Fix config:switch and add environment-aware aws:push#75
Merged
jonathonbyrdziak merged 2 commits intomasterfrom Mar 21, 2026
Merged
Fix config:switch and add environment-aware aws:push#75jonathonbyrdziak merged 2 commits intomasterfrom
jonathonbyrdziak merged 2 commits intomasterfrom
Conversation
…GitHub App
- config:switch: Always fetch before switching, verify branch exists
(local or remote), confirm switch actually happened, report errors
instead of silently failing
- aws:push: Prompt for environment (config repo branch), read .env
directly from branch via git show, decrypt .env.enc in-memory,
push to environment-specific secret name (protocol/{project}/{env})
- aws:init: Show current AWS identity with option to reconfigure,
support named profiles, run aws configure interactively
- GitHubApp: Write token to composer auth.json on refresh so
composer install never hits GitHub rate limits
- AwsSecretsHelper: Support named AWS profiles, add pushSecretAs()
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…AM policy - config:switch: When target branch doesn't exist, offer to create it via config:new instead of just failing - config:new: Accept environment name as argument (no longer interactive-only) - aws:init: On AccessDeniedException, display the exact IAM policy JSON needed (pre-filled with account ID and region), loop retry so user can update permissions and re-test without restarting the wizard - SecretsSetup: Minor help text update for environment scope Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
.envdirectly from the target branch viagit showwithout switching, decrypts.env.encin-memory if encrypted, pushes toprotocol/{project}/{env}in AWSauth.jsonon refresh socomposer installnever hits GitHub API rate limitsaws.profilein protocol.jsonTest plan
protocol config:switch production— should report "does not exist" if branch missing, or switch and decrypt if presentprotocol config:switch(no arg) — should list branches and promptprotocol aws:push— should list environments and prompt for selectionprotocol aws:push production— should read .env from production branch directlyprotocol github:token— verify composer auth.json gets updated alongside git-credentials🤖 Generated with Claude Code