fix(report): trim env values so stray newline in GITHUB_REPO can't break submissions#97
Merged
Merged
Conversation
…eak submissions Production GITHUB_REPO was set to "databayt/kun\n" (trailing newline). The adapter passed it verbatim into the GitHub issue URL, so createIssue POSTed to a malformed endpoint, threw, and the pipeline returned error:"internal" — every report submission surfaced "something went wrong" to the user. Trim GITHUB_REPO, REPORT_IP_SALT, and the GitHub token at read time so any stray whitespace/newline in these env values can no longer break the report pipeline. The prod env var has also been corrected. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
3 tasks
abdout
added a commit
that referenced
this pull request
May 22, 2026
…#100) Same env-newline class as the GITHUB token fix (#97): a trailing newline in ANTHROPIC_API_KEY makes Anthropic reject the request with 401 invalid x-api-key, silently dropping AI triage and forcing every report into needs-human. Trim the key at read time. (Production AUTH_SECRET was also missing — set out of band — and the prod ANTHROPIC_API_KEY value is currently junk pending a valid key.) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
4 tasks
abdout
added a commit
that referenced
this pull request
May 25, 2026
…el env pull (#111) * docs(onboarding): bump Node 22 LTS → 24 LTS (Krypton) everywhere Node 24.16.0 Krypton is the current Active LTS as of 2026-05-24; v22 Jod moved to Maintenance. Updates onboarding.mdx (3 sites), all 3 OS install scripts, wizard-steps.json, self-hosting.mdx NodeSource pin, and mcp.mdx Playwright support line. Mac now pins node@24 (was unpinned brew install node); Windows pins OpenJS.NodeJS.LTS (was unpinned OpenJS.NodeJS); Linux stays on nvm install --lts (auto-resolves to current LTS). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * docs(onboarding): drop Tailscale + Apple Notes Dispatch; lean on native Anthropic surfaces The optional Tailscale SSH and Apple Notes Dispatch sections contradict the anthropic-native direction. Anthropic already ships the primitives we should advertise instead: PushNotification tool (CLI → mobile), claude.ai/code (remote control), computer-use beta (browser automation), GitHub Issues + Slack MCP (team async). Removed from onboarding flow: - Optional row in Deliverables, Modify, wizard pre-flight, and Act 2 tables - Entire "Remote control via Tailscale" + "Apple Notes Dispatch" sections → replaced with one "Remote control & async — native Anthropic surfaces" section that pitches the native primitives - `--with-tailscale` / `-WithTailscale` flag (CLI + wizard + state schema) - Phase 9 Tailscale block in onboarding-{mac,linux}.sh + onboarding-windows.ps1 - Apple Notes Dispatch-folder osascript block in onboarding-mac.sh - Post-run "Re-run with --with-tailscale" hint in all 3 OS scripts - /dispatch row from Daily entry points + Where-to-go-next link - `dispatch` from .claude/CLAUDE.md Tier 2 commands + Tier 3 Operations vocabulary - Tailscale VPN section + ACL table from self-hosting.mdx; updated cross-device row to point at mobile app + claude.ai/code Hard-deleted (kept in git history): - .claude/scripts/dispatch.sh - .claude/commands/dispatch.md - content/docs/dispatch.mdx Known follow-up not in this commit (operational refactor needed): - .claude/agents/captain.md and .claude/rules/cowork-bridge.md still reference dispatch.sh as the captain's escalation channel. These need a follow-up PR that switches captain to PushNotification + GitHub Issues + Slack MCP. Plan note added. - Several product docs (cowork.mdx, captain.mdx, workflows.mdx, architecture.mdx, voice.mdx, tips.mdx, commands.mdx, slack.mdx) still document the dispatch.sh-based workflow; touched in Phase 5 sweep. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(onboarding): fail fast on missing databayt org membership + SSH push Adds two pre-clone gates in Phase 3 of all three OS scripts (mac, linux, windows) so a teammate can't proceed to Phase 4 cloning if their account is misconfigured — instead of getting silent 404s on private repos: 1. databayt org membership via `gh api user/memberships/orgs/databayt --jq .state` — must return "active". On token-scope failure prints the gh auth refresh command; on inactive membership opens the invite page and exits. 2. SSH push capability via `ssh -T git@github.com` — grep the banner for "successfully authenticated" since GitHub always exits non-zero. Also adds a wizard pre-flight prompt ("Have you accepted the databayt org invite?") modeled on the existing GitHub-account question pattern, persisted as `hasDatabaytInvite` in the installer state file. Modeled on installer.sh:132 (the existing GitHub-account "Yes / No, create one / Skip" pattern). Mirrored across installer.sh, installer-linux.sh, installer.ps1. Default `gh auth login -p ssh -w` already requests `read:org` scope (verified in gh CLI docs); no `-s` flag added. wizard-steps.json schema gains hasGithub / hasDatabaytInvite / hasAnthropic, plus the new pre-flight step entry. Phase 3 label in docs + JSON now mentions the org gate. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(onboarding): vercel env pull per cloned product (.env from team databayt) Vercel is the source of truth for app env vars; `~/.claude/.env` (from the Gist) handles MCP keys + cross-cutting tokens. This bridges the gap: each cloned product gets its `.env` from Vercel during onboarding. New helpers: - .claude/scripts/vercel-pull.sh — loops `vercel link` + `vercel env pull .env --environment=development` across kun, hogwarts, codebase, souq, mkan, shifa, marketing under team `databayt`. Warn-and-continue on per-project failure; never abort. - .claude/scripts/vercel-pull.ps1 — Windows equivalent. All three OS scripts now: - Phase 1: `npm install -g vercel` (next to pnpm install) - Phase 6: invoke vercel-pull right after secrets.sh runs If `vercel` CLI is missing or the user isn't logged in, the helper prints a one-line warning and exits 0 so the install doesn't fail. Teammate runs `vercel login` later and re-runs the bootstrap (idempotent). onboarding.mdx updated: - Side-tools row mentions Vercel CLI - Verify table grows from 6 to 7 layers, adding NEW rows for org gate (Phase 3 work) and per-product env check - Act 2 phase descriptions updated for Phase 1 (Vercel CLI) and Phase 6 (Gist + Vercel env pull split) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * docs: refresh secrets/credentials/commands docs to match anthropic-native onboarding Brings parallel docs in line with the new onboarding flow: content/docs/secrets.mdx — rewritten. Old doc listed 5 secrets and used the wrong var name; reality is ~25 keys across 9 Gist sections plus per-product Vercel env. New doc explains: - Two-layer model: Gist (~/.claude/.env, cross-cutting + MCP) vs. vercel env pull (~/<repo>/.env, per-product app vars) - secrets-template.json source-of-truth at .claude/scripts/ - The Vercel trailing-newline gotcha (PR #97 incident) + `printf` fix - `.env` (not `.env.local`) convention per ~/.claude/CLAUDE.md - Canonical var name `GITHUB_PERSONAL_ACCESS_TOKEN` (not `GITHUB_TOKEN`) - Re-pull via bash ~/kun/.claude/scripts/vercel-pull.sh content/docs/credentials.mdx — GITHUB_TOKEN → GITHUB_PERSONAL_ACCESS_TOKEN across the 3 example commands. Var name now matches the convention used across all databayt repos and ~/.claude/mcp.json. content/docs/commands.mdx — drop the /dispatch row (Apple Notes Dispatch was removed in the previous commit; the command file is gone). content/docs/onboarding.mdx admin checklist (Before you sit down): - GitHub row now mentions Phase 3 hard-gate - New "Anthropic mobile app" row (native PushNotification dispatch) - Vercel row promoted from engineer-only to **every role** — needed for vercel env pull - New Neon row (project access for DATABASE_URL_*) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
GITHUB_REPOenv var was set to"databayt/kun\n"(trailing newline, set 51 days ago). The adapter passed it verbatim into the GitHub issue URL, socreateIssuePOSTed to/repos/databayt/kun%0A/issues, threw, and the pipeline returnederror: "internal"→ the dialog showed its generic error.ok:true, so a consistent error pointed straight at the twook:falsebranches (missing token /createIssuethrow).Changes
src/lib/report/adapter.ts:.trim()GITHUB_REPOandREPORT_IP_SALTat read time.src/lib/report/pipeline.ts:.trim()GITHUB_PERSONAL_ACCESS_TOKENat read time.GITHUB_REPOenv var corrected (newline removed) out of band.Test plan
databayt/kunrepo access locally (full push/issues perms, 200).databayt/kun\nproduces a malformed/404 GitHub URL.tscclean for touched files (pre-existing unrelated.next/typeslayout errors remain).🤖 Generated with Claude Code