( isNonInteractiveSession: boolean, )
| 610 | } |
| 611 | |
| 612 | async function _executeApiKeyHelper( |
| 613 | isNonInteractiveSession: boolean, |
| 614 | ): Promise<string | null> { |
| 615 | const apiKeyHelper = getConfiguredApiKeyHelper() |
| 616 | if (!apiKeyHelper) { |
| 617 | return null |
| 618 | } |
| 619 | |
| 620 | if (isApiKeyHelperFromProjectOrLocalSettings()) { |
| 621 | const hasTrust = checkHasTrustDialogAccepted() |
| 622 | if (!hasTrust && !isNonInteractiveSession) { |
| 623 | const error = new Error( |
| 624 | `Security: apiKeyHelper executed before workspace trust is confirmed. If you see this message, post in ${MACRO.FEEDBACK_CHANNEL}.`, |
| 625 | ) |
| 626 | logAntError('apiKeyHelper invoked before trust check', error) |
| 627 | logEvent('ncode_apiKeyHelper_missing_trust11', {}) |
| 628 | return null |
| 629 | } |
| 630 | } |
| 631 | |
| 632 | const result = await execa(apiKeyHelper, { |
| 633 | shell: true, |
| 634 | timeout: 10 * 60 * 1000, |
| 635 | reject: false, |
| 636 | }) |
| 637 | if (result.failed) { |
| 638 | // reject:false — execa resolves on exit≠0/timeout, stderr is on result |
| 639 | const why = result.timedOut ? 'timed out' : `exited ${result.exitCode}` |
| 640 | const stderr = result.stderr?.trim() |
| 641 | throw new Error(stderr ? `${why}: ${stderr}` : why) |
| 642 | } |
| 643 | const stdout = result.stdout?.trim() |
| 644 | if (!stdout) { |
| 645 | throw new Error('did not return a value') |
| 646 | } |
| 647 | return stdout |
| 648 | } |
| 649 | |
| 650 | /** |
| 651 | * Sync cache reader — returns the last fetched apiKeyHelper value without executing. |
no test coverage detected