode-ai/plugin to @opencode-ai/plugin/tool. This sub-path change is unrelated to the stated promptContinue fix and is not mentioned in the PR description. If @opencode-ai/plugin previously resolved to a different entry point than @opencode-ai/plugin/tool, the API surface available to this module may differ in subtle ways. A brief note on why this correction was needed would be helpful.

Prompt To Fix With AI
This is a comment left during a code review.
Path: src/plugin.ts
Line: 2

Comment:
**Undocumented import path change is not explained in the PR**

The import was changed from `@opencode-ai/plugin` to `@opencode-ai/plugin/tool`. This sub-path change is unrelated to the stated `promptContinue` fix and is not mentioned in the PR description. If `@opencode-ai/plugin` previously resolved to a different entry point than `@opencode-ai/plugin/tool`, the API surface available to this module may differ in subtle ways. A brief note on why this correction was needed would be helpful.

How can I resolve this? If you propose a fix, please make it concise.

Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!

Comment thread src/plugin/cli.ts
Comment on lines +22 to +30
export async function promptContinue(): Promise<void> {
if (!isTTY()) return;
const rl = createInterface({ input, output });
try {
await rl.question("Press Enter to return to menu...");
} finally {
rl.close();
}
}

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 promptContinue silently no-ops in non-TTY but other prompt helpers do not guard the same way

promptContinue guards with if (!isTTY()) return, which is correct. However, promptProjectId and promptAddAnotherAccount do not have this guard — they will try to call rl.question on a non-TTY stdin without protection. While this inconsistency pre-exists this PR, the new function establishes the right pattern that the existing helpers don't follow, which may cause confusion about whether the guard is actually required.

Prompt To Fix With AI
This is a comment left during a code review.
Path: src/plugin/cli.ts
Line: 22-30

Comment:
**`promptContinue` silently no-ops in non-TTY but other prompt helpers do not guard the same way**

`promptContinue` guards with `if (!isTTY()) return`, which is correct. However, `promptProjectId` and `promptAddAnotherAccount` do not have this guard — they will try to call `rl.question` on a non-TTY stdin without protection. While this inconsistency pre-exists this PR, the new function establishes the right pattern that the existing helpers don't follow, which may cause confusion about whether the guard is actually required.

How can I resolve this? If you propose a fix, please make it concise.

@coderabbitai

coderabbitai Bot commented Jun 10, 2026

Copy link
Copy Markdown
Contributor

Caution

Review failed

Pull request was closed or merged during review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: f36ce454-0811-4966-840f-fa1b36d2eae1

📥 Commits

Reviewing files that changed from the base of the PR and between 740e315 and 7653d77.

📒 Files selected for processing (2)
  • src/plugin.ts
  • src/plugin/cli.ts
📜 Recent review details
🔇 Additional comments (13)
src/plugin/cli.ts (2)

22-30: LGTM!


162-162: LGTM!

src/plugin.ts (11)

2-2: LGTM!


14-14: LGTM!


2695-2695: LGTM!


2709-2709: LGTM!


2719-2719: LGTM!


2799-2799: LGTM!


2810-2810: LGTM!


2817-2817: LGTM!


2838-2838: LGTM!


2876-2876: LGTM!

Also applies to: 2881-2881


1453-1453: Update LoaderResult.apiKey—local usage doesn’t depend on empty string

In src/plugin.ts, the loader now returns apiKey: "antigravity-oauth", but within this repo that LoaderResult.apiKey value is never read (no .apiKey usage besides tests and the LoaderResult type). The actual request auth is driven by OAuth access tokens (Authorization: Bearer ...) from getAuth(), not by this apiKey field.

The only remaining risk is any behavior in the OpenCode plugin framework that treats an empty-string apiKey specially—so confirm the framework’s contract for LoaderResult.apiKey doesn’t rely on "" or a specific format.


Walkthrough

This PR adds interactive pause points to CLI flows to prevent output from being immediately overwritten by the menu. A new promptContinue() helper is implemented and integrated throughout account verification, quota check, and login mode operations. The OAuth client descriptor's apiKey field is also updated from an empty string to "antigravity-oauth". The tool import is refactored to use a more specific entry point.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly summarizes the main change: adding promptContinue to prevent TUI output overwriting, which directly addresses the linked issue.
Description check ✅ Passed The description is directly related to the changeset, explaining the problem, solution, and implementation details of the promptContinue helper.
Linked Issues check ✅ Passed The PR directly addresses issue #537 by implementing the proposed fix: adding promptContinue() to wait for user input before returning to menu after informational outputs.
Out of Scope Changes check ✅ Passed All changes in the PR are scope-specific to addressing issue #537: the new promptContinue() helper, its exports, and integration into quota/verify/login-mode flows.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.


Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@amartidandqdq amartidandqdq deleted the fix/tui-prompt-continue branch June 14, 2026 09:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

TUI overwrites output of 'Check quotas' and 'Verify accounts' in 'opencode auth login'

1 participant