fix(auth): Provision plugin creds on skill activation

Move per-turn plugin credential provisioning out of the bash execution path and into skill activation. This keeps the implicit auth model intact while avoiding unnecessary token minting for unrelated shell commands and ensuring checkpoint-loaded skills are reprovisioned at the start of each turn.

Refs GH-209
Co-Authored-By: GPT-5 <noreply@openai.com>

Author: dcramer

packages/junior/src/chat/respond.ts

@@ -21,6 +21,7 @@ import {
 } from "@/chat/capabilities/factory";
 import { maybeExecuteJrRpcCustomCommand } from "@/chat/capabilities/jr-rpc-command";
 import type { ChannelConfigurationService } from "@/chat/configuration/types";
+import { CredentialUnavailableError } from "@/chat/credentials/broker";
 import { SkillSandbox } from "@/chat/sandbox/skill-sandbox";
 import {
   discoverSkills,
@@ -479,6 +480,32 @@ export async function generateAssistantReply(
     const syncResumeState = () => {
       loadedSkillNamesForResume = activeSkills.map((skill) => skill.name);
     };
+    const enableSkillCredentials = async (
+      skill: Skill | null,
+      reason: string,
+    ): Promise<void> => {
+      if (!skill?.pluginProvider) {
+        return;
+      }
+
+      try {
+        await capabilityRuntime.enableCredentialsForTurn({
+          activeSkill: skill,
+          reason,
+        });
+      } catch (error) {
+        if (
+          error instanceof CredentialUnavailableError &&
+          context.requester?.userId
+        ) {
+          await pluginAuth.handleCredentialUnavailable({
+            activeSkill: skill,
+            error,
+          });
+        }
+        throw error;
+      }
+    };
 
     setTags({
       conversationId: spanContext.conversationId,
@@ -526,6 +553,10 @@ export async function generateAssistantReply(
             // aborted turn park cleanly.
             return undefined;
           }
+          await enableSkillCredentials(
+            effective,
+            `skill:${effective.name}:turn:load`,
+          );
           if (!effective.pluginProvider) {
             return undefined;
           }
@@ -563,6 +594,7 @@ export async function generateAssistantReply(
         timeoutResumeMessages = existingCheckpoint?.piMessages ?? [];
         throw mcpAuth.getPendingPause()!;
       }
+      await enableSkillCredentials(skill, `skill:${skill.name}:turn:resume`);
     }
     syncResumeState();
 

packages/junior/src/chat/tools/agent-tools.ts

@@ -3,7 +3,6 @@ import { serializeGenAiAttribute } from "@/chat/logging";
 import { setSpanAttributes, withSpan, type LogContext } from "@/chat/logging";
 import { GEN_AI_PROVIDER_NAME } from "@/chat/pi/client";
 import { shouldEmitDevAgentTrace } from "@/chat/runtime/dev-agent-trace";
-import { CredentialUnavailableError } from "@/chat/credentials/broker";
 import {
   PluginAuthorizationPauseError,
   type PluginAuthOrchestration,
@@ -79,25 +78,6 @@ export function createAgentTools(
               toolName === "bash" && typeof parsed.command === "string"
                 ? parsed.command.trim()
                 : "";
-            if (bashCommand && capabilityRuntime) {
-              try {
-                await capabilityRuntime.enableCredentialsForTurn({
-                  activeSkill: sandbox.getActiveSkill(),
-                  reason: `skill:${sandbox.getActiveSkill()?.name ?? "unknown"}:bash:auto-enable`,
-                });
-              } catch (error) {
-                if (
-                  error instanceof CredentialUnavailableError &&
-                  pluginAuthOrchestration
-                ) {
-                  await pluginAuthOrchestration.handleCredentialUnavailable({
-                    activeSkill: sandbox.getActiveSkill(),
-                    error,
-                  });
-                }
-                throw error;
-              }
-            }
             const injection = resolveCredentialInjection(
               toolName,
               bashCommand,

packages/junior/tests/integration/respond-mcp-progressive-loading.test.ts

@@ -334,7 +334,9 @@ vi.mock("@/chat/config", async (importOriginal) => {
 
 vi.mock("@/chat/capabilities/factory", () => ({
   createSkillCapabilityRuntime: () => ({
+    enableCredentialsForTurn: async () => undefined,
     getTurnHeaderTransforms: () => undefined,
+    getTurnEnv: () => undefined,
   }),
   createUserTokenStore: () => ({
     get: async () => undefined,

packages/junior/tests/unit/runtime/respond-lazy-sandbox.test.ts

@@ -5,6 +5,8 @@ const {
   createSandboxCallCount,
   activeSandboxVersion,
   attachFileReadVersions,
+  enabledCredentialSkillNames,
+  checkpointLoadedSkillNames,
   pendingWorkspaceRelease,
 } = vi.hoisted(() => ({
   agentMode: {
@@ -26,6 +28,12 @@ const {
   attachFileReadVersions: {
     value: [] as number[],
   },
+  enabledCredentialSkillNames: {
+    value: [] as string[],
+  },
+  checkpointLoadedSkillNames: {
+    value: [] as string[],
+  },
   pendingWorkspaceRelease: {
     value: undefined as (() => void) | undefined,
   },
@@ -218,7 +226,15 @@ vi.mock("@/chat/runtime/dev-agent-trace", () => ({
 
 vi.mock("@/chat/capabilities/factory", () => ({
   createSkillCapabilityRuntime: () => ({
-    enableCredentialsForTurn: async () => undefined,
+    enableCredentialsForTurn: async (input: {
+      activeSkill: { name?: string } | null;
+    }) => {
+      const skillName = input.activeSkill?.name;
+      if (skillName) {
+        enabledCredentialSkillNames.value.push(skillName);
+      }
+      return undefined;
+    },
     getTurnHeaderTransforms: () => undefined,
     getTurnEnv: () => undefined,
   }),
@@ -246,7 +262,13 @@ vi.mock("@/chat/services/turn-checkpoint", () => ({
   loadTurnCheckpoint: async () => ({
     resumedFromCheckpoint: false,
     currentSliceId: 1,
-    existingCheckpoint: undefined,
+    existingCheckpoint:
+      checkpointLoadedSkillNames.value.length > 0
+        ? {
+            loadedSkillNames: [...checkpointLoadedSkillNames.value],
+            piMessages: [],
+          }
+        : undefined,
     canUseTurnSession: false,
   }),
   persistCompletedCheckpoint: async () => undefined,
@@ -271,6 +293,7 @@ vi.mock("@/chat/skills", () => {
     name: "demo-skill",
     description: "Demo skill",
     skillPath: "/tmp/skills/demo-skill",
+    pluginProvider: "demo",
   };
 
   return {
@@ -439,6 +462,8 @@ describe("generateAssistantReply lazy sandbox boot", () => {
     createSandboxCallCount.value = 0;
     activeSandboxVersion.value = 1;
     attachFileReadVersions.value = [];
+    enabledCredentialSkillNames.value = [];
+    checkpointLoadedSkillNames.value = [];
     pendingWorkspaceRelease.value = undefined;
   });
 
@@ -458,10 +483,22 @@ describe("generateAssistantReply lazy sandbox boot", () => {
 
     expect(reply.text).toBe("Loaded demo skill.");
     expect(createSandboxCallCount.value).toBe(0);
+    expect(enabledCredentialSkillNames.value).toEqual(["demo-skill"]);
     expect(reply.sandboxId).toBeUndefined();
     expect(reply.diagnostics.toolCalls).toEqual(["loadSkill"]);
   });
 
+  it("reprovisions plugin credentials for checkpoint-loaded skills at turn start", async () => {
+    checkpointLoadedSkillNames.value = ["demo-skill"];
+
+    const reply = await generateAssistantReply("hello");
+
+    expect(reply.text).toBe("Plain reply.");
+    expect(createSandboxCallCount.value).toBe(0);
+    expect(enabledCredentialSkillNames.value).toEqual(["demo-skill"]);
+    expect(reply.diagnostics.toolCalls).toEqual([]);
+  });
+
   it("memoizes the lazy sandbox workspace across multiple workspace calls", async () => {
     agentMode.value = "attachFile";
 

packages/junior/tests/unit/runtime/respond-timeout-resume.test.ts

@@ -101,7 +101,9 @@ vi.mock("@/chat/config", async (importOriginal) => {
 
 vi.mock("@/chat/capabilities/factory", () => ({
   createSkillCapabilityRuntime: () => ({
+    enableCredentialsForTurn: async () => undefined,
     getTurnHeaderTransforms: () => undefined,
+    getTurnEnv: () => undefined,
   }),
   createUserTokenStore: () => ({
     get: async () => undefined,

packages/junior/tests/unit/tools/agent-tools.test.ts

@@ -29,7 +29,7 @@ describe("createAgentTools", () => {
     handleToolExecutionError.mockClear();
   });
 
-  it("auto-enables provider credentials before executing bash", async () => {
+  it("injects already-enabled provider credentials into bash", async () => {
     const sandbox = new SkillSandbox([githubSkill], [githubSkill]);
     const enableCredentialsForTurn = vi.fn(async () => {});
     const capabilityRuntime = {
@@ -81,10 +81,7 @@ describe("createAgentTools", () => {
       command: "gh issue view 123 --repo getsentry/junior",
     });
 
-    expect(enableCredentialsForTurn).toHaveBeenCalledWith({
-      activeSkill: githubSkill,
-      reason: "skill:github:bash:auto-enable",
-    });
+    expect(enableCredentialsForTurn).not.toHaveBeenCalled();
     expect(sandboxExecutor.execute).toHaveBeenCalledWith({
       toolName: "bash",
       input: {