From 0f9f956bbd046ec162d2e5b6a25aff03126e7ebe Mon Sep 17 00:00:00 2001
From: Peter Steinberger <steipete@gmail.com>
Date: Wed, 6 May 2026 21:16:28 +0100
Subject: [PATCH] perf(infra): skip usage auth discovery on default path

---
 src/infra/provider-usage.auth.ts | 26 +++++++++++++++++++++++---
 1 file changed, 23 insertions(+), 3 deletions(-)

diff --git a/src/infra/provider-usage.auth.ts b/src/infra/provider-usage.auth.ts
index 4d4bb414dec..16e5b65563e 100644
--- a/src/infra/provider-usage.auth.ts
+++ b/src/infra/provider-usage.auth.ts
@@ -367,14 +367,35 @@ export async function resolveProviderAuths(params: {
     env: params.env ?? process.env,
     agentDir: params.agentDir,
   };
-  const hasAuthProfileStoreSource = hasAnyAuthProfileStoreSource(params.agentDir);
   const authProfileSourceState: UsageAuthState = {
     ...stateBase,
     allowAuthProfileStore: true,
   };
+  const hasAuthProfileStoreSource = params.skipPluginAuthWithoutCredentialSource
+    ? hasAnyAuthProfileStoreSource(params.agentDir)
+    : false;
   const auths: ProviderAuth[] = [];
 
   for (const provider of params.providers) {
+    if (!params.skipPluginAuthWithoutCredentialSource) {
+      const pluginAuth = await resolveProviderUsageAuthViaPlugin({
+        state: authProfileSourceState,
+        provider,
+      });
+      if (pluginAuth) {
+        auths.push(pluginAuth);
+        continue;
+      }
+      const fallbackAuth = await resolveProviderUsageAuthFallback({
+        state: authProfileSourceState,
+        provider,
+      });
+      if (fallbackAuth) {
+        auths.push(fallbackAuth);
+      }
+      continue;
+    }
+
     const directCredentialState = { ...stateBase, allowAuthProfileStore: false };
     const credentialProviderIds = resolveUsageCredentialProviderIds({
       state: directCredentialState,
@@ -392,7 +413,6 @@ export async function resolveProviderAuths(params: {
         providerIds: credentialProviderIds,
       });
     const allowAuthProfileStore =
-      !params.skipPluginAuthWithoutCredentialSource ||
       hasDirectCredentialSource ||
       (hasAuthProfileStoreSource &&
         hasAuthProfileCredentialSource({
@@ -409,7 +429,7 @@ export async function resolveProviderAuths(params: {
     const hasPluginCredentialSource =
       hasDirectCredentialSource || allowAuthProfileStore || hasLegacyPiAgentCredentialSource;
 
-    if (!params.skipPluginAuthWithoutCredentialSource || hasPluginCredentialSource) {
+    if (hasPluginCredentialSource) {
       const pluginAuth = await resolveProviderUsageAuthViaPlugin({
         state,
         provider,