refactor: use system secrets when possible (#248)

2025-12-29 12:09:52 -08:00
parent 4927a915f9
commit fab0ca676b
12 changed files with 869 additions and 57 deletions
--- a/src/cli/components/WelcomeScreen.tsx
+++ b/src/cli/components/WelcomeScreen.tsx
@@ -1,6 +1,7 @@
 import { homedir } from "node:os";
 import type { Letta } from "@letta-ai/letta-client";
 import { Box, Text } from "ink";
+import { useEffect, useState } from "react";

 import type { AgentProvenance } from "../../agent/create";
 import { getModelDisplayName } from "../../agent/model";
@@ -24,7 +25,7 @@ function toTildePath(absolutePath: string): string {
 /**
 * Determine the auth method used
 */
-function getAuthMethod(): "url" | "api-key" | "oauth" {
+async function getAuthMethod(): Promise<"url" | "api-key" | "oauth"> {
  // Check if custom URL is being used
  if (process.env.LETTA_BASE_URL) {
    return "url";
@@ -33,12 +34,12 @@ function getAuthMethod(): "url" | "api-key" | "oauth" {
  if (process.env.LETTA_API_KEY) {
    return "api-key";
  }
-  // Check settings for refresh token (OAuth)
-  const settings = settingsManager.getSettings();
+  // Check settings for refresh token (OAuth) from keychain tokens
+  const settings = await settingsManager.getSettingsWithSecureTokens();
  if (settings.refreshToken) {
    return "oauth";
  }
-  // Check if API key stored in settings
+  // Check if API key stored in settings or keychain
  if (settings.env?.LETTA_API_KEY) {
    return "api-key";
  }
@@ -86,7 +87,13 @@ export function WelcomeScreen({
    : undefined;

  // Get auth method
-  const authMethod = getAuthMethod();
+  const [authMethod, setAuthMethod] = useState<"url" | "api-key" | "oauth">(
+    "oauth",
+  );
+
+  useEffect(() => {
+    getAuthMethod().then(setAuthMethod);
+  }, []);
  const authDisplay =
    authMethod === "url"
      ? process.env.LETTA_BASE_URL || "Custom URL"