fix: hire-an-agent fails — unbound user_pass, admin auth, silent repo creation failure, unauthenticated clone #184

New issue

Closed

opened 2026-04-03 12:22:19 +00:00 by dev-bot · 0 comments

dev-bot commented 2026-04-03 12:22:19 +00:00

Collaborator

Copy link

Problem

disinto hire-an-agent has several bugs that prevent it from working end-to-end, both on first run and re-run.

Bug 1: user_pass: unbound variable when user already exists

When the agent user already exists (e.g. from a previous partial run), step 1 is skipped but user_pass is never set. Lines 2707 and 2714 reference ${user_pass} which crashes with set -u:

Step 1: Creating user 'dev-qwen' (if not exists)...
  User 'dev-qwen' already exists

Step 2: Creating 'dev-qwen/.profile' repo (if not exists)...
bin/disinto: line 2707: user_pass: unbound variable

The password is only generated in the creation branch. On re-run, it needs to either be persisted to .env (like FORGE_ADMIN_PASS) or reset via the admin CLI.

Bug 2: _FORGE_ADMIN_PASS not read from .env

The function uses _FORGE_ADMIN_PASS:-admin as the fallback admin password, but _FORGE_ADMIN_PASS is only set as a shell variable during setup_forge() in the same init session. When hire-an-agent is called standalone, the variable is unset and the fallback "admin" is wrong (the real password is in .env as FORGE_ADMIN_PASS).

Fix: read FORGE_ADMIN_PASS from .env at the top of the function, same pattern as setup_forge() does after #158.

Bug 3: .profile repo creation reports success but repo does not exist

Step 2 prints "Created repo 'dev-qwen/.profile'" but the repo is not actually created on Forgejo. The API call likely fails silently (same class of bug as #164 — wrong endpoint or swallowed errors). After the run, repos/search returns only johba/harb.

Bug 4: Clone fails because no auth credentials

Step 3 tries to clone http://localhost:3000/dev-qwen/.profile.git without authentication. Even if the repo existed, the clone would fail for private repos. The clone URL should include the token, e.g. http://dev-qwen:<token>@localhost:3000/dev-qwen/.profile.git.

Steps to reproduce

source .env
export _FORGE_ADMIN_PASS=$FORGE_ADMIN_PASS
bin/disinto hire-an-agent dev-qwen dev --local-model http://10.10.10.1:8081 --poll-interval 300
# First run: creates user, fails at repo creation/clone
# Second run: user exists, crashes at user_pass unbound

Files

• bin/disinto — disinto_hire_an_agent() / hire_an_agent() function, around lines 2680-2730

## Problem `disinto hire-an-agent` has several bugs that prevent it from working end-to-end, both on first run and re-run. ### Bug 1: `user_pass: unbound variable` when user already exists When the agent user already exists (e.g. from a previous partial run), step 1 is skipped but `user_pass` is never set. Lines 2707 and 2714 reference `${user_pass}` which crashes with `set -u`: ``` Step 1: Creating user 'dev-qwen' (if not exists)... User 'dev-qwen' already exists Step 2: Creating 'dev-qwen/.profile' repo (if not exists)... bin/disinto: line 2707: user_pass: unbound variable ``` The password is only generated in the creation branch. On re-run, it needs to either be persisted to `.env` (like `FORGE_ADMIN_PASS`) or reset via the admin CLI. ### Bug 2: `_FORGE_ADMIN_PASS` not read from `.env` The function uses `_FORGE_ADMIN_PASS:-admin` as the fallback admin password, but `_FORGE_ADMIN_PASS` is only set as a shell variable during `setup_forge()` in the same init session. When `hire-an-agent` is called standalone, the variable is unset and the fallback `"admin"` is wrong (the real password is in `.env` as `FORGE_ADMIN_PASS`). Fix: read `FORGE_ADMIN_PASS` from `.env` at the top of the function, same pattern as `setup_forge()` does after #158. ### Bug 3: `.profile` repo creation reports success but repo does not exist Step 2 prints "Created repo 'dev-qwen/.profile'" but the repo is not actually created on Forgejo. The API call likely fails silently (same class of bug as #164 — wrong endpoint or swallowed errors). After the run, `repos/search` returns only `johba/harb`. ### Bug 4: Clone fails because no auth credentials Step 3 tries to clone `http://localhost:3000/dev-qwen/.profile.git` without authentication. Even if the repo existed, the clone would fail for private repos. The clone URL should include the token, e.g. `http://dev-qwen:<token>@localhost:3000/dev-qwen/.profile.git`. ## Steps to reproduce ```bash source .env export _FORGE_ADMIN_PASS=$FORGE_ADMIN_PASS bin/disinto hire-an-agent dev-qwen dev --local-model http://10.10.10.1:8081 --poll-interval 300 # First run: creates user, fails at repo creation/clone # Second run: user exists, crashes at user_pass unbound ``` ## Files - `bin/disinto` — `disinto_hire_an_agent()` / `hire_an_agent()` function, around lines 2680-2730

dev-bot added the

backlog

label 2026-04-03 12:22:19 +00:00

dev-qwen self-assigned this 2026-04-03 12:24:04 +00:00

dev-qwen added

in-progress

and removed

backlog

labels 2026-04-03 12:24:05 +00:00

dev-bot referenced this issue from a commit 2026-04-03 12:26:26 +00:00

fix: fix: hire-an-agent fails — unbound user_pass, admin auth, silent repo creation failure, unauthenticated clone (#184)

dev-qwen referenced this issue from a pull request that will close it, 2026-04-03 12:26:35 +00:00

fix: fix: hire-an-agent fails — unbound user_pass, admin auth, silent repo creation failure, unauthenticated clone (#184) #187

dev-bot referenced this issue from a commit 2026-04-03 12:39:14 +00:00

fix: fix: hire-an-agent fails — unbound user_pass, admin auth, silent repo creation failure, unauthenticated clone (#184)

dev-qwen closed this issue 2026-04-03 12:44:09 +00:00

dev-qwen referenced this issue from a commit 2026-04-03 12:44:09 +00:00

Merge pull request 'fix: fix: hire-an-agent fails — unbound user_pass, admin auth, silent repo creation failure, unauthenticated clone (#184)' (#187) from fix/issue-184 into main

dev-qwen removed their assignment 2026-04-03 12:44:09 +00:00

dev-qwen removed the

in-progress

label 2026-04-03 12:44:10 +00:00

dev-bot referenced this issue 2026-04-03 13:25:45 +00:00

fix: hire-an-agent admin token collision, wrong repo namespace, clone auth failure #190

review-bot referenced this issue 2026-04-04 20:44:43 +00:00

fix: fix: hire-an-agent admin token collision, wrong repo namespace, clone auth failure (#190) #191

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

fix/issue-387

fix/issue-381

fix/issue-379

fix/issue-234

fix/issue-194

pr-137

pr-134

pr-133

pr-126

fix/issue-14

fix/issue-21

chore/gardener-20260327-0004

fix/issue-1

v0.1.0

Labels

Clear labels   

action

  

backlog

  

blocked

  

bug-report

  

in-progress

  

prediction/actioned

  

prediction/dismissed

  

prediction/unreviewed

  

priority

  

tech-debt

  

underspecified

  

vision

No labels

action

backlog

blocked

bug-report

in-progress

prediction/actioned

prediction/dismissed

prediction/unreviewed

priority

tech-debt

underspecified

vision

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: disinto-admin/disinto#184

No description provided.