azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: two bugs in get-token.sh vault path resolution

Browse Source 
1. Variable name collision: VAULT_PATH was used for both the SOPS file
   relative path (set by case statement) and the vault root override env
   var. Renamed env var override to VAULT_ROOT_ENV to avoid collision.

2. Wrong directory depth: CLAUDETOOLS_ROOT was navigating 3 levels up
   from scripts/ landing at .claude/ instead of repo root. Fixed to 4
   levels (scripts -> remediation-tool -> skills -> .claude -> repo root).

Also added jq as primary vault_path reader (handles Unix paths on Windows),
with cygpath-converted Python fallback.

Bugs discovered during Mac testing 2026-04-21. Windows worked only because
tokens were served from /tmp cache after first acquisition.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Mike Swanson
2026-04-21 19:12:15 -07:00
parent c37816736b
commit 90f9d9eda1
1 changed files with 14 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
.claude/skills/remediation-tool/scripts/get-token.sh
View File

@@ -84,16 +84,24 @@ fi
# Locate vault repo via .claude/identity.json (per-machine, gitignored). # Locate vault repo via .claude/identity.json (per-machine, gitignored).
# Falls back to VAULT_PATH env var if set. # Falls back to VAULT_PATH env var if set.
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
CLAUDETOOLS_ROOT="$(cd "$SCRIPT_DIR/../../.." && pwd)" CLAUDETOOLS_ROOT="$(cd "$SCRIPT_DIR/../../../.." && pwd)"
IDENTITY_FILE="$CLAUDETOOLS_ROOT/.claude/identity.json" IDENTITY_FILE="$CLAUDETOOLS_ROOT/.claude/identity.json"
VAULT_ROOT="${VAULT_ROOT_ENV:-}" VAULT_ROOT="${VAULT_ROOT_ENV:-}"
if [[ -z "$VAULT_ROOT" && -f "$IDENTITY_FILE" ]]; then if [[ -z "$VAULT_ROOT" && -f "$IDENTITY_FILE" ]]; then
for py in py python3 python; do # Try jq first (handles Unix paths on Windows cleanly)
if command -v "$py" >/dev/null 2>&1; then if command -v jq >/dev/null 2>&1; then
VAULT_ROOT=$("$py" -c "import json; print(json.load(open('$IDENTITY_FILE')).get('vault_path',''))" 2>/dev/null) && break VAULT_ROOT=$(jq -r '.vault_path // empty' "$IDENTITY_FILE" 2>/dev/null)
fi fi
done # Fall back to Python with Windows path conversion
if [[ -z "$VAULT_ROOT" ]]; then
IDENTITY_FILE_WIN=$(cygpath -w "$IDENTITY_FILE" 2>/dev/null || echo "$IDENTITY_FILE")
for py in py python3 python; do
if command -v "$py" >/dev/null 2>&1; then
VAULT_ROOT=$("$py" -c "import json; print(json.load(open(r'${IDENTITY_FILE_WIN}')).get('vault_path',''))" 2>/dev/null) && break
fi
done
fi
fi fi
[[ -z "$VAULT_ROOT" ]] && { echo "ERROR: vault_path not set in $IDENTITY_FILE and VAULT_ROOT_ENV env var not set" >&2; exit 3; } [[ -z "$VAULT_ROOT" ]] && { echo "ERROR: vault_path not set in $IDENTITY_FILE and VAULT_ROOT_ENV env var not set" >&2; exit 3; }
[[ ! -d "$VAULT_ROOT" ]] && { echo "ERROR: vault not found at $VAULT_ROOT (check vault_path in $IDENTITY_FILE)" >&2; exit 3; } [[ ! -d "$VAULT_ROOT" ]] && { echo "ERROR: vault not found at $VAULT_ROOT (check vault_path in $IDENTITY_FILE)" >&2; exit 3; }