Skip to content

arch: admin config dir (~/.baudbot/) and standalone config command#30

Merged
benvinegar merged 4 commits into
mainfrom
benvinegar/admin-config-dir
Feb 17, 2026
Merged

arch: admin config dir (~/.baudbot/) and standalone config command#30
benvinegar merged 4 commits into
mainfrom
benvinegar/admin-config-dir

Conversation

@benvinegar
Copy link
Copy Markdown
Member

@benvinegar benvinegar commented Feb 17, 2026

What

Phase 2 of the CLI restructure (TODO-41e29e4e). Admin config now lives in ~/.baudbot/ instead of being written directly to the agent's home.

Flow

baudbot config  →  writes ~/.baudbot/.env (admin-owned)
baudbot deploy  →  copies ~/.baudbot/.env → /home/baudbot_agent/.config/.env (600 perms)

Admin can edit secrets without sudo -u baudbot_agent. Re-running baudbot config shows masked existing values and preserves anything you don't change.

New: bin/config.sh

Standalone interactive config command, extracted from install.sh (~200 lines removed from install.sh).

  • Writes to ~/.baudbot/.env on the calling user
  • Resolves admin user from SUDO_USER or BAUDBOT_CONFIG_USER env var
  • Shows masked existing values on re-run (sk-a****)
  • Press Enter to keep existing value
  • Auto-generates BAUDBOT_SECRET if AgentMail is configured
  • Auto-detects BAUDBOT_SOURCE_DIR and BAUDBOT_AGENT_HOME

Changes

bin/config.sh (new)

Standalone config command. baudbot config routes here.

bin/deploy.sh

New section: copies ~/.baudbot/.env → agent's ~/.config/.env with 600 perms and correct ownership. Falls back to existing agent config if no admin config found.

install.sh

Replaced ~200 lines of inline prompting with:

BAUDBOT_CONFIG_USER="$ADMIN_USER" bash "$REPO_DIR/bin/config.sh"
bash "$REPO_DIR/bin/deploy.sh"

bin/baudbot

config command now routes to config.sh (was a stub).

bin/doctor.sh

Added admin config check (~/.baudbot/.env exists).

CI scripts

Verify admin config written to ~/.baudbot/.env and deployed to agent.

@benvinegar
arch: extract config to ~/.baudbot/, deploy copies to agent
4389e19 
Phase 2 of CLI restructure:

- bin/config.sh: standalone interactive config command
  - Writes secrets to ~/.baudbot/.env (admin-owned)
  - Shows masked existing values on re-run
  - Accepts BAUDBOT_CONFIG_USER env var for install.sh
- bin/deploy.sh: copies ~/.baudbot/.env → agent's ~/.config/.env
  - Falls back to existing agent config if no admin config found
  - Sets 600 perms and correct ownership
- install.sh: calls 'baudbot config' then 'baudbot deploy' instead
  of inline prompting. ~200 lines removed.
- bin/baudbot: config command now routes to config.sh
- bin/doctor.sh: checks for admin config dir
- CI: verifies admin config written + deployed to agent
@benvinegar
arch: fix shellcheck tilde-in-quotes warning
fb08734
sentry[bot]
sentry Bot reviewed Feb 17, 2026
View reviewed changes
Comment thread bin/config.sh Outdated
@benvinegar
arch: pass admin user to deploy.sh for config lookup
02192b6
@benvinegar
arch: guard against empty CONFIG_HOME in config.sh
12db6d4 
If getent fails (user doesn't exist, auth service outage), CONFIG_HOME
would be empty, causing secrets to be written to /.baudbot on the root
filesystem. Now exits with a clear error instead.
@benvinegar benvinegar merged commit abb4ee9 into main Feb 17, 2026
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sentry sentry[bot] sentry[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@benvinegar