fix(api): fix stale token binding and remove raw GitHub token fallback

fewtarius · fewtarius · commit a638b211a63a · 2026-03-15T05:39:55.000-04:00
Re-read copilotToken after refresh since the local binding captured the
pre-refresh value. Stop falling back to the raw GitHub token when Copilot
exchange fails - the raw token doesn't work with the Copilot API and just
produces confusing 401 errors downstream.
diff --git a/Sources/APIFramework/CopilotTokenStore.swift b/Sources/APIFramework/CopilotTokenStore.swift
@@ -120,26 +120,29 @@ public class CopilotTokenStore: ObservableObject {
     public func getCopilotToken() async throws -> String {
         // If we have a Copilot token, use it (with refresh if needed)
         if let token = copilotToken {
-            // Check if expired
             if token.isExpired() {
                 logger.info("Copilot token expired, refreshing...")
                 try await refreshCopilotToken()
             }
-            return token.token
+            // Re-read copilotToken after potential refresh (local binding may be stale)
+            if let current = copilotToken {
+                return current.token
+            }
         }
         
         // Have a GitHub token but no Copilot token - try exchange
-        if let githubToken = githubToken {
+        if githubToken != nil {
             logger.info("No Copilot token, attempting exchange...")
             do {
                 try await refreshCopilotToken()
                 if let token = copilotToken {
                     return token.token
                 }
             } catch {
-                logger.warning("Copilot token exchange failed: \(error.localizedDescription), using GitHub token directly")
+                logger.warning("Copilot token exchange failed: \(error.localizedDescription)")
             }
-            return githubToken
+            // Don't fall back to raw GitHub token - it won't work with Copilot API
+            throw TokenStoreError.noToken
         }
         
         // No token at all
@@ -189,19 +192,16 @@ public class CopilotTokenStore: ObservableObject {
         do {
             try await refreshCopilotToken()
             if let token = copilotToken {
-                logger.info("Token recovery succeeded")
+                logger.info("Token recovery succeeded - new Copilot token obtained")
                 return token.token
             }
         } catch {
             logger.warning("Token recovery failed: \(error.localizedDescription)")
         }
         
-        // If Copilot refresh failed, try returning the raw GitHub token
-        if let githubToken = githubToken {
-            logger.info("Falling back to GitHub token after Copilot refresh failure")
-            return githubToken
-        }
-        
+        // Don't fall back to raw GitHub token - it causes 401 loops
+        // The raw GitHub token can't authenticate against the Copilot API
+        logger.error("Token recovery failed - no valid Copilot token available")
         return nil
     }
     
