clawdie/clawdie-ai
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request 'docs(vault): domedog connectivity findings — login works, unlock fails (Sam & Claude)' (#15) from docs/vaultwarden-domedog-findings into main
Some checks are pending
Crowdin Sync / sync (push) Waiting to run
Details

Browse source
This commit is contained in:
clawdie 2026-06-19 19:07:09 +02:00
commit 85ea20c5ba
1 changed files with 69 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

69
docs/VAULTWARDEN-DOMEDOG-FINDINGS-2026-06-19.md Normal file
View file

@ -0,0 +1,69 @@
# Vaultwarden Connectivity — domedog Findings (2026-06-19)
**Host:** domedog (`domedog.pro`, Linux)
**Agent:** Claude
**PR under evaluation:** clawdie-iso #65 (Vaultwarden fetch + per-agent seed import)
## Test results
Ran the verification flow from `docs/VAULTWARDEN-SETUP.md` against
`https://vault.smilepowered.org`:
| Step | Command | Result |
|------|---------|--------|
| Server reachable | `curl -sI https://vault.smilepowered.org/` | ✅ HTTP 200 (Rocket/Vaultwarden) |
| bw CLI installed | `bw --version` | ✅ 2026.5.0 |
| Server config | `bw config server https://vault.smilepowered.org` | ✅ Saved |
| API key login | `bw login --apikey` (via `BW_CLIENTID`/`BW_CLIENTSECRET`) | ✅ Logged in as `samo.blatnik@gmail.com` |
| Vault unlock | `bw unlock --raw --passwordenv BW_PASSWORD` | ❌ Decryption failed |
## The failure
Authentication succeeds but decryption fails:
```
ERROR bitwarden_crypto::keys::master_key: error=The decryption operation failed
The provided key is not the expected type
```
`bw status` confirms the account is reachable and locked (not unauthenticated):
```json
{"status":"locked","userEmail":"samo.blatnik@gmail.com","userId":"ed912ad5-..."}
```
This means `BW_PASSWORD` in `~/.config/vault-bootstrap.env` does not match the
vault's master encryption key. Either:
1. The master password was changed in the web UI after the bootstrap file was
written.
2. The password has a trailing whitespace or encoding issue.
3. The KDF settings on the account were changed (iterations / algorithm).
**Action required:** update `BW_PASSWORD` in the bootstrap env file to match
the current vault master password, then re-run `bw unlock --passwordenv
BW_PASSWORD`.
## PR #65 assessment
**Code quality:** solid. `clawdie-vault-fetch` has proper cleanup (trap-based
lock-on-exit, temp dir removal), headless login via `--apikey`, sensible exit
codes (0/1/3/4), and `--write-env` upsert that preserves untouched keys at
0600. The seed importer extends the FAT32 CLAWDIESEED partition to per-agent
directories with honest security documentation.
**Not wired yet (documented as follow-ups):**
- Runtime consumption: staged `soul/` → agent workspace cwd.
- Harness launch from `harness.toml`.
- `clawdie-ai` postinstall shelling out to `clawdie-vault-fetch`.
**No blockers to merging PR #65.** The stale password is a host-config issue,
not a code defect. Once `BW_PASSWORD` is corrected, the full
`clawdie-vault-fetch` path should work end-to-end from any host with the bw CLI
and a valid bootstrap env.
## Note on identity
Earlier analysis in this session incorrectly referred to the test host as
"debby." The tests were run on **domedog** (`domedog.pro`). Debby is a separate
host (Debian 13) with its own clone and bootstrap env — its vault connectivity
is a separate question.