Plan — MT-3: CredentialManager interface + EnvCredentialManager#

Summary#

Create a CredentialManager abstraction layer that decouples secret access from environment variables. The initial EnvCredentialManager implementation preserves existing behavior (reads GITHUB_TOKEN/HUMAN_PAT and GITHUB_WEBHOOK_SECRET from process.env via ConfigService). This is Phase 1 foundation for the multi-tenant initiative and unblocks TenantResolver (#352).

Files#

Steps#

1. Create credential-manager.interface.ts with PlatformCredentials, LLMCredentials interfaces, CredentialManager interface, and CREDENTIAL_MANAGER Symbol token.
2. Create credential-error.ts with a typed CredentialError class (extends Error, sets name = 'CredentialError').
3. Create env-credential-manager.ts implementing CredentialManager — inject ConfigService, read GITHUB_TOKEN (fallback HUMAN_PAT), throw CredentialError if neither set, read GITHUB_WEBHOOK_SECRET, read ANTHROPIC_API_KEY (return empty string if missing). Ignore credentialPath parameter.
4. Create credential.module.ts — import ConfigModule, provide { provide: CREDENTIAL_MANAGER, useClass: EnvCredentialManager }, export CREDENTIAL_MANAGER.
5. Create env-credential-manager.spec.ts — test cases: (a) returns correct ENV values, (b) falls back to HUMAN_PAT, (c) throws CredentialError when no token, (d) returns empty apiKey when ANTHROPIC_API_KEY missing.
6. Run tsc --noEmit, npm run lint, npm run test to verify.

Verification#

• npm run test passes with new spec file included
• tsc --noEmit compiles without errors
• npm run lint passes with zero warnings

Risks#

• ConfigService type resolution: EnvCredentialManager must use config.get<string>() (not getOrThrow()) to support the HUMAN_PAT fallback pattern — mirrors GitHubService constructor approach.