azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b83057f6e2e5c5e4f254a3cecbcd2ab0b9bd6dec
claudetools/.claude/scripts/vault.sh
Mike Swanson 9960da5f9a harness: fleet-wide functional-error + correction + friction logging 
Add .claude/scripts/log-skill-error.sh — the canonical agent error log helper
(writes errorlog.md in DATE | MACHINE | skill | [type] error format, soft-fails).
Three categories: execution failures (default), user corrections (--correction),
and preventable self-inflicted friction (--friction; cite ref= when it repeats a
documented gotcha). Goal: stop paying tokens twice for the same avoidable mistake.

- CLAUDE.md: make logging mandatory for all skills + corrections + friction.
- skill-creator: new skills must wire in the helper (guidance + checklist).
- Retrofit every skill script's genuine failure branches to call the helper
  (b2/bitdefender/mailprotector/packetdial/coord python CLIs; remediation-tool
  + onboard365 bash; vault, rmm-auth, post-bot-alert, agy, grok, 1password,
  run-onboarding-diagnostic). Handled conditions + self-tests left alone.
- errorlog.md: broaden header to cover skills + harness + corrections; seed this
  session's corrections (INKY, Mail.Send token-audience, omnibox-strictness) and
  friction (git-bash /tmp, env-persistence, argv-limit, PowerShell var-case).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-15 11:40:25 -07:00

60 lines
2.3 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
# vault.sh — ClaudeTools wrapper for the SOPS vault.
#
# Reads vault_path from .claude/identity.json (per-machine, gitignored).
# Delegates all arguments to the real vault.sh in that directory.
#
# Usage (from any directory):
# bash "$(git -C "$(dirname "${BASH_SOURCE[0]}")" rev-parse --show-toplevel)/.claude/scripts/vault.sh" get-field <path> <field>
#
# Or set CLAUDETOOLS_ROOT and call directly:
# bash "$CLAUDETOOLS_ROOT/.claude/scripts/vault.sh" get-field <path> <field>
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
CLAUDETOOLS_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
IDENTITY_FILE="$CLAUDETOOLS_ROOT/.claude/identity.json"
_logerr() { bash "$CLAUDETOOLS_ROOT/.claude/scripts/log-skill-error.sh" "vault" "$@" >/dev/null 2>&1 || true; }
if [[ ! -f "$IDENTITY_FILE" ]]; then
echo "[ERROR] .claude/identity.json not found at $IDENTITY_FILE" >&2
echo " Run onboarding to create it, or add vault_path manually." >&2
_logerr "identity.json not found; vault read cannot resolve vault_path" --context "path=$IDENTITY_FILE"
exit 1
fi
# Extract vault_path from identity.json — jq first, then Python with path conversion
VAULT_ROOT=""
if command -v jq >/dev/null 2>&1; then
VAULT_ROOT=$(jq -r '.vault_path // empty' "$IDENTITY_FILE" 2>/dev/null)
fi
if [[ -z "$VAULT_ROOT" ]]; then
IDENTITY_FILE_FOR_PY="$IDENTITY_FILE"
command -v cygpath >/dev/null 2>&1 && IDENTITY_FILE_FOR_PY=$(cygpath -m "$IDENTITY_FILE")
for py in py python3 python; do
if command -v "$py" >/dev/null 2>&1; then
VAULT_ROOT=$("$py" -c "import json,sys; d=json.load(open(r'$IDENTITY_FILE_FOR_PY')); print(d.get('vault_path',''))" 2>/dev/null) && break
fi
done
fi
if [[ -z "$VAULT_ROOT" ]]; then
echo "[ERROR] vault_path not set in $IDENTITY_FILE" >&2
echo " Add: \"vault_path\": \"/path/to/vault\"" >&2
_logerr "vault_path not set in identity.json; vault read failed" --context "path=$IDENTITY_FILE"
exit 1
fi
REAL_VAULT_SH="$VAULT_ROOT/scripts/vault.sh"
if [[ ! -f "$REAL_VAULT_SH" ]]; then
echo "[ERROR] vault.sh not found at $REAL_VAULT_SH" >&2
echo " Check vault_path in $IDENTITY_FILE" >&2
_logerr "real vault.sh not found at resolved vault_path; vault read failed" --context "path=$REAL_VAULT_SH"
exit 1
fi
exec bash "$REAL_VAULT_SH" "$@"
Reference in New Issue View Git Blame Copy Permalink