From 2b9ebe8ac080e91c41b4bfb2bc79494ddf4894e3 Mon Sep 17 00:00:00 2001 From: Claude Date: Wed, 8 Apr 2026 19:47:05 +0000 Subject: [PATCH] fix: guard grep in classify.sh pipeline against no-match exit under pipefail grep exits 1 on no match, which aborts the script under set -euo pipefail. Wrap with { grep ... || true; } so unknown formulas fall through to default. Co-Authored-By: Claude Opus 4.6 (1M context) --- vault/classify.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/vault/classify.sh b/vault/classify.sh index 2ef2b30..f91ab25 100755 --- a/vault/classify.sh +++ b/vault/classify.sh @@ -36,8 +36,9 @@ if [ -f "$policy_file" ]; then # Parse: look for `formula_name = "tier"` under [tiers] # Escape regex metacharacters in formula name for safe grep escaped_formula=$(printf '%s' "$formula" | sed 's/[].[*^$\\]/\\&/g') + # grep may find no match (exit 1); guard with || true to avoid pipefail abort tier=$(sed -n '/^\[tiers\]/,/^\[/{/^\[tiers\]/d;/^\[/d;p}' "$policy_file" \ - | grep -E "^${escaped_formula}[[:space:]]*=" \ + | { grep -E "^${escaped_formula}[[:space:]]*=" || true; } \ | sed -E 's/^[^=]+=[[:space:]]*"([^"]+)".*/\1/' \ | head -n1)