From f6cb387a2e8b8a20ab27a146acbdf0ab90bc3131 Mon Sep 17 00:00:00 2001 From: johba Date: Sun, 29 Mar 2026 07:14:10 +0000 Subject: [PATCH 1/2] fix: local keyword outside function in dev-agent diagnostics Co-Authored-By: Claude Opus 4.6 (1M context) --- dev/dev-agent.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dev/dev-agent.sh b/dev/dev-agent.sh index 21b913e..f4d06a6 100755 --- a/dev/dev-agent.sh +++ b/dev/dev-agent.sh @@ -455,9 +455,9 @@ Closing as already implemented." log "ERROR: no branch pushed after agent_run" # Dump diagnostics - local diag_file="${DISINTO_LOG_DIR:-/tmp}/dev/agent-run-last.json" + diag_file="${DISINTO_LOG_DIR:-/tmp}/dev/agent-run-last.json" if [ -f "$diag_file" ]; then - local result_text cost_usd num_turns + result_text=""; cost_usd=""; num_turns="" result_text=$(jq -r '.result // "no result field"' "$diag_file" 2>/dev/null | head -50) || result_text="(parse error)" cost_usd=$(jq -r '.cost_usd // "?"' "$diag_file" 2>/dev/null) || cost_usd="?" num_turns=$(jq -r '.num_turns // "?"' "$diag_file" 2>/dev/null) || num_turns="?" From 26a0fcf57c3ca2eeb08d91106e0917b369a69e0b Mon Sep 17 00:00:00 2001 From: Agent Date: Sun, 29 Mar 2026 07:03:26 +0000 Subject: [PATCH 2/2] fix: secrets migrate-vault: missing post-encrypt verification step (#39) --- bin/disinto | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/bin/disinto b/bin/disinto index d6b8c6e..5da58e1 100755 --- a/bin/disinto +++ b/bin/disinto @@ -2150,6 +2150,12 @@ disinto_secrets() { fi _secrets_ensure_sops encrypt_env_file "$vault_env_file" "$vault_enc_file" + # Verify decryption works before removing plaintext + if ! sops -d "$vault_enc_file" >/dev/null 2>&1; then + echo "Error: failed to verify .env.vault.enc decryption" >&2 + rm -f "$vault_enc_file" + exit 1 + fi rm -f "$vault_env_file" echo "Migrated: .env.vault -> .env.vault.enc (plaintext removed)" ;;