#164 bug: credential_store_set OOB retry hangs forever after terminal is closed

[Anonymous]

Originally created by: kumaakh

Symptom

User closes the OOB terminal window during `credential_store_set`. The tool returns `❌ Password entry cancelled`. When the LLM calls `credential_store_set` again, no new OOB window opens and the call hangs forever — requires force-killing the LLM CLI to recover.

Root cause

File: `src/services/auth-socket.ts`

`pendingRequests` is populated at line 236 via `createPendingAuth(memberName)`. It is only cleared at line 278 — inside the `catch` block.

When the OOB terminal is closed, the cancellation path resolves `cancellationPromise` with `{ fallback: "..." }` (lines 251–254) rather than throwing. Because `Promise.race()` at line 257 resolves (not rejects), the function returns at line 267 and the `catch` block is never reached — so `pendingRequests.delete(memberName)` at line 278 is never called.

On the next call, `hasPendingAuth(memberName)` at line 224 returns `true` (stale entry). The re-entrant guard at lines 224–233 skips terminal spawn and calls `waitForPassword()`, which waits forever.

Fix

Clear `pendingRequests` in the finally block (or in the fallback resolution path at line 251), not only in the `catch` block. The entry must be deleted whenever the OOB flow concludes — success, cancellation, or error.

Acceptance criteria

• [ ] After closing the OOB window, a second `credential_store_set` call opens a fresh OOB terminal
• [ ] No hang — second call resolves within the normal OOB timeout
• [ ] Existing success path unchanged

[Anonymous]

Ticket changed by: kumaakh

• status: open --> closed