farhoodlabs/skills
8
0
Fork 1
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix(agent-setup, github-app-token): guard against inherited GH_CONFIG_DIR outside AGENT_HOME

Browse Source 
Contamination class: a stale GH_CONFIG_DIR inherited from a prior
session or a different agent's workspace caused generate-token.sh to
write .gh-token into a foreign workspace, silently granting that
agent's gh config access to the wrong token.

Three hardening changes:

1. agent-setup/scripts/setup.sh — before deriving GH_CONFIG_DIR from
   AGENT_HOME, warn and unset any inherited value that points outside
   AGENT_HOME. This prevents the contaminated value from leaking into
   the derived path or the dotfile.

2. agent-setup/SKILL.md — correct the sourcing example from `source ~/.env`
   to `source "$AGENT_HOME/.env"` so the dotfile is sourced from the
   documented location (setup.sh writes to $AGENT_HOME/.env, not ~/
   which may differ).

3. github-app-token/scripts/generate-token.sh — (a) add a hard die()
   guard that refuses to write the token when GH_CONFIG_DIR is outside
   AGENT_HOME; (b) pin GH_CONFIG_DIR="$GH_TOKEN_DIR" on the gh auth
   login invocation so it cannot fall back to any inherited config dir.

Verified:
- bash -n passes on both modified scripts
- With GH_CONFIG_DIR=/tmp/someone-elses/.github AGENT_HOME=/tmp/me,
  setup.sh warns + overrides; generate-token.sh dies before writing.
- With GH_CONFIG_DIR unset and a valid AGENT_HOME, behaviour is
  unchanged (token lands in $AGENT_HOME/.github).

Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
Gandalf the Greybeard (PE)
2026-06-16 21:10:26 +00:00
parent 5be276b945
commit 5f3f0ab94d
3 changed files with 13 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
agent-setup/SKILL.md
+1 -1
View File
@@ -17,7 +17,7 @@ Validates the `AGENT_HOME` environment variable, derives `GH_CONFIG_DIR` as `$AG
```bash
bash agent-setup/scripts/setup.sh
source ~/.env
source "$AGENT_HOME/.env"
```
## Output
agent-setup/scripts/setup.sh
+6
View File
@@ -5,6 +5,12 @@ die() { echo "ERROR: $*" >&2; exit 1; }
[[ -z "${AGENT_HOME:-}" ]] && die "AGENT_HOME is not set"
# Validate: never accept an inherited GH_CONFIG_DIR that points outside AGENT_HOME
if [[ -n "${GH_CONFIG_DIR:-}" && "$GH_CONFIG_DIR" != "$AGENT_HOME"* ]]; then
echo "WARN: Inherited GH_CONFIG_DIR '$GH_CONFIG_DIR' is outside AGENT_HOME. Overriding." >&2
unset GH_CONFIG_DIR
fi
# Derive GH_CONFIG_DIR — gh stores config at ~/.config/gh by default,
# so we mirror that structure under AGENT_HOME
export GH_CONFIG_DIR="$AGENT_HOME/.github"
github-app-token/scripts/generate-token.sh
+6 -1
View File
@@ -64,10 +64,15 @@ fi
mkdir -p "$GH_TOKEN_DIR"
GH_TOKEN_FILE="$GH_TOKEN_DIR/.gh-token"
# Validate GH_CONFIG_DIR is inside AGENT_HOME (prevents writing the token to a foreign workspace)
if [[ -n "${GH_CONFIG_DIR:-}" && -n "${AGENT_HOME:-}" && "$GH_CONFIG_DIR" != "$AGENT_HOME"* ]]; then
die "GH_CONFIG_DIR '$GH_CONFIG_DIR' is outside AGENT_HOME '${AGENT_HOME}'. Refusing to write token to a foreign workspace."
fi
printf '%s' "$TOKEN" > "$GH_TOKEN_FILE"
chmod 600 "$GH_TOKEN_FILE"
# --- Authenticate gh CLI ---
gh auth login --with-token < "$GH_TOKEN_FILE"
GH_CONFIG_DIR="$GH_TOKEN_DIR" gh auth login --with-token < "$GH_TOKEN_FILE"
echo "Authenticated. Token written to $GH_TOKEN_FILE (expires in 1 hour)."