Rewrite the findings to reflect the corrected outcome after the first draft
misdiagnosed unlock as a password failure:
- End-to-end chain PASS: login + unlock + fetch DEEPSEEK_API_KEY + write .env
+ re-lock. Master password was correct all along; the earlier 'decryption
failed' was a stale logged-in session side effect.
- Document the one real bug: clawdie-vault-fetch failed at 'bw config server'
when already logged in ('Logout required' treated as fatal). Fixed in
clawdie-iso fix/vault-fetch-bw-config-when-logged-in.
- Record setup state on domedog (bw path, staged helper, bootstrap file).
- Carry forward the not-wired-yet follow-up: runtime consumption (agent reads
the fetched .env at launch) is the next milestone.
Checks: prettier clean; git diff --check.
Co-Authored-By: Hermes & Sam <hello@clawdie.si>
Tested the vault-fetch verification flow from domedog against
vault.smilepowered.org. bw login --apikey succeeds (authenticated as
samo.blatnik@gmail.com) but bw unlock fails with a decryption error —
BW_PASSWORD in the bootstrap env doesn't match the vault's master key.
Action: update BW_PASSWORD. PR #65 code assessed as solid, no merge blocker.
