feat(auth): Use lox keyring providers#898
Conversation
|
Codex review: needs real behavior proof before merge. Reviewed July 4, 2026, 7:44 AM ET / 11:44 UTC. Summary Reproducibility: not applicable. This PR proposes a dependency/provider migration and a new accepted Review metrics: 3 noteworthy metrics.
Merge readiness Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch. Rank-up moves:
Proof guidance:
Risk before merge
Maintainer options:
Next step before merge
Security Review detailsBest possible solution: Land only after maintainers explicitly accept the lox keyring dependency set and the PR includes redacted real-run proof for existing file/keychain access plus the new 1Password backend, or split the work so dependency migration and 1Password product direction can be decided separately. Do we have a high-confidence way to reproduce the issue? Not applicable: this PR proposes a dependency/provider migration and a new accepted Is this the best way to solve the issue? Unclear: the source-level migration is coherent and current main has no lox keyring implementation, but the credential-path dependency change and overlapping 1Password direction require maintainer approval before this can be considered the best solution. AGENTS.md: found and applied where relevant. Codex review notes: model internal, reasoning high; reviewed against c0aac99f6be6. Label changesLabel changes:
Label justifications:
Evidence reviewedSecurity concerns:
What I checked:
Likely related people:
What the crustacean ranks mean
Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics. How this review workflow works
|
gog still depends on
github.com/99designs/keyring, which is effectively abandoned and has accumulated unpatched security/dependency issues. The maintained fork isgithub.com/lox/keyring/v2, so this moves gog onto that supported module path instead of carrying risk from the old upstream.gog's auth secret store also carried the old keyring adapter shape locally: provider ordering, file fallback setup, operation timeout wrapping, and the 99designs-compatible method surface. That made it harder to use the shared lox keyring packages without copying app-specific glue around.
This moves gog onto
github.com/lox/keyring/v2,github.com/lox/keyring-defaults, and the externalgithub.com/lox/keyring-1passwordprovider. gog keeps the pieces that are actually app policy: service name selection, the encrypted file fallback prompt/dir, legacy file-key compatibility, locking, and token/default-account semantics.For users, the existing
auto,keychain, andfilebehavior is preserved, whilegog auth keyring 1passwordandGOG_KEYRING_BACKEND=1passwordare available through the shared provider. The macOS Keychain trust behavior remains explicit viadefaults.KeychainTrustApplication(false), and operation timeouts now usekeyring.Timeoutfrom core.