feat: add disable_auth feature flag to block login and credential loading

[svarlamov]

Summary

Adds a new disable_auth feature flag (default false in both debug and release) that, when enabled via config (feature_flags.disable_auth) or environment variable (GIT_AI_DISABLE_AUTH=true):

• Blocks git-ai login — exits with code 1 and a clear error message
• Blocks git-ai logout — same behavior (prevents misleading "Not currently logged in" message)
• Blocks git-ai exchange-nonce — same behavior
• Prevents token loading — try_load_auth_token() returns None immediately
• Prevents credential store/load — CredentialStore::store() returns Err, CredentialStore::load() returns Ok(None)

Existing feature flag tests updated to include the new field. Two new unit tests added for the flag definition itself.

Updates since last revision

• Added disable_auth guard to handle_logout (src/commands/logout.rs) — without this, store.load() would hit the CredentialStore::load() guard and return Ok(None), printing a misleading "Not currently logged in" even when credentials exist on disk.

Review & Testing Checklist for Human

• No integration/e2e test for the actual blocking behavior: The new tests only cover the feature flag struct mechanics. Recommend manually verifying: GIT_AI_DISABLE_AUTH=true git-ai login and GIT_AI_DISABLE_AUTH=true git-ai logout both print the error message and exit with code 1.
• #[cfg(not(test))] guards on CredentialStore::store/load: The disable_auth checks in credentials.rs are compiled out in test builds (because Config::get() isn't available in tests). This means the credential-blocking behavior has zero unit test coverage. Verify this trade-off is acceptable, or consider adding an integration test that sets GIT_AI_DISABLE_AUTH=true and exercises the credential path.
• Error message duplication: The error string "Error: Authentication is disabled..." is hardcoded in login.rs, logout.rs, and exchange_nonce.rs separately from the AUTH_DISABLED_MSG constant in credentials.rs. Consider whether these should share a single constant.
• try_load_auth_token() flag check is NOT behind #[cfg(not(test))] unlike the CredentialStore checks — confirm this doesn't cause issues in test builds that exercise API client paths.

Notes

• The flag follows the exact same pattern as all other flags (auth_keyring, async_mode, etc.) via define_feature_flags! macro.
• The #[cfg(not(test))] approach in credentials.rs mirrors the existing pattern already used there for Config::get() access.

Link to Devin session: https://app.devin.ai/sessions/fcabbdff9cd04e38a5c21ba9e6fc598d
Requested by: @svarlamov

---

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring

[devin-ai-integration]

Devin Review found 1 potential issue.

⚠️ 1 issue in files not directly in the diff

⚠️ Missing disable_auth guard in handle_logout makes logout silently fail with misleading message (src/commands/logout.rs:4)

handle_login (src/commands/login.rs:6-9) and handle_exchange_nonce (src/commands/exchange_nonce.rs:19-22) both received explicit disable_auth guards that print a descriptive error and exit. However, handle_logout (src/commands/logout.rs:4) was not updated. When disable_auth is enabled, store.load() at src/commands/logout.rs:8 hits the new guard in CredentialStore::load() (src/auth/credentials.rs:123-126) and returns Ok(None), causing the function to print "Not currently logged in." — even when credentials are actually stored on disk. This means the user gets a misleading message, and credentials can never be cleared via git-ai logout while the flag is active.

View 3 additional findings in Devin Review.

[devin-ai-integration]

Addressed the Devin Review finding: added disable_auth guard to handle_logout in 4f99247. Without this, store.load() would return Ok(None) when the flag is enabled, causing a misleading "Not currently logged in" message.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}