From 302cf91294ba702c85360a17c334f098c408b937 Mon Sep 17 00:00:00 2001
From: Baudbot <hornet@agentmail.to>
Date: Mon, 23 Feb 2026 18:50:42 -0500
Subject: [PATCH] fix: unset PKG_EXECPATH and stale varlock-managed env vars in
 startup-cleanup
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

When startup-cleanup.sh runs mid-session (called by the control agent),
inherited env vars cause bridge startup failures:

1. PKG_EXECPATH — leaked from the parent varlock-launched process, causes
   varlock's SEA binary to misinterpret subcommands as Node module paths.
   The varlock broker-key probes (lines 115-122) silently fail, resulting
   in 'No Slack transport configured' and the bridge never starting.

2. varlock run does not override env vars already present in the parent
   process. If any managed value (broker tokens, API keys, config) was
   rotated after session start, the supervisor passes the stale values
   instead of reading fresh ones from ~/.config/.env.

Fix:
- unset PKG_EXECPATH at the script top (before varlock probes)
- In the supervisor subshell, dynamically unset ALL varlock-managed keys
  via 'varlock load --format env' before calling 'varlock run', so every
  restart gets fresh values regardless of which keys changed.

Regression from #148.
---
 pi/skills/control-agent/startup-cleanup.sh | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/pi/skills/control-agent/startup-cleanup.sh b/pi/skills/control-agent/startup-cleanup.sh
index ade0dc7..32aa847 100755
--- a/pi/skills/control-agent/startup-cleanup.sh
+++ b/pi/skills/control-agent/startup-cleanup.sh
@@ -11,6 +11,11 @@
 
 set -euo pipefail
 
+# Prevent varlock SEA binary from misinterpreting argv when called from a
+# session that was itself launched via varlock (PKG_EXECPATH leaks into child
+# processes and causes `varlock run` to treat subcommands as Node module paths).
+unset PKG_EXECPATH 2>/dev/null || true
+
 BRIDGE_POLICY_HELPER="$HOME/runtime/bin/lib/bridge-restart-policy.sh"
 if [ -r "$BRIDGE_POLICY_HELPER" ]; then
   # shellcheck source=bin/lib/bridge-restart-policy.sh
@@ -140,6 +145,16 @@ echo "Starting slack-bridge ($BRIDGE_SCRIPT) with PI_SESSION_ID=$MY_UUID..."
 mkdir -p "$BRIDGE_LOG_DIR"
 (
   unset PKG_EXECPATH
+  # Clear ALL varlock-managed env vars inherited from the parent session.
+  # varlock run does not override vars already set in the environment, so
+  # stale values (e.g. expired broker tokens) would leak through. By unsetting
+  # every key varlock manages, we guarantee varlock run injects fresh values
+  # from ~/.config/.env on every bridge restart.
+  if command -v varlock >/dev/null 2>&1; then
+    while IFS='=' read -r key _; do
+      [ -n "$key" ] && unset "$key"
+    done < <(varlock load --path "$HOME/.config/" --format env --compact 2>/dev/null)
+  fi
   export PATH="$HOME/.varlock/bin:$HOME/opt/node/bin:$PATH"
   export PI_SESSION_ID="$MY_UUID"
   cd /opt/baudbot/current/slack-bridge