Skip to content

Add repository-scoped auth mapping and repo-aware status#12681

Open
awakecoding wants to merge 2 commits intocli:trunkfrom
awakecoding:dynamic-account-selection
Open

Add repository-scoped auth mapping and repo-aware status#12681
awakecoding wants to merge 2 commits intocli:trunkfrom
awakecoding:dynamic-account-selection

Conversation

@awakecoding
Copy link

@awakecoding awakecoding commented Feb 13, 2026
edited
Loading

Summary

This PR adds repository-scoped account selection to GitHub CLI so users can work across multiple accounts on the same host without repeatedly running a global gh auth switch.

It also updates gh auth status to show the effective account for the current repository while preserving existing global host/account status output.

Fixes #12459 and #12628 in a slightly different way than suggested. I prefer the current approach as it does not rely on external SSH configuration. The auth mapping mechanism is simple and works at the GitHub CLI level. A few simple mapping rules should do the trick to eliminate issues when using multiple GitHub accounts at the same time.

Motivation

This addresses multi-account workflow friction described in:

In short: git/SSH can already route identities per repo/org, but gh previously required manual global account switching.

What changed

1) Repository account mappings

Added a new command group:

  • gh auth map set <scope> --user <login>
  • gh auth map list [--hostname <host>]
  • gh auth map remove <scope>

Supported scopes:

  • OWNER/*
  • OWNER/REPO
  • HOST/OWNER/*
  • HOST/OWNER/REPO

Matching behavior:

  1. Exact repo match (owner/repo)
  2. Owner wildcard match (owner/*)
  3. Fallback to existing host-active account behavior

Environment token precedence is preserved (GH_TOKEN, GITHUB_TOKEN, etc.).

2) Dynamic token selection during API requests

gh now resolves a repository context from remotes and applies repository mapping when selecting a token for API requests, instead of requiring global active-user mutation.

3) Repository-aware auth status

gh auth status now prints a concise current-repository summary:

  • repository
  • effective account
  • source (repository mapping, active host account, or environment token)

Global host/account sections remain unchanged below the summary.

Example

gh auth map set github.com/awakecoding/* --user awakecoding
gh auth map set github.com/Devolutions/* --user mamoreau-devolutions
gh auth status --active

Validation

  • go test ./internal/config ./pkg/cmd/factory ./pkg/cmd/auth/map ./pkg/cmd/auth/status
  • go build ./...

Notes

  • This keeps backward compatibility for users who do not configure mappings.
  • Global gh auth switch behavior is unchanged.

@awakecoding awakecoding requested a review from a team as a code owner February 13, 2026 21:30
@cliAutomation cliAutomation added the external pull request originating outside of the CLI core team label Feb 13, 2026
@cliAutomation
Copy link
Collaborator

cliAutomation commented Feb 13, 2026

Hi! Thanks for the pull request. Please ensure that this change is linked to an issue by mentioning an issue number in the description of the pull request. If this pull request would close the issue, please put the word 'Fixes' before the issue number somewhere in the pull request body. If this is a tiny change like fixing a typo, feel free to ignore this message.

Copilot AI reviewed Feb 13, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request adds repository-scoped account selection to GitHub CLI, enabling users to work with multiple GitHub accounts on the same host without manually switching the global active account. The implementation includes a new gh auth map command group for managing repository-to-account mappings, dynamic token selection during API requests based on repository context, and enhanced gh auth status output that displays the effective account for the current repository.

Changes:

  • Added gh auth map {set,list,remove} commands to configure per-repository or per-owner account mappings
  • Implemented dynamic token getter that resolves repository context from git remotes and applies mappings transparently during API requests
  • Enhanced gh auth status to display current repository authentication information when available

Reviewed changes

Copilot reviewed 10 out of 10 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
pkg/cmd/auth/map/map.go New command implementation for managing repository account mappings with support for owner/* and owner/repo scopes
pkg/cmd/auth/map/map_test.go Test coverage for map command parsing and CRUD operations
pkg/cmd/auth/auth.go Integration of new map command into auth command group
pkg/cmd/auth/status/status.go Added repository-aware status display showing effective account and source
pkg/cmd/auth/status/status_test.go Test coverage for repository status display with mapped and unmapped scenarios
pkg/cmd/factory/dynamic_token_getter.go Token selection logic that applies repository mappings when resolving API credentials
pkg/cmd/factory/dynamic_token_getter_test.go Tests verifying mapping-based token selection and environment token precedence
pkg/cmd/factory/default.go HTTP client factory integration to use dynamic token getter with repository context
internal/config/config.go Config layer methods for storing/retrieving repository-to-user mappings with case-insensitive owner/repo matching
internal/config/auth_config_test.go Config layer test coverage for mapping CRUD operations and lookup priority

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@awakecoding awakecoding mentioned this pull request Feb 14, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@williammartin williammartin Awaiting requested review from williammartin williammartin is a code owner automatically assigned from cli/code-reviewers

+1 more reviewer

@mamoreau-devolutions mamoreau-devolutions mamoreau-devolutions left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

external pull request originating outside of the CLI core team

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Feature: Auto-switch accounts based on git config

3 participants

@awakecoding @cliAutomation @mamoreau-devolutions