fix(ado): Manually pass token through http header for ado server

[msukkari]

Thank you @Shaoqi-Cen for proposing the solution for this and providing extremely useful context in #533

This PR implements the same underlying logic but with the proposed structure. Putting up this PR so we can get this fix merged asap

This PR also makes the deploymentType field in the ADO config mandatory. This makes it much easier to tell with auth strategy to use. This will technically break deployments which don't pass this field in, but the error logs are very clear here and the behavior of the deployment won't change after the deploymentType is set, so I don't think it's worth pushing a major version

Summary by CodeRabbit

• New Features
  • Optionally send Azure DevOps Server auth token via HTTP header for clone/fetch operations.
• Bug Fixes
  • Fixed authentication flow for Azure DevOps Server deployments.
• Documentation
  • Updated Azure DevOps connection examples to include deploymentType ("cloud" or "server").
  • Changelog entry added noting the auth token handling fix.
• Chores
  • Schemas tightened: deploymentType is now required (no default) for Azure DevOps connections.

[coderabbitai]

Walkthrough

Adds required deploymentType for Azure DevOps connections (removes default "cloud") across schemas and docs. Backend now returns an authHeader for ADO Server and threads it into git clone/fetch via http.extraHeader; types updated to include authHeader and make cloneUrlWithToken optional. Changelog entry added.

Changes

Cohort / File(s)	Summary
Changelog CHANGELOG.md	Adds note: manually pass auth token for ADO Server deployments.
Docs: ADO connection examples docs/docs/connections/ado-cloud.mdx, docs/docs/connections/ado-server.mdx	Add deploymentType ("cloud" or "server") to example configs.
Docs: Schema snippets (MDX) docs/snippets/schemas/v3/...azuredevops.schema.mdx, docs/snippets/schemas/v3/...connection.schema.mdx, docs/snippets/schemas/v3/index.schema.mdx	Remove default "cloud" and mark deploymentType required in docs.
Backend: Git operations packages/backend/src/git.ts	cloneRepository and fetchRepository accept optional authHeader; use -c http.extraHeader or git config to set header for authenticated operations.
Backend: Auth plumbing & types packages/backend/src/repoManager.ts, packages/backend/src/types.ts, packages/backend/src/utils.ts	RepoAuthCredentials: add optional authHeader, make cloneUrlWithToken optional. getAuthCredentialsForRepo returns authHeader for ADO Server; repoManager passes authHeader into git calls.
Schemas: TypeScript (v3) packages/schemas/src/v3/azuredevops.schema.ts, packages/schemas/src/v3/azuredevops.type.ts, packages/schemas/src/v3/connection.schema.ts, packages/schemas/src/v3/connection.type.ts, packages/schemas/src/v3/index.schema.ts, packages/schemas/src/v3/index.type.ts	Remove default for deploymentType; add deploymentType to required fields and make it required in TS types.
JSON Schema schemas/v3/azuredevops.json	Remove default "cloud" and add deploymentType to required.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant RM as RepoManager
  participant U as utils.getAuthCredentialsForRepo
  participant G as git (clone/fetch)

  RM->>U: request credentials for repo (ADO)
  alt deploymentType == "server"
    U-->>RM: { hostUrl, token, authHeader }
    RM->>G: cloneRepository(path, cloneUrl, onProgress, authHeader)
    Note right of G: uses -c http.extraHeader / git config<br/>to set Authorization header
    RM->>G: fetchRepository(path, onProgress, authHeader)
  else deploymentType == "cloud"
    U-->>RM: { hostUrl, token, cloneUrlWithToken }
    RM->>G: cloneRepository(path, cloneUrlWithToken, onProgress)
    RM->>G: fetchRepository(path, onProgress) 
  end
  G-->>RM: progress / result

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• [experimental] feat(ee): GitHub permission syncing #508 — Modifies packages/backend/src/repoManager.ts; likely intersects with repo fetching/auth wiring.

Suggested reviewers

• brendan-kellam

Poem

I hop through repos, ears held high,
A header in my basket, tokens nigh.
Server or Cloud, I fetch with care,
Passing creds through git's thin air.
Docs and schemas snug and primed—carrots ready, pipelines timed 🥕🐇

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title succinctly and accurately conveys the primary change—adding manual token passing via HTTP header for ADO Server—using clear, concise language and appropriate scope annotation without extraneous details.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch msukkarieh/ado_server_auth

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6e44673 and 4f9cb67.

📒 Files selected for processing (4)

• packages/backend/src/git.ts (5 hunks)
• packages/backend/src/repoManager.ts (3 hunks)
• packages/backend/src/types.ts (1 hunks)
• packages/backend/src/utils.ts (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (4)

• packages/backend/src/repoManager.ts
• packages/backend/src/utils.ts
• packages/backend/src/types.ts
• packages/backend/src/git.ts

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[msukkari]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7a97d4e and 6e44673.

📒 Files selected for processing (17)

• CHANGELOG.md (1 hunks)
• docs/docs/connections/ado-cloud.mdx (6 hunks)
• docs/docs/connections/ado-server.mdx (7 hunks)
• docs/snippets/schemas/v3/azuredevops.schema.mdx (1 hunks)
• docs/snippets/schemas/v3/connection.schema.mdx (1 hunks)
• docs/snippets/schemas/v3/index.schema.mdx (1 hunks)
• packages/backend/src/git.ts (4 hunks)
• packages/backend/src/repoManager.ts (3 hunks)
• packages/backend/src/types.ts (1 hunks)
• packages/backend/src/utils.ts (2 hunks)
• packages/schemas/src/v3/azuredevops.schema.ts (1 hunks)
• packages/schemas/src/v3/azuredevops.type.ts (1 hunks)
• packages/schemas/src/v3/connection.schema.ts (1 hunks)
• packages/schemas/src/v3/connection.type.ts (1 hunks)
• packages/schemas/src/v3/index.schema.ts (1 hunks)
• packages/schemas/src/v3/index.type.ts (1 hunks)
• schemas/v3/azuredevops.json (1 hunks)

🔇 Additional comments (1)

packages/backend/src/utils.ts (1)

197-220: Thanks for isolating the ADO server flow.

This keeps the cloud and server paths straight while giving us the header we need for the Basic-auth fallback. 👌

[msukkari]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.