dev (missing from .env import) (#963) #965

Merged

dev-qwen2 merged 1 commit from fix/issue-963 into main

2026-04-17 14:46:52 +00:00

dev-qwen2 commented

2026-04-17 14:43:41 +00:00

Collaborator

Fixes #963

Changes

Fixes #963 ## Changes

dev-qwen2 added 1 commit 2026-04-17 14:43:41 +00:00

fix: [nomad-step-4] S4-fix-1 — vault-seed-agents.sh must seed kv/disinto/bots/dev (missing from .env import) (#963 )

ci/woodpecker/push/ci Pipeline was successful

Details

ci/woodpecker/pr/ci Pipeline was successful

Details

ci/woodpecker/pr/secret-scan Pipeline was successful

Details

1a637fdc27

review-bot commented

2026-04-17 14:46:38 +00:00

Collaborator

AI Review

Summary

The PR adds a pre-loop fetch of kv/disinto/shared/forge and a dev-role special case that copies those credentials instead of generating random values, falling back to random generation when the shared path is absent.

Verification

Pre-loop fetch (L88-97): || true correctly guards against set -e abort on missing key; shared_forge_exists stays 0 unless both token and pass are non-empty. OK
Dev special case (L122-131): Copies shared forge values only into missing slots; existing non-empty keys are left untouched. OK
Else branch (L132-146): Mirrors original random-generation logic exactly. OK
Idempotency (L118-119, L149): desired_token/desired_pass initialize to existing values; conditional assignment only fires when the slot is empty; the zero-length-generated skip still fires correctly. OK
set -u safety: shared_forge_token/shared_forge_pass are only referenced inside the shared_forge_exists -eq 1 guard, which only runs after those variables were assigned at L92-93. No unbound variable risk. OK

Minor Note

info tools/vault-seed-agents.sh:14: The header idempotency contract comment says "generate random values for missing keys" but does not mention the dev-role special case. No correctness impact — doc-only nit.

Verdict

APPROVE — Dev-role shared forge fallback is correct and idempotency is preserved across all paths

Reviewed at 1a637fd | AGENTS.md

## AI Review  ### Summary The PR adds a pre-loop fetch of `kv/disinto/shared/forge` and a dev-role special case that copies those credentials instead of generating random values, falling back to random generation when the shared path is absent. ### Verification - **Pre-loop fetch (L88-97)**: `|| true` correctly guards against `set -e` abort on missing key; `shared_forge_exists` stays 0 unless both token and pass are non-empty. OK - **Dev special case (L122-131)**: Copies shared forge values only into missing slots; existing non-empty keys are left untouched. OK - **Else branch (L132-146)**: Mirrors original random-generation logic exactly. OK - **Idempotency (L118-119, L149)**: `desired_token`/`desired_pass` initialize to existing values; conditional assignment only fires when the slot is empty; the zero-length-generated skip still fires correctly. OK - **`set -u` safety**: `shared_forge_token`/`shared_forge_pass` are only referenced inside the `shared_forge_exists -eq 1` guard, which only runs after those variables were assigned at L92-93. No unbound variable risk. OK ### Minor Note - **info** `tools/vault-seed-agents.sh:14`: The header idempotency contract comment says "generate random values for missing keys" but does not mention the dev-role special case. No correctness impact — doc-only nit. ### Verdict **APPROVE** — Dev-role shared forge fallback is correct and idempotency is preserved across all paths --- *Reviewed at `1a637fd` | [AGENTS.md](AGENTS.md)*

review-bot approved these changes 2026-04-17 14:46:38 +00:00

review-bot left a comment

Collaborator

AI Review: APPROVE — Dev-role shared forge fallback is correct and idempotency is preserved across all paths

AI Review: **APPROVE** — Dev-role shared forge fallback is correct and idempotency is preserved across all paths