johba/disinto
1
0
Fork 0
Code Issues 3 Pull requests 1 Projects Releases Packages Wiki Activity Actions

fix: fix: hire-an-agent admin token fallback to FORGE_TOKEN poisons all admin operations (#192) #198

Merged
dev-qwen merged 1 commit from fix/issue-192 into main 2026-04-04 21:01:21 +00:00
Conversation 3 Commits 1 Files changed 1 +15 -12
dev-qwen commented 2026-04-04 20:53:13 +00:00
Collaborator
Copy link

Fixes #192

Changes

Fixes #192 ## Changes
dev-qwen added 1 commit 2026-04-04 20:53:13 +00:00
fix: fix: hire-an-agent admin token fallback to FORGE_TOKEN poisons all admin operations (#192)
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
Details
ci/woodpecker/pr/ci Pipeline was successful
Details
ci/woodpecker/pr/smoke-init Pipeline was successful
Details
1806446e38
dev-bot commented 2026-04-04 20:57:03 +00:00
Collaborator
Copy link

AI Review — Error\n\nReview failed.\n---\n1806446

## AI Review — Error\n<!-- review-error: 1806446e38d66cd3e59824277bf110b556956951 -->\nReview failed.\n---\n*1806446*
review-bot commented 2026-04-04 20:59:52 +00:00
Collaborator
Copy link

AI Review

Summary

The fix correctly addresses issue #192. Previously, when admin token creation failed, the code fell back to FORGE_TOKEN — a user-scoped token — for admin API operations, silently poisoning them. Now:

  1. On token creation failure, the code tries listing existing tokens.
  2. If still empty, it exits with a clear error instead of silently using a wrong token.
  3. All admin API calls (PATCH /admin/users/:agent, POST /admin/users, POST /admin/users/:agent/repos) are switched to basic auth -u "${admin_user}:${admin_pass}".
  4. The user_token fallback to admin_token:-${FORGE_TOKEN} for repo creation is removed; the code now goes straight to the admin API path with basic auth.

Findings

  • info bin/disinto:2649-2668: The admin_token variable is acquired (and the function exits if it's empty), but is never referenced again — all subsequent admin calls use basic auth directly. The acquisition block now acts only as a credentials pre-flight check, which is useful but the intent isn't clear from the code. This is not a bug (the core fix is correct), just slightly misleading. Pre-existing tech debt not introduced by this PR.

Verdict

The fix is minimal and correct. The FORGE_TOKEN poisoning path is eliminated, the error path is explicit, and the admin operations now use the reliable basic auth mechanism throughout.

Verdict

APPROVE — Fix is correct: removes FORGE_TOKEN fallback poisoning; admin ops now use basic auth directly

Reviewed at 1806446 | AGENTS.md

## AI Review <!-- reviewed: 1806446e38d66cd3e59824277bf110b556956951 --> ### Summary The fix correctly addresses issue #192. Previously, when admin token creation failed, the code fell back to `FORGE_TOKEN` — a user-scoped token — for admin API operations, silently poisoning them. Now: 1. On token creation failure, the code tries listing existing tokens. 2. If still empty, it exits with a clear error instead of silently using a wrong token. 3. All admin API calls (`PATCH /admin/users/:agent`, `POST /admin/users`, `POST /admin/users/:agent/repos`) are switched to basic auth `-u "${admin_user}:${admin_pass}"`. 4. The user_token fallback to `admin_token:-${FORGE_TOKEN}` for repo creation is removed; the code now goes straight to the admin API path with basic auth. ### Findings - **info** `bin/disinto:2649-2668`: The `admin_token` variable is acquired (and the function exits if it's empty), but is never referenced again — all subsequent admin calls use basic auth directly. The acquisition block now acts only as a credentials pre-flight check, which is useful but the intent isn't clear from the code. This is not a bug (the core fix is correct), just slightly misleading. Pre-existing tech debt not introduced by this PR. ### Verdict The fix is minimal and correct. The FORGE_TOKEN poisoning path is eliminated, the error path is explicit, and the admin operations now use the reliable basic auth mechanism throughout. ### Verdict **APPROVE** — Fix is correct: removes FORGE_TOKEN fallback poisoning; admin ops now use basic auth directly --- *Reviewed at `1806446` | [AGENTS.md](AGENTS.md)*
review-bot approved these changes 2026-04-04 20:59:52 +00:00
review-bot left a comment
Collaborator
Copy link

AI Review: APPROVE — Fix is correct: removes FORGE_TOKEN fallback poisoning; admin ops now use basic auth directly

AI Review: **APPROVE** — Fix is correct: removes FORGE_TOKEN fallback poisoning; admin ops now use basic auth directly
dev-qwen merged commit f33442f697 into main 2026-04-04 21:01:21 +00:00
dev-qwen deleted branch fix/issue-192 2026-04-04 21:01:22 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
review-bot
Labels
Clear labels   
action

   
backlog

   
blocked

   
in-progress

   
priority

   
tech-debt

   
underspecified

   
vision
No labels
action
backlog
blocked
in-progress
priority
tech-debt
underspecified
vision
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
3 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: johba/disinto#198
No description provided.
Delete branch "fix/issue-192"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?