From 8cd24bf6675597303d0b80e48ae6397f27642676 Mon Sep 17 00:00:00 2001
From: mkorwel <matt.korwel@gmail.com>
Date: Wed, 18 Mar 2026 21:52:41 -0700
Subject: [PATCH] fix(workspaces): resolve auth and path issues for remote
 reviews

---
 .gemini/skills/workspaces/scripts/orchestrator.ts     | 8 ++++++--
 .gemini/skills/workspaces/scripts/playbooks/review.ts | 2 +-
 .gemini/skills/workspaces/scripts/setup.ts            | 5 ++++-
 3 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/.gemini/skills/workspaces/scripts/orchestrator.ts b/.gemini/skills/workspaces/scripts/orchestrator.ts
index 1dcce1fe41..b3a193f0ab 100644
--- a/.gemini/skills/workspaces/scripts/orchestrator.ts
+++ b/.gemini/skills/workspaces/scripts/orchestrator.ts
@@ -88,12 +88,16 @@ export async function runOrchestrator(args: string[], env: NodeJS.ProcessEnv = p
   const remoteWorker = `tsx ${persistentScripts}/entrypoint.ts ${prNumber} . ${remotePolicyPath} ${action}`;
   const remoteConfigPath = `${hostWorkspaceRoot}/gemini-cli-config/.gemini/settings.json`;
   
-  // FIX: Dynamically retrieve the API key from the host-side config to inject it
+  // FIX: Dynamically retrieve the API key and GitHub token from the host-side config/disk
   const apiKeyRes = await provider.getExecOutput(`cat ${remoteConfigPath} | grep apiKey | cut -d '\"' -f 4`);
   const remoteApiKey = apiKeyRes.stdout.trim();
+  
+  const ghTokenRes = await provider.getExecOutput(`cat ${hostWorkspaceRoot}/.gh_token`);
+  const remoteGhToken = ghTokenRes.stdout.trim();
 
   // DEBUG: Run directly in foreground WITHOUT tmux to see immediate errors
-  const containerWrap = `sudo docker exec -it ${remoteApiKey ? `-e GEMINI_API_KEY=${remoteApiKey}` : ''} maintainer-worker sh -c ${q(`cd ${remoteWorktreeDir} && ${remoteWorker}; exec $SHELL`)}`;
+  const authEnv = `${remoteApiKey ? `-e GEMINI_API_KEY=${remoteApiKey} ` : ''}${remoteGhToken ? `-e GITHUB_TOKEN=${remoteGhToken} -e GH_TOKEN=${remoteGhToken} ` : ''}`;
+  const containerWrap = `sudo docker exec -it ${authEnv}maintainer-worker sh -c ${q(`cd ${remoteWorktreeDir} && ${remoteWorker}; exec $SHELL`)}`;
   
   const finalSSH = provider.getRunCommand(containerWrap, { interactive: true });
 
diff --git a/.gemini/skills/workspaces/scripts/playbooks/review.ts b/.gemini/skills/workspaces/scripts/playbooks/review.ts
index e7ec70bc02..0b4372dce5 100644
--- a/.gemini/skills/workspaces/scripts/playbooks/review.ts
+++ b/.gemini/skills/workspaces/scripts/playbooks/review.ts
@@ -10,7 +10,7 @@ export async function runReviewPlaybook(prNumber: string, targetDir: string, pol
   runner.register([
     { id: 'build', name: 'Fast Build', cmd: `cd ${targetDir} && npm ci && npm run build` },
     { id: 'ci', name: 'CI Checks', cmd: `gh pr checks ${prNumber}` },
-    { id: 'review', name: 'Workspaceed Review', cmd: `${geminiBin} --policy ${policyPath} --cwd ${targetDir} -p "Please activate the 'review-pr' skill and use it to conduct a behavioral review of PR #${prNumber}."` }
+    { id: 'review', name: 'Workspaceed Review', cmd: `cd ${targetDir} && ${geminiBin} --policy ${policyPath} -p "Please activate the 'review-pr' skill and use it to conduct a behavioral review of PR #${prNumber}."` }
   ]);
 
   return runner.run();
diff --git a/.gemini/skills/workspaces/scripts/setup.ts b/.gemini/skills/workspaces/scripts/setup.ts
index e2195c2598..ae65c81a27 100644
--- a/.gemini/skills/workspaces/scripts/setup.ts
+++ b/.gemini/skills/workspaces/scripts/setup.ts
@@ -337,12 +337,15 @@ and full builds) to a dedicated, high-performance GCP worker.
 
   if (githubToken) {
     await provider.exec(`echo ${githubToken} | sudo tee ${workspaceRoot}/.gh_token > /dev/null && sudo chmod 600 ${workspaceRoot}/.gh_token`);
+    // Authenticate GH CLI on host
+    await provider.exec(`sudo -u $(whoami) gh auth login --with-token < ${workspaceRoot}/.gh_token`);
+    console.log('   ✅ Authenticated GitHub CLI on host.');
   }
 
   // Final Repo Sync
   console.log(`🚀 Finalizing Remote Repository (${userFork})...`);
   const repoUrl = `https://github.com/${userFork}.git`;
-  const cloneCmd = `sudo rm -rf ${workspaceRoot}/main && sudo git clone --quiet --filter=blob:none ${repoUrl} ${workspaceRoot}/main && cd ${workspaceRoot}/main && sudo git remote add upstream https://github.com/${upstreamRepo}.git && sudo git fetch --quiet upstream && sudo chown -R $(whoami):$(whoami) ${workspaceRoot}`;
+  const cloneCmd = `sudo rm -rf ${workspaceRoot}/main && sudo git clone --quiet --filter=blob:none ${repoUrl} ${workspaceRoot}/main && sudo git -C ${workspaceRoot}/main remote add upstream https://github.com/${upstreamRepo}.git && sudo git -C ${workspaceRoot}/main fetch --quiet upstream && sudo chown -R $(whoami):$(whoami) ${workspaceRoot}`;
   await provider.exec(cloneCmd);
 
   console.log('\n✨ ALL SYSTEMS GO! Your Gemini Workspace is ready.');