Added EXIT traps to ensure temporary files are cleaned up even if scripts crash or are interrupted:
**cli/spawn.sh** (2 mktemp calls):
- Line 219: Added trap after mktemp in fetch_manifest(), clear trap after mv
- Line 537: Added trap after mktemp in cmd_update(), clear trap after mv
- Removed manual rm -f calls in error paths (trap handles cleanup)
**sprite/lib/common.sh** (3 mktemp calls):
- setup_shell_environment(): Consolidated trap for both path_temp and bash_temp
- inject_env_vars_sprite(): Added trap for env_temp, clear after successful upload
**shared/common.sh** (cleanup system):
- Auto-register cleanup trap at end of file when sourced
- This activates the existing track_temp_file() + cleanup_temp_files() system
- Previously register_cleanup_trap() had to be manually called (only 1 script did this)
Impact: Prevents /tmp file leaks when scripts are killed, crashed, or interrupted mid-execution.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Add --max-time 30 to OAuth key exchange curl to prevent indefinite hangs
- Remove unused DIM variable from cli/install.sh
- Remove unused BLUE variable from cli/spawn.sh
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Add -r flag to safe_read() to prevent backslash mangling (SC2162)
- Add shellcheck disable for intentional SSH_OPTS word splitting
- Remove unused 'gaps' variable in improve.sh (SC2034)
- Quote exit_code in return statement for consistency (SC2248)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Modified OAuth server to try ports sequentially (PORT to PORT+10) if initial
port is busy. Server now writes actual port used to a port file, which
try_oauth_flow reads to construct the correct callback URL.
Changes:
- start_oauth_server: Added port range retry logic with EADDRINUSE handling
- start_oauth_server: Now accepts port_file parameter to communicate actual port
- try_oauth_flow: Waits for port allocation and reads actual port used
- try_oauth_flow: Logs allocated port for user visibility
- Backward compatible: PORT env var still respected as starting point
Pattern:
Before: Fixed port 5180 → fails if busy
After: Try 5180, 5181, 5182... → resilient to port conflicts
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Extract hardcoded `sleep 1` values in OAuth code polling and server
startup wait to environment-configurable POLL_INTERVAL constant.
Changes:
- Added POLL_INTERVAL="${SPAWN_POLL_INTERVAL:-1}" at top of shared/common.sh
- Updated wait_for_oauth_code() to use POLL_INTERVAL (line 388)
- Updated OAuth server startup wait to use POLL_INTERVAL (line 489)
Benefits:
- Faster testing with SPAWN_POLL_INTERVAL=0.1
- Configurable for slow networks with SPAWN_POLL_INTERVAL=2
- Consistent with other timeout/delay constants added in previous commit
File modified:
- shared/common.sh
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Fixed all SC2250 shellcheck warnings by adding braces to variable
references throughout the file. This improves code consistency and
follows shellcheck best practices.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Eliminates duplicate SSH key registration logic across 5 cloud providers
(Hetzner, DigitalOcean, Vultr, Linode, Lambda) by introducing a generic
callback-based pattern in shared/common.sh.
Before: Each provider had ~45 lines of nearly identical code for:
- Generating SSH keys if missing
- Getting fingerprints
- Checking if key exists with provider
- Registering key if not exists
- Error handling
After: Providers implement 2 simple callbacks:
- check_callback: provider-specific API call to check if key exists
- register_callback: provider-specific API call to register key
The shared function handles:
- Key generation (via generate_ssh_key_if_missing)
- Fingerprint extraction (via get_ssh_fingerprint)
- Flow control and logging
- Callback orchestration
Changes:
- shared/common.sh: Added ensure_ssh_key_with_provider() function
- hetzner/lib/common.sh: Refactored to use callbacks
- digitalocean/lib/common.sh: Refactored to use callbacks
- vultr/lib/common.sh: Refactored to use callbacks
- linode/lib/common.sh: Refactored to use callbacks
- lambda/lib/common.sh: Refactored to use callbacks
Benefits:
- DRY: Eliminates ~220 lines of duplicate code
- Maintainability: Bug fixes in registration flow benefit all providers
- Consistency: All providers use identical registration logic
- Extensibility: New providers can reuse this pattern
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
The Node.js OAuth server handles its own HTTP response — the old
write_oauth_response_file and 3-arg start_oauth_server are gone.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Split all 16 instances of combined local declaration+assignment to
avoid masking return values. This is a mechanical refactor with no
logic changes.
Fixed lines: 219, 279, 283, 357, 363, 381, 385, 396, 408, 450, 618,
622, 623, 639, 664, 759
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
The nc (netcat) approach was fundamentally broken:
- macOS BSD nc has different flags than GNU nc
- nc handles exactly one connection — browsers send favicon, prefetch, etc.
- Pipe-based I/O has race conditions and blocks $() capture
- echo -e doesn't work on macOS bash 3.x for HTTP headers
Replace with Node.js http.createServer (via bun or node):
- Proper HTTP server handles multiple connections
- Parses URL query params correctly (no sed/grep on raw HTTP)
- Sends proper HTTP response with correct headers
- Gracefully ignores favicon/prefetch/extra requests
- Shuts itself down after receiving the callback code
- Works identically on macOS, Linux, and Termux
bun is already a dependency (installed by cloud-init), node is
available on most systems. Falls back to manual API key entry
if neither is available.
Co-authored-by: Sprite <noreply@sprite.dev>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
start_oauth_server was called inside $() to capture the PID, but the
backgrounded nc subshell inherited the $() stdout pipe. Since $()
waits for ALL writers to close, it blocked forever until nc exited
(which never happens — it's listening).
Fix: redirect the subshell's stdout/stderr to /dev/null so it doesn't
hold the pipe open. The PID echo still works because it runs in the
parent (after the & backgrounds the child).
Co-authored-by: Sprite <noreply@sprite.dev>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The autonomous refactoring reverted all our macOS fixes in shared/common.sh:
1. nc_listen: removed spurious -p flag check that misfires on macOS BSD nc
(BSD nc's -p means source port, not listen port — wrong syntax)
2. start_oauth_server: replaced echo -e (broken on macOS bash 3.x) with
printf-based write_oauth_response_file called before the subshell.
Removed local vars from subshell (not function scope).
3. ((elapsed++)) / ((attempt++)) → $((var + 1)) to avoid set -e killing
the script when the value is 0 (evaluates falsy).
Co-authored-by: Sprite <noreply@sprite.dev>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The autonomous refactoring added `set -euo pipefail` but the scripts
check optional env vars with `[[ -n "$VAR" ]]` which is a fatal error
under nounset when the var isn't set (e.g. SPRITE_NAME, OPENROUTER_API_KEY).
Fix: downgrade to `set -eo pipefail` across all 42 affected files.
Co-authored-by: Sprite <noreply@sprite.dev>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
