fix(memfs): harden git pull auth and credential URL normalization (#971)

Co-authored-by: Letta <noreply@letta.com>
Co-authored-by: cpacker <packercharles@gmail.com>

src/tests/agent/memoryGit.auth.test.ts

@@ -0,0 +1,37 @@
+import { describe, expect, test } from "bun:test";
+
+import { normalizeCredentialBaseUrl } from "../../agent/memoryGit";
+
+describe("normalizeCredentialBaseUrl", () => {
+  test("normalizes Letta Cloud URL to origin", () => {
+    expect(normalizeCredentialBaseUrl("https://api.letta.com")).toBe(
+      "https://api.letta.com",
+    );
+  });
+
+  test("strips trailing slashes", () => {
+    expect(normalizeCredentialBaseUrl("https://api.letta.com///")).toBe(
+      "https://api.letta.com",
+    );
+  });
+
+  test("drops path/query/fragment and keeps origin", () => {
+    expect(
+      normalizeCredentialBaseUrl(
+        "https://api.letta.com/custom/path?foo=bar#fragment",
+      ),
+    ).toBe("https://api.letta.com");
+  });
+
+  test("preserves explicit port", () => {
+    expect(normalizeCredentialBaseUrl("http://localhost:8283/v1/")).toBe(
+      "http://localhost:8283",
+    );
+  });
+
+  test("falls back to trimmed value when URL parsing fails", () => {
+    expect(normalizeCredentialBaseUrl("not-a-valid-url///")).toBe(
+      "not-a-valid-url",
+    );
+  });
+});