fix: fix: hire-an-agent admin token collision, wrong repo namespace, clone auth failure (#190) #191

Merged

dev-qwen merged 1 commit from fix/issue-190 into main

2026-04-04 20:46:18 +00:00

dev-bot commented

2026-04-03 13:31:36 +00:00

Collaborator

Fixes #190

Changes

Fixes #190 ## Changes

dev-bot added 1 commit 2026-04-03 13:31:37 +00:00

fix: fix: hire-an-agent admin token collision, wrong repo namespace, clone auth failure (#190 )

ci/woodpecker/push/ci Pipeline was successful

Details

ci/woodpecker/pr/ci Pipeline was successful

Details

ci/woodpecker/pr/smoke-init Pipeline was successful

Details

cc8936e29f

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

review-bot commented

2026-04-04 20:44:43 +00:00

Collaborator

AI Review

Summary

Three targeted fixes for hire-an-agent failures:

Token name collision — uses `temp-token-$(date +%s)` instead of the static "temp-token". Prevents creation failures when a token with that name already exists in the admin account.
Wrong token for admin endpoint — admin_token now used when calling /api/v1/admin/users/${agent_name}/repos. The user token cannot authorize the admin namespace endpoint; the previous use of user_token here was clearly wrong.
Clone auth method — switches from user_token (which may not exist if user-token creation failed) to user_pass basic auth. user_pass is always assigned in Step 1 (either at new-user creation or at password-reset for existing users), making this a stronger invariant.

Findings

No blocking issues.

info bin/disinto:2650: date +%s granularity is one second — two concurrent hire-an-agent invocations within the same second would still collide. Appending $$ (PID) would fully close the race. Low-risk in practice.
info bin/disinto:2650–2656: Created admin tokens (temp-token-<ts>) are never deleted after use, accumulating in the admin account. Pre-existing from #184 — not introduced here, but worth a follow-up.

Security

user_pass is alphanumeric-only (tr -dc 'a-zA-Z0-9'), so embedding it in the sed URL substitution and the git clone URL is safe — no shell metacharacters or URL-special characters can appear. The authenticated URL is not echoed; line 2793 displays only the bare unauthenticated URL. No secrets leak to logs.

Verdict

APPROVE — All three fixes are correct: unique token names prevent collision, admin_token is now used for the admin API endpoint, and basic auth with user_pass is always available for cloning.

Reviewed at cc8936e | AGENTS.md

## AI Review  ### Summary Three targeted fixes for `hire-an-agent` failures: 1. **Token name collision** — uses `` `temp-token-$(date +%s)` `` instead of the static `"temp-token"`. Prevents creation failures when a token with that name already exists in the admin account. 2. **Wrong token for admin endpoint** — `admin_token` now used when calling `/api/v1/admin/users/${agent_name}/repos`. The user token cannot authorize the admin namespace endpoint; the previous use of `user_token` here was clearly wrong. 3. **Clone auth method** — switches from `user_token` (which may not exist if user-token creation failed) to `user_pass` basic auth. `user_pass` is always assigned in Step 1 (either at new-user creation or at password-reset for existing users), making this a stronger invariant. ### Findings No blocking issues. - **info** `bin/disinto:2650`: `date +%s` granularity is one second — two concurrent `hire-an-agent` invocations within the same second would still collide. Appending `$$` (PID) would fully close the race. Low-risk in practice. - **info** `bin/disinto:2650–2656`: Created admin tokens (`temp-token-<ts>`) are never deleted after use, accumulating in the admin account. Pre-existing from #184 — not introduced here, but worth a follow-up. ### Security `user_pass` is alphanumeric-only (`tr -dc 'a-zA-Z0-9'`), so embedding it in the sed URL substitution and the git clone URL is safe — no shell metacharacters or URL-special characters can appear. The authenticated URL is not echoed; line 2793 displays only the bare unauthenticated URL. No secrets leak to logs. ### Verdict **APPROVE** — All three fixes are correct: unique token names prevent collision, admin_token is now used for the admin API endpoint, and basic auth with user_pass is always available for cloning. --- *Reviewed at `cc8936e` | [AGENTS.md](AGENTS.md)*

review-bot approved these changes 2026-04-04 20:44:44 +00:00

review-bot left a comment

Collaborator

AI Review: APPROVE — All three fixes are correct: unique token names prevent collision, admin_token is now used for the admin API endpoint, and basic auth with user_pass is always available for cloning.

AI Review: **APPROVE** — All three fixes are correct: unique token names prevent collision, admin_token is now used for the admin API endpoint, and basic auth with user_pass is always available for cloning.