auth setup-git installs broken credential helper — sed eats the appended verb #1

New issue

Closed

opened 2026-05-14 16:20:23 +00:00 by stephen · 1 comment

stephen commented 2026-05-14 16:20:23 +00:00

Owner

Copy link

Summary

fj auth setup-git (v0.1.0, from rasterandstate/tap) installs a git credential helper that fails on every invocation because git appends the verb (get, store, erase) to the end of the command line, and sed treats it as a filename.

Repro

On a fresh machine:

brew tap rasterandstate/tap
brew install fj
fj auth login                       # add rasterhub.com
fj auth setup-git
git ls-remote https://rasterhub.com/<owner>/<repo>.git

Result:

sed: get: No such file or directory
thread 'main' panicked … failed printing to stdout: Broken pipe (os error 32)
fatal: could not read Password for 'https://<user>@rasterhub.com': Device not configured

Root cause

The installed helper is literally:

!fj auth token --host rasterhub.com | sed 's/^/password=/'

Git appends the verb to the helper command, so it actually runs:

fj auth token --host rasterhub.com | sed 's/^/password=/' get

get is now a positional arg to sed, which interprets it as a filename and bails. The broken pipe panic comes from fj flushing stdout after sed has already died.

Fix

Wrap the helper so the verb lands as $1 and gets ignored (or matched against get):

!f() { [ "$1" = get ] && fj auth token --host <host> | sed "s/^/password=/"; }; f

This is what fj auth setup-git should install per host.

Also worth checking

On macOS, git-credential-osxkeychain can intercept the request before any host-specific helper runs if there's a stale credential for the host. fj auth setup-git could clear any existing osxkeychain entry for the host as part of setup:

printf 'protocol=https\nhost=<host>\n\n' | git credential-osxkeychain erase

Environment

• fj 0.1.0
• macOS (Darwin 25.3.0)
• git via Homebrew (/opt/homebrew/opt/git)
• Forgejo: rasterhub.com (Gitea 1.22.0 / Forgejo 15.0.2)

## Summary `fj auth setup-git` (v0.1.0, from `rasterandstate/tap`) installs a git credential helper that fails on every invocation because git appends the verb (`get`, `store`, `erase`) to the end of the command line, and `sed` treats it as a filename. ## Repro On a fresh machine: ```sh brew tap rasterandstate/tap brew install fj fj auth login # add rasterhub.com fj auth setup-git git ls-remote https://rasterhub.com/<owner>/<repo>.git ``` Result: ``` sed: get: No such file or directory thread 'main' panicked … failed printing to stdout: Broken pipe (os error 32) fatal: could not read Password for 'https://<user>@rasterhub.com': Device not configured ``` ## Root cause The installed helper is literally: ``` !fj auth token --host rasterhub.com | sed 's/^/password=/' ``` Git appends the verb to the helper command, so it actually runs: ``` fj auth token --host rasterhub.com | sed 's/^/password=/' get ``` `get` is now a positional arg to `sed`, which interprets it as a filename and bails. The broken pipe panic comes from `fj` flushing stdout after sed has already died. ## Fix Wrap the helper so the verb lands as `$1` and gets ignored (or matched against `get`): ``` !f() { [ "$1" = get ] && fj auth token --host <host> | sed "s/^/password=/"; }; f ``` This is what `fj auth setup-git` should install per host. ## Also worth checking On macOS, `git-credential-osxkeychain` can intercept the request before any host-specific helper runs if there's a stale credential for the host. `fj auth setup-git` could clear any existing osxkeychain entry for the host as part of setup: ```sh printf 'protocol=https\nhost=<host>\n\n' | git credential-osxkeychain erase ``` ## Environment - fj 0.1.0 - macOS (Darwin 25.3.0) - git via Homebrew (`/opt/homebrew/opt/git`) - Forgejo: rasterhub.com (Gitea 1.22.0 / Forgejo 15.0.2)

stephen referenced this issue from a commit 2026-05-14 16:23:44 +00:00

fix(auth): wrap credential helper in shell function (closes #1)

stephen closed this issue 2026-05-14 16:23:44 +00:00

stephen commented 2026-05-14 16:25:31 +00:00

Author

Owner

Copy link

Fixed in b68fb98 on main.

Root cause was as diagnosed: git appends "$@" inside the helper's sh -c command line, sed gobbles the verb as a filename, the credential dance fails. New helper wraps the pipeline in a shell function so the trailing arg is swallowed by f instead of leaking to sed.

Recovery on an already-broken machine:

fj auth setup-git --host <hostname>

This overwrites the broken credential.https://<host>.helper git config value with the new function-wrapped form.

Regression tests added in src/cli/auth.rs::setup_git_tests:

• credential_helper_wraps_in_shell_function — structural invariants
• credential_helper_isolates_git_verb — verb-trailing simulation for get/store/erase

Manual verification, replicating git's actual invocation:

# OLD form (broken)
$ sh -c 'echo TOKEN | sed "s/^/password=/" "$@"' sh get
sed: get: No such file or directory

# NEW form (this fix)
$ sh -c 'f() { echo TOKEN | sed "s/^/password=/"; }; f "$@"' sh get
password=TOKEN

Will land in v0.1.1 along with the Homebrew formula bump.

Fixed in [`b68fb98`](https://rasterhub.com/rasterstate/fj/commit/b68fb98) on `main`. Root cause was as diagnosed: git appends `"$@"` inside the helper's `sh -c` command line, sed gobbles the verb as a filename, the credential dance fails. New helper wraps the pipeline in a shell function so the trailing arg is swallowed by `f` instead of leaking to sed. **Recovery on an already-broken machine:** ```sh fj auth setup-git --host <hostname> ``` This overwrites the broken `credential.https://<host>.helper` git config value with the new function-wrapped form. **Regression tests** added in `src/cli/auth.rs::setup_git_tests`: - `credential_helper_wraps_in_shell_function` — structural invariants - `credential_helper_isolates_git_verb` — verb-trailing simulation for get/store/erase **Manual verification**, replicating git's actual invocation: ``` # OLD form (broken) $ sh -c 'echo TOKEN | sed "s/^/password=/" "$@"' sh get sed: get: No such file or directory # NEW form (this fix) $ sh -c 'f() { echo TOKEN | sed "s/^/password=/"; }; f "$@"' sh get password=TOKEN ``` Will land in v0.1.1 along with the Homebrew formula bump.

stephen referenced this issue from a commit 2026-05-14 16:30:26 +00:00

test(auth): behavioral test that runs the credential helper through sh

stephen referenced this issue 2026-06-01 16:28:26 +00:00

Implement fj work resume + local session model #41

stephen referenced this issue 2026-06-10 21:20:48 +00:00

fj run view: distinguish private-repo log auth failure from a missing run, instead of masking it as "no logs" #91

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

wip/claude-1/rasterstate-fj

feat/166-lock-unlock

wip/codex-4/rasterstate-fj

feat/168-rerun-failed

feat/169-repo-collaborator

feat/172-create-template

feat/164-pr-merge-auto

wip/claude-2/rasterstate-fj

feat/170-list-filters

feat/171-color-control

feat/165-pr-create-fill

feat/165-pr-create-fill-codex

wip/claude-3/rasterstate-fj

wip/codex-2/rasterstate-fj

fix/123-extend-friendly-errors-409-422

fix/159-merge-reason

wip/claude-4/rasterstate-fj

fix/158-issue-add-assignee-endpoint

fix/147b-keychain-noentry-fallback

feat/147-file-token-store

feat/133-release-scripting

feat/139-workflow-run-handle

feat/140-body-file

fix/pr-comment-test-green

wip/codex-3/rasterstate-fj

feat/137-org-secrets-vars

feat/132-tag-branch-refs

feat/138-run-list-filters

feat/131-pr-comment-edit

feat/134-error-ux-exit-codes

feat/136-api-body-input

feat/135-run-exit-status

feat/113-pr-list-filters

fix/111-list-paginate

fix/112-json-readonly

feat/114-pr-labels

fix/115-version-pipe

fix/91-runlog-auth-error

feat/98-issue-edit-labels

fix/96-keychain-fallback

feat/97-issue-create-labels

fix/99-readme-json-global

fix/alias-quoted-args

fix/remote-scp-colon-owner

harden/hostname-validation

fix/json-path-numeric-object-keys

fix/debug-body-preview-utf8-panic

wip/codex-1/rasterstate-fj

readme-drop-github

feat/stack-review-enriched

feat/stack-sync

feat/stack-new-real

feat/work-context-enriched

feat/agent-review-impl

feat/agent-explain-impl

feat/agent-provider

feat/stack-review

feat/stack-new

feat/work-continue

feat/work-resume-session

feat/work-context-impl

feat/work-stack-agent-commands

adopt-fjord-actions

ci/coverage-strict-gate

refactor/coverage-region-exclude

refactor/converge-json-path

refactor/split-client-resolve

test/api-coverage-round4

test/api-coverage-round3

test/cov-ignore-drift-guard

test/e2e-smoke-coverage

test/command-tree-guard

refactor/split-workflow-artifacts

chore/coverage-intent-config

test/api-label-milestone-hook

test/output-and-repo-core

refactor/split-issue-comments

refactor/split-repo-social

refactor/split-pr-module

test/api-wiremock

test/backfill-pure-helpers

cleanup/hoist-truncate-human-size

feat/run-download-and-workflow-list

feat/parity-followups

feat/actions-logs-and-gh-parity

sso-pat-guidance

test/observability-smoke

v0.2.0

v0.1.3

v0.1.2

v0.1.1

v0.1.0

Labels

Clear labels   

backlog

Accepted but not scheduled

  

blocked

Blocked or stalled waiting on external progress

  

converted

Converted into tracked work

  

opportunity

Potential product or business opportunity

  

p1

Priority 1

  

p2

Priority 2

  

p3

Priority 3

  

parked

Paused intentionally until later

No labels

backlog

blocked

converted

opportunity

p1

p2

p3

parked

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

rasterstate/fj#1

No description provided.