Skip to content

Comments

fix(cli): add auth header and shell-safe quoting to config-to-env#96

Merged
birme merged 2 commits intomainfrom
fix/config-to-env-auth-and-quoting
Feb 23, 2026
Merged

fix(cli): add auth header and shell-safe quoting to config-to-env#96
birme merged 2 commits intomainfrom
fix/config-to-env-auth-and-quoting

Conversation

@birme
Copy link
Contributor

@birme birme commented Feb 23, 2026

Summary

Fixes two critical bugs in the osc web config-to-env CLI command that caused:

  • Special characters in parameter values being corrupted (e.g., ! in passwords) — values were output without shell quoting, so eval in the web-runner entrypoint interpreted metacharacters
  • Config loading breaking after app restarts with Authorization: command not found — the fetch call to app-config-svc was missing the Authorization header

Changes

  • Add Authorization: Bearer ${token} header to the config fetch call
  • Single-quote all values in export output (export KEY='value') with proper escaping of embedded single quotes
  • Exit with non-zero code on errors so the entrypoint can detect failures
  • Throw when the config instance is not found (instead of silently succeeding)

Root cause

Line 210 (old): await fetch(url) — token obtained on line 201 but never passed
Line 214 (old): `export ${key}=${value}` — no quoting around value

Fixes Eyevinn/osaas-ai#192 (Issues 1 and 6)

Test plan

  • Build the CLI package: npx lerna run build --scope @osaas/cli
  • Create a parameter store with a value containing !, $, single quotes
  • Run osc web config-to-env <store-name> and verify output is properly single-quoted
  • Deploy a web-runner app with the updated CLI and verify env vars load correctly
  • Verify that restarting the app still loads env vars correctly

🤖 Generated with Claude Code

@birme @claude
fix(cli): add auth header and shell-safe quoting to config-to-env
3381e7e 
The config-to-env command had two bugs:

1. The fetch call to app-config-svc was missing the Authorization
   header, causing unauthenticated requests. When auth failed, the
   error output was eval'd by the web-runner entrypoint, producing
   "Authorization: command not found" errors and loading 0 env vars.

2. Config values were output without shell quoting (export KEY=value),
   so values containing shell metacharacters (!, $, backticks) were
   corrupted by bash eval in the entrypoint. Now values are single-
   quoted with proper escaping (export KEY='value').

Also: exit with non-zero code on errors so the entrypoint can detect
failures, and throw when the config instance is not found.

Fixes Eyevinn/osaas-ai#192 (Issues 1 and 6)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@birme birme self-assigned this Feb 23, 2026
@birme birme mentioned this pull request Feb 23, 2026
Closed
4 tasks
@birme birme merged commit caee1ec into main Feb 23, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@birme birme

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@birme