From 569c77b1a97538f11cacb0470784e788928312c3 Mon Sep 17 00:00:00 2001 From: Goose Date: Wed, 15 Apr 2026 23:57:42 +0000 Subject: [PATCH] revert: remove GH_CONFIG_DIR from github-app-token skill Per board feedback, config isolation is the operator's responsibility. Setting GH_CONFIG_DIR per-agent is handled outside the skill. Co-Authored-By: Paperclip --- github-app-token/SKILL.md | 2 -- github-app-token/scripts/generate-token.sh | 9 ++------- 2 files changed, 2 insertions(+), 9 deletions(-) diff --git a/github-app-token/SKILL.md b/github-app-token/SKILL.md index d573cbe..52d4528 100644 --- a/github-app-token/SKILL.md +++ b/github-app-token/SKILL.md @@ -23,6 +23,4 @@ bash github-app-token/scripts/generate-token.sh The script validates env vars, generates a JWT, exchanges it for an installation token, writes the token to `$AGENT_HOME/.gh-token`, and runs `gh auth login`. On success it prints a confirmation line. On failure it exits non-zero with a descriptive error. -The script sets and exports `GH_CONFIG_DIR=$AGENT_HOME/.config/gh` so each agent's `gh` state is isolated from every other agent on the same host. After sourcing or calling the script, subsequent `gh` commands in the same shell session will automatically use that isolated config. If you spawn a subprocess, export `GH_CONFIG_DIR` before calling `gh`. - Requires `openssl`, `curl`, `jq`, and `gh`. diff --git a/github-app-token/scripts/generate-token.sh b/github-app-token/scripts/generate-token.sh index fa53084..0b30761 100755 --- a/github-app-token/scripts/generate-token.sh +++ b/github-app-token/scripts/generate-token.sh @@ -41,12 +41,7 @@ GH_TOKEN_FILE="${GH_TOKEN_FILE:-$(mktemp)}" printf '%s' "$TOKEN" > "$GH_TOKEN_FILE" chmod 600 "$GH_TOKEN_FILE" -# --- Authenticate gh CLI with per-agent config isolation --- -# Each agent gets its own GH_CONFIG_DIR so tokens never bleed across agents. -export GH_CONFIG_DIR="${AGENT_HOME:+${AGENT_HOME}/.config/gh}" -GH_CONFIG_DIR="${GH_CONFIG_DIR:-$(mktemp -d)}" -mkdir -p "$GH_CONFIG_DIR" - +# --- Authenticate gh CLI --- gh auth login --with-token < "$GH_TOKEN_FILE" -echo "Authenticated. Token written to $GH_TOKEN_FILE (expires in 1 hour). GH_CONFIG_DIR=$GH_CONFIG_DIR" +echo "Authenticated. Token written to $GH_TOKEN_FILE (expires in 1 hour)."