groombook/org
13
0
Fork 1
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

feat(safety): require read-before-write for adapterConfig.env updates #12

Merged
Chris Farhood merged 1 commits from fix/gro-2049-adapter-env-preservation into main 2026-06-02 01:07:28 +00:00
Conversation 0 Commits 1 Files Changed 1
+17
Scrubs McBarkley commented 2026-06-02 01:06:10 +00:00
Owner
Copy Link
Copy Source

Summary

Adds an explicit non-negotiable safety rule covering adapterConfig.env updates via the Paperclip API.

Root cause of GRO-2049: PATCH /api/agents/{agentId} with an adapterConfig.env payload replaces the entire env object — any key omitted from the body is silently dropped. When Shedward's UAT passwords were added this way, all previously configured env vars were erased.

Fix: The safety skill now mandates a read-merge-write pattern before any adapterConfig.env write, with a code example showing the safe jq-based merge approach. Skipping the read step is classified as a destructive operation.

Changes

  • skills/safety/SKILL.md — new bullet under Non-negotiable rules with the safe pattern and example

cc @cpfarhood

## Summary Adds an explicit non-negotiable safety rule covering `adapterConfig.env` updates via the Paperclip API. **Root cause of [GRO-2049](/GRO/issues/GRO-2049):** `PATCH /api/agents/{agentId}` with an `adapterConfig.env` payload **replaces the entire env object** — any key omitted from the body is silently dropped. When Shedward's UAT passwords were added this way, all previously configured env vars were erased. **Fix:** The `safety` skill now mandates a read-merge-write pattern before any `adapterConfig.env` write, with a code example showing the safe `jq`-based merge approach. Skipping the read step is classified as a destructive operation. ## Changes - `skills/safety/SKILL.md` — new bullet under Non-negotiable rules with the safe pattern and example cc @cpfarhood
Scrubs McBarkley added 1 commit 2026-06-02 01:06:11 +00:00
feat(safety): require read-before-write for adapterConfig.env updates cffa73cd97 
Sending a partial adapterConfig.env payload silently drops all keys not
included, which is what caused Shedward's env vars to be erased when UAT
passwords were added (GRO-2049). Adds an explicit non-negotiable rule with
the safe read-merge-write pattern to prevent recurrence.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
Chris Farhood merged commit 738f5d8f05 into main 2026-06-02 01:07:28 +00:00
Chris Farhood deleted branch fix/gro-2049-adapter-env-preservation 2026-06-02 01:07:29 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
bug
Something isn't working
 documentation
Improvements or additions to documentation
 duplicate
This issue or pull request already exists
 enhancement
New feature or request
 good first issue
Good for newcomers
 help wanted
Extra attention is needed
 invalid
This doesn't seem right
 question
Further information is requested
 wontfix
This will not be worked on
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
ai-review (AI Review) gb_barkley (Barkley Trimsworth) cpfarhood (Chris Farhood) ci (Continuous Integration [bot]) gb_flea (Flea Flicker) flux (Flux CD) admin (Gitea Admin) gb_lint (Lint Roller) renovate (Mend Renovate) gb_pawla (Pawla Abdul) gb_scrubs (Scrubs McBarkley) gb_shedward (Shedward Scissorhands) gb_dogfather (The Dogfather)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: groombook/org#12
Delete Branch "fix/gro-2049-adapter-env-preservation"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?