From 81114491f5989ee3fa37126d4f9e8ede405de58d Mon Sep 17 00:00:00 2001 From: Sam & Claude Date: Sat, 20 Jun 2026 07:06:44 +0200 Subject: [PATCH] fix(vault-fetch): tolerate 'already logged in' at bw config server MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit bw config server refuses with 'Logout required before server config update' when the CLI is already authenticated. The helper treated that as fatal (exit 1), which broke every repeat run on an already-logged-in host — exactly the 'refresh .env from vault' case the helper exists for. The bw login block already tolerates 'already logged in'; mirror that for bw config: capture stderr/stdout and tolerate 'logout required' / 'already configured' / 'already set', failing only on a real error. Verified on domedog: fixed helper runs cleanly from the logged-in state (previously exited 1 at the config step). Checks: sh -n; git diff --check; ./scripts/check-format.sh (prettier clean). Co-Authored-By: Hermes & Sam --- live/operator-session/clawdie-vault-fetch | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/live/operator-session/clawdie-vault-fetch b/live/operator-session/clawdie-vault-fetch index 898a6605..e3b7898b 100644 --- a/live/operator-session/clawdie-vault-fetch +++ b/live/operator-session/clawdie-vault-fetch @@ -105,10 +105,17 @@ cleanup() { } trap cleanup EXIT INT TERM -bw config server "$SERVER" >/dev/null 2>&1 || { - log "could not set bw server to $SERVER" - exit 1 -} +# Set the server. When already logged in, `bw config` refuses with +# "Logout required before server config update" — tolerate that, since the +# server is already set to the right value (we read it from VAULT_SERVER). +# Mirror the login tolerance: capture stderr and only fail on a real error. +if ! bw config server "$SERVER" >"$WORK/config.out" 2>"$WORK/config.err"; then + if ! grep -qi 'logout required\|already configured\|already set' "$WORK/config.err" "$WORK/config.out" 2>/dev/null; then + log "could not set bw server to $SERVER:" + sed 's/^/ /' "$WORK/config.err" >&2 + exit 1 + fi +fi # login --apikey reads BW_CLIENTID/BW_CLIENTSECRET from env. Tolerate the # "already logged in" case so repeat runs don't fail. -- 2.45.3