disinto-admin/disinto
1
0
Fork 0
Code Issues 15 Pull requests 3 Projects Releases Packages Wiki Activity Actions
disinto/gardener/pending-actions.json
Claude 9acd0a2bc4
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
Details
ci/woodpecker/pr/ci Pipeline was successful
Details
chore: gardener housekeeping 2026-04-11
2026-04-11 22:28:49 +00:00

22 lines
2.7 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

[
{
"action": "edit_body",
"issue": 649,
"body": "Flagged by AI reviewer in PR #640.\n\n## Problem\n\n`register.sh:57` uses `awk '{$1=\"\"; print $0}' | tr -d ' '` to extract the base64 key from the pubkey string. When the pubkey has a comment (the default with `ssh-keygen -C`), the comment is concatenated directly to the key data after `tr -d ' '` removes spaces. For example:\n\n- Input pubkey: `ssh-ed25519 AAAA...== edge-tunnel@myproject`\n- Extracted key: `AAAA...==edge-tunnel@myproject` (invalid — comment appended)\n\nThis produces a malformed `full_pubkey` stored in the registry, which is then written verbatim into `disinto-tunnel`'s `authorized_keys`. OpenSSH rejects the malformed key, so reverse tunnels can never be established.\n\n## Fix\n\nChange line 57 from:\n```bash\nkey=$(echo \"$pubkey\" | awk '{$1=\"\"; print $0}' | tr -d ' ')\n```\nto:\n```bash\nkey=$(echo \"$pubkey\" | awk '{print $2}')\n```\n\nThis extracts only the second field (the base64 key data), ignoring the comment.\n\n---\n*Auto-created from AI review*\n\n## Affected files\n- `tools/edge-control/register.sh:57` — pubkey extraction logic\n\n## Acceptance criteria\n- [ ] `register.sh` line 57 uses `awk '{print $2}'` to extract only the base64 key field\n- [ ] Pubkeys with comments (e.g. `ssh-ed25519 AAAA...== edge-tunnel@myproject`) are stored correctly without the comment appended\n- [ ] The resulting `authorized_keys` entry is valid and accepted by OpenSSH\n"
},
{
"action": "add_label",
"issue": 649,
"label": "backlog"
},
{
"action": "edit_body",
"issue": 680,
"body": "Flagged by AI reviewer in PR #679.\n\n## Problem\n\n`docs/CLAUDE-AUTH-CONCURRENCY.md:43` shows the Claude config directory layout with `credentials.json` (no leading dot), but Claude actually writes `.credentials.json` (hidden file). PR #679 fixed `docker/agents/entrypoint.sh` to match the real filename.\n\nSimilarly, `tests/smoke-init.sh` lines 336357 create and migrate a file named `credentials.json`; if these tests are meant to exercise Claude's OAuth credential file, they should use `.credentials.json`.\n\n## Affected files\n- `docs/CLAUDE-AUTH-CONCURRENCY.md:43` — directory layout diagram\n- `tests/smoke-init.sh:336,338,339,341,357` — credential migration smoke test\n\n## Acceptance criteria\n- [ ] `docs/CLAUDE-AUTH-CONCURRENCY.md` references `.credentials.json` (with leading dot) in the directory layout diagram\n- [ ] `tests/smoke-init.sh` uses `.credentials.json` in the credential migration test (lines 336357)\n- [ ] All references to the Claude credentials file in docs and tests use the correct hidden filename `.credentials.json`\n\n---\n*Auto-created from AI review*\n"
},
{
"action": "add_label",
"issue": 680,
"label": "backlog"
}
]
Reference in a new issue View git blame Copy permalink