feat: add getGithubAppContext to scout's buildStreamTextParams args (#90)

Author: hugodutka

packages/scout-agent/lib/compute/tools.ts

@@ -4,13 +4,12 @@ import * as github from "@blink-sdk/github";
 import { type Tool, tool } from "ai";
 import * as blink from "blink";
 import { z } from "zod";
-import { getGithubAppContext } from "../github";
 import type { Message } from "../types";
 import { WORKSPACE_INFO_KEY } from "./common";
 
 export const createComputeTools = <T>({
   agent,
-  githubConfig,
+  getGithubAppContext,
   initializeWorkspace,
   createWorkspaceClient,
 }: {
@@ -19,10 +18,11 @@ export const createComputeTools = <T>({
     existingWorkspaceInfo: T | undefined
   ) => Promise<{ workspaceInfo: T; message: string }>;
   createWorkspaceClient: (workspaceInfo: T) => Promise<Client>;
-  githubConfig?: {
-    appID: string;
-    privateKey: string;
-  };
+  /**
+   * A function that returns the GitHub auth context for Git authentication.
+   * If provided, the workspace_authenticate_git tool will be available.
+   */
+  getGithubAppContext?: () => Promise<github.AppAuthOptions>;
 }): Record<string, Tool> => {
   const newClient = async () => {
     const workspaceInfo = await agent.store.get(WORKSPACE_INFO_KEY);
@@ -56,7 +56,7 @@ export const createComputeTools = <T>({
       },
     }),
 
-    ...(githubConfig
+    ...(getGithubAppContext
       ? {
           workspace_authenticate_git: tool({
             description: `Authenticate with Git repositories for push/pull operations. Call this before any Git operations that require authentication.
@@ -75,10 +75,7 @@ It's safe to call this multiple times - re-authenticating is perfectly fine and
               const client = await newClient();
 
               // Here we generate a GitHub token scoped to the repositories.
-              const githubAppContext = await getGithubAppContext({
-                githubAppID: githubConfig.appID,
-                githubAppPrivateKey: githubConfig.privateKey,
-              });
+              const githubAppContext = await getGithubAppContext();
               if (!githubAppContext) {
                 throw new Error(
                   "You can only use public repositories in this context."

packages/scout-agent/lib/core.test.ts

@@ -344,6 +344,78 @@ describe("config", async () => {
   }
 });
 
+test("buildStreamTextParams honors getGithubAppContext param", async () => {
+  const mockGetGithubAppContext = mock(() =>
+    Promise.resolve({
+      appId: "custom-app-id",
+      privateKey: "custom-private-key",
+    })
+  );
+
+  const agent = new blink.Agent<Message>();
+  const scout = new Scout({
+    agent,
+    logger: noopLogger,
+    github: {
+      appID: "config-app-id",
+      privateKey: "config-private-key",
+      webhookSecret: "config-webhook-secret",
+    },
+  });
+
+  const params = scout.buildStreamTextParams({
+    chatID: "test-chat-id" as blink.ID,
+    messages: [],
+    model: newMockModel({ textResponse: "test" }),
+    getGithubAppContext: mockGetGithubAppContext,
+  });
+
+  // Verify GitHub tools are available
+  expect(params.tools.github_create_pull_request).toBeDefined();
+
+  const result = streamText(params);
+
+  // Access the tools from the streamText result
+  // biome-ignore lint/suspicious/noExplicitAny: accessing internal tools for testing
+  const tools = (result as any).tools as Record<
+    string,
+    // biome-ignore lint/suspicious/noExplicitAny: mock input
+    { execute: (input: any, opts?: any) => Promise<unknown> }
+  >;
+
+  // Execute a GitHub tool to verify our custom getGithubAppContext is called
+  const tool = tools.github_create_pull_request;
+  expect(tool).toBeDefined();
+
+  // The tool will fail when trying to authenticate (since we're using fake credentials),
+  // but we can verify our mock was called before that happens
+  try {
+    // biome-ignore lint/style/noNonNullAssertion: we just checked it's defined
+    await tool!.execute(
+      {
+        model_intent: "creating pull request",
+        properties: {
+          owner: "test-owner",
+          repo: "test-repo",
+          base: "main",
+          head: "feature",
+          title: "Test PR",
+        },
+      },
+      {
+        abortSignal: new AbortController().signal,
+        toolCallId: "test-tool-call",
+        messages: [],
+      }
+    );
+  } catch {
+    // Expected to fail during authentication
+  }
+
+  // Verify our custom getGithubAppContext was called, not the default factory
+  expect(mockGetGithubAppContext).toHaveBeenCalledTimes(1);
+});
+
 test("respond in slack", async () => {
   const { promise: doStreamOptionsPromise, resolve } =
     newPromise<DoStreamOptions>();
@@ -622,4 +694,96 @@ describe("daytona integration", () => {
     expect(mockSandbox.getPreviewLink).toHaveBeenCalledTimes(1);
     expect(mockSandbox.getPreviewLink).toHaveBeenCalledWith(2137);
   });
+
+  test("compute tools honor getGithubAppContext param", async () => {
+    using apiServer = createMockBlinkApiServer();
+    using computeServer = createMockComputeServer();
+    using _env = withBlinkApiUrl(apiServer.url);
+
+    const mockGetGithubAppContext = mock(() =>
+      Promise.resolve({
+        appId: "custom-app-id",
+        privateKey: "custom-private-key",
+      })
+    );
+
+    const mockSandbox = createMockDaytonaSandbox({
+      id: "workspace-for-git-auth",
+      getPreviewLink: mock(() =>
+        Promise.resolve({ url: computeServer.url, token: "test-token" })
+      ),
+    });
+    const mockSdk = createMockDaytonaSdk(mockSandbox);
+
+    const agent = new blink.Agent<Message>();
+    const scout = new Scout({
+      agent,
+      logger: noopLogger,
+      github: {
+        appID: "config-app-id",
+        privateKey: "config-private-key",
+        webhookSecret: "config-webhook-secret",
+      },
+      compute: {
+        type: "daytona",
+        options: {
+          apiKey: "test-api-key",
+          computeServerPort: 2137,
+          snapshot: "test-snapshot",
+          daytonaSdk: mockSdk,
+        },
+      },
+    });
+
+    const params = scout.buildStreamTextParams({
+      chatID: "test-chat-id" as blink.ID,
+      messages: [],
+      model: newMockModel({ textResponse: "test" }),
+      getGithubAppContext: mockGetGithubAppContext,
+    });
+    const result = streamText(params);
+
+    // biome-ignore lint/suspicious/noExplicitAny: accessing internal tools for testing
+    const tools = (result as any).tools as Record<
+      string,
+      // biome-ignore lint/suspicious/noExplicitAny: mock input
+      { execute: (input: any, opts?: any) => Promise<unknown> }
+    >;
+
+    // First, initialize the workspace (required before workspace_authenticate_git)
+    // biome-ignore lint/style/noNonNullAssertion: we know it exists
+    await tools.initialize_workspace!.execute({
+      model_intent: "initializing workspace",
+      properties: {},
+    });
+
+    // Verify workspace_authenticate_git tool is available
+    const gitAuthTool = tools.workspace_authenticate_git;
+    expect(gitAuthTool).toBeDefined();
+
+    // Execute workspace_authenticate_git - it will fail when trying to authenticate
+    // with GitHub (since we're using fake credentials), but our mock should be called first
+    try {
+      // biome-ignore lint/style/noNonNullAssertion: we just checked it's defined
+      await gitAuthTool!.execute(
+        {
+          model_intent: "authenticating git",
+          properties: {
+            owner: "test-owner",
+            repos: ["test-repo"],
+          },
+        },
+        {
+          abortSignal: new AbortController().signal,
+          toolCallId: "git-auth-tool-call",
+          messages: [],
+        }
+      );
+    } catch {
+      // Expected to fail during GitHub authentication
+    }
+
+    // Verify our custom getGithubAppContext was called, not the default factory
+    expect(mockGetGithubAppContext).toHaveBeenCalledTimes(1);
+  });
 });

packages/scout-agent/lib/core.ts

@@ -1,5 +1,6 @@
 import util from "node:util";
 import type { ModelMessage, ProviderOptions } from "@ai-sdk/provider-utils";
+import type * as github from "@blink-sdk/github";
 import withModelIntent from "@blink-sdk/model-intent";
 import * as slack from "@blink-sdk/slack";
 import type { App } from "@slack/bolt";
@@ -17,7 +18,11 @@ import {
   initializeDockerWorkspace,
 } from "./compute/docker";
 import { createComputeTools } from "./compute/tools";
-import { createGitHubTools, handleGitHubWebhook } from "./github";
+import {
+  createGitHubTools,
+  githubAppContextFactory,
+  handleGitHubWebhook,
+} from "./github";
 import { defaultSystemPrompt } from "./prompt";
 import { createSlackApp, createSlackTools, getSlackMetadata } from "./slack";
 import type { Message } from "./types";
@@ -31,13 +36,18 @@ type NullableTools = { [K in keyof Tools]: Tools[K] | undefined };
 
 type ConfigFields<T> = { [K in keyof T]: T[K] | undefined };
 
-export interface StreamStepResponseOptions {
+export interface BuildStreamTextParamsOptions {
   messages: Message[];
   chatID: blink.ID;
   model: LanguageModel;
   providerOptions?: ProviderOptions;
   tools?: NullableTools;
   systemPrompt?: string;
+  /**
+   * A function that returns the GitHub auth context for the GitHub tools and for Git authentication inside workspaces.
+   * If not provided, the GitHub auth context will be created using the app ID and private key from the GitHub config.
+   */
+  getGithubAppContext?: () => Promise<github.AppAuthOptions>;
 }
 
 interface Logger {
@@ -260,8 +270,9 @@ export class Scout {
     model,
     providerOptions,
     tools: providedTools,
+    getGithubAppContext,
     systemPrompt = defaultSystemPrompt,
-  }: StreamStepResponseOptions): {
+  }: BuildStreamTextParamsOptions): {
     model: LanguageModel;
     messages: ModelMessage[];
     maxOutputTokens: number;
@@ -280,7 +291,13 @@ export class Scout {
       case "docker": {
         computeTools = createComputeTools<DockerWorkspaceInfo>({
           agent: this.agent,
-          githubConfig: this.github.config,
+          getGithubAppContext: this.github.config
+            ? (getGithubAppContext ??
+              githubAppContextFactory({
+                appId: this.github.config.appID,
+                privateKey: this.github.config.privateKey,
+              }))
+            : undefined,
           initializeWorkspace: initializeDockerWorkspace,
           createWorkspaceClient: getDockerWorkspaceClient,
         });
@@ -290,7 +307,13 @@ export class Scout {
         const opts = computeConfig.options;
         computeTools = createComputeTools<DaytonaWorkspaceInfo>({
           agent: this.agent,
-          githubConfig: this.github.config,
+          getGithubAppContext: this.github.config
+            ? (getGithubAppContext ??
+              githubAppContextFactory({
+                appId: this.github.config.appID,
+                privateKey: this.github.config.privateKey,
+              }))
+            : undefined,
           initializeWorkspace: (info) =>
             initializeDaytonaWorkspace(
               this.logger,
@@ -340,8 +363,13 @@ export class Scout {
         ? createGitHubTools({
             agent: this.agent,
             chatID,
-            githubAppID: this.github.config.appID,
-            githubAppPrivateKey: this.github.config.privateKey,
+            getGithubAppContext:
+              getGithubAppContext !== undefined
+                ? getGithubAppContext
+                : githubAppContextFactory({
+                    appId: this.github.config.appID,
+                    privateKey: this.github.config.privateKey,
+                  }),
           })
         : undefined),
       ...computeTools,