fix: capture claude symlink target + verify PATH#2245
Merged
louisgv merged 3 commits intoOpenRouterTeam:mainfrom Mar 6, 2026
Merged
fix: capture claude symlink target + verify PATH#2245louisgv merged 3 commits intoOpenRouterTeam:mainfrom
louisgv merged 3 commits intoOpenRouterTeam:mainfrom
Conversation
- Use sudo mv + chown for tarball in release step (root-owned from capture) - Skip swapfile creation if /swapfile already exists (GitHub Actions runners) - Tolerate hermes setup wizard failure when /dev/tty unavailable in CI Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The claude installer creates a symlink at ~/.local/bin/claude pointing to ~/.local/share/claude/versions/X.Y.Z. The capture script was missing ~/.local/share/claude/, causing a broken symlink in the tarball. Also add ~/.npm-global/bin to the verify PATH check for claude (npm fallback install path). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
louisgv
approved these changes
Mar 6, 2026
Member
louisgv
left a comment
louisgv
left a comment
There was a problem hiding this comment.
Security Review
Verdict: APPROVED
Commit: 82e3e7e
Findings
No security issues found. All changes are security-neutral or security-positive:
- GOOD
.github/workflows/agent-tarballs.yml:116— Added stdin redirection< /dev/nullprevents interactive hangs and reduces attack surface - GOOD
.github/workflows/agent-tarballs.yml:137-139— Proper sudo mv/chown for root-owned tarball, no security issues - GOOD
packer/agents.json:35— Idempotent swap creation check, no injection risk - GOOD
packer/agents.json:42— Hermes install fallback for idempotency, safe file existence check - GOOD
packer/scripts/capture-agent.sh:25— Captures claude symlink target, no security issues - GOOD
sh/e2e/lib/verify.sh:301— PATH update matches install reality, no security issues
Tests
- bash -n: PASS (capture-agent.sh, verify.sh)
- bun test: PASS (1417/1417 tests passed)
- curl|bash: OK (no new patterns, existing domain allowlist + blocklist in place)
- macOS compat: OK (no echo -e, source <(), ((var++)), problematic local, or set -u)
-- security/pr-reviewer-2245
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
~/.local/bin/claudeis a symlink to~/.local/share/claude/versions/X.Y.Z, but the capture script wasn't including~/.local/share/claude/. Added it.~/.npm-global/binto the claude binary check in E2E verify (npm fallback install path).Found during E2E testing: codex and openclaw passed, claude failed with "binary not found".
Test plan
root/.local/share/claude/e2e.sh --cloud hetzner claude🤖 Generated with Claude Code