refactor: use system secrets when possible (#248)

2025-12-29 12:09:52 -08:00
parent 4927a915f9
commit fab0ca676b
12 changed files with 869 additions and 57 deletions
--- a/src/cli/App.tsx
+++ b/src/cli/App.tsx
@@ -2538,7 +2538,8 @@ export default function App({

          try {
            const { settingsManager } = await import("../settings-manager");
-            const currentSettings = settingsManager.getSettings();
+            const currentSettings =
+              await settingsManager.getSettingsWithSecureTokens();

            // Revoke refresh token on server if we have one
            if (currentSettings.refreshToken) {
@@ -2546,17 +2547,8 @@ export default function App({
              await revokeToken(currentSettings.refreshToken);
            }

-            // Clear local credentials
-            const newEnv = { ...currentSettings.env };
-            delete newEnv.LETTA_API_KEY;
-            // Note: LETTA_BASE_URL is intentionally NOT deleted from settings
-            // because it should not be stored there in the first place
-
-            settingsManager.updateSettings({
-              env: newEnv,
-              refreshToken: undefined,
-              tokenExpiresAt: undefined,
-            });
+            // Clear all credentials including secrets
+            await settingsManager.logout();

            buffersRef.current.byId.set(cmdId, {
              kind: "command",
--- a/src/cli/components/WelcomeScreen.tsx
+++ b/src/cli/components/WelcomeScreen.tsx
@@ -1,6 +1,7 @@
 import { homedir } from "node:os";
 import type { Letta } from "@letta-ai/letta-client";
 import { Box, Text } from "ink";
+import { useEffect, useState } from "react";

 import type { AgentProvenance } from "../../agent/create";
 import { getModelDisplayName } from "../../agent/model";
@@ -24,7 +25,7 @@ function toTildePath(absolutePath: string): string {
 /**
 * Determine the auth method used
 */
-function getAuthMethod(): "url" | "api-key" | "oauth" {
+async function getAuthMethod(): Promise<"url" | "api-key" | "oauth"> {
  // Check if custom URL is being used
  if (process.env.LETTA_BASE_URL) {
    return "url";
@@ -33,12 +34,12 @@ function getAuthMethod(): "url" | "api-key" | "oauth" {
  if (process.env.LETTA_API_KEY) {
    return "api-key";
  }
-  // Check settings for refresh token (OAuth)
-  const settings = settingsManager.getSettings();
+  // Check settings for refresh token (OAuth) from keychain tokens
+  const settings = await settingsManager.getSettingsWithSecureTokens();
  if (settings.refreshToken) {
    return "oauth";
  }
-  // Check if API key stored in settings
+  // Check if API key stored in settings or keychain
  if (settings.env?.LETTA_API_KEY) {
    return "api-key";
  }
@@ -86,7 +87,13 @@ export function WelcomeScreen({
    : undefined;

  // Get auth method
-  const authMethod = getAuthMethod();
+  const [authMethod, setAuthMethod] = useState<"url" | "api-key" | "oauth">(
+    "oauth",
+  );
+
+  useEffect(() => {
+    getAuthMethod().then(setAuthMethod);
+  }, []);
  const authDisplay =
    authMethod === "url"
      ? process.env.LETTA_BASE_URL || "Custom URL"