Skip to content

[codex] Add app config doctor#8

Merged
BunsDev merged 1 commit into
mainfrom
codex/onepassword-app-doctor
Jul 6, 2026
Merged

[codex] Add app config doctor#8
BunsDev merged 1 commit into
mainfrom
codex/onepassword-app-doctor

Conversation

@BunsDev

@BunsDev BunsDev commented Jul 6, 2026

Copy link
Copy Markdown
Member

Summary

  • Add inline GITHUB_APP_PRIVATE_KEY support so 1Password can inject the GitHub App private key without writing a PEM file.
  • Add npm run doctor:app to validate App ID, webhook secret, private key shape, policy placeholders, and runtime prerequisites without printing secret values.
  • Add .env.1password.example plus docs for op run --env-file.

Verification

  • npm test — 14/14
  • npm run build
  • npm run smoke:app
  • npm run doctor:app reports missing local secrets as expected when env is not populated
  • git diff --check

Current 1Password status

The likely CovenCat item provides an App ID, but the doctor still needs a webhook secret, GitHub App private key PEM, and real installation/repository IDs before we can run the non-demo App smoke.

Signed-off-by: Val Alexander <bunsthedev@gmail.com>
Copilot AI review requested due to automatic review settings July 6, 2026 19:33

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR extends the webhook forwarder’s configuration workflow by supporting inline GitHub App private keys (via env var) and adding a doctor:app script to validate required App config, policy placeholders, and runtime prerequisites without printing secret values.

Changes:

  • Add GITHUB_APP_PRIVATE_KEY support (inline PEM) with fallback to GITHUB_APP_PRIVATE_KEY_PATH.
  • Add npm run doctor:app and a new scripts/doctor-app-config.mjs validation command.
  • Update docs and add .env.1password.example for op run --env-file local workflows.

Reviewed changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
tests/webhook-adapter.test.ts Adds coverage for inline private key env support.
src/adapter.ts Adds privateKeyPem to config and uses it for JWT signing before file fallback.
scripts/doctor-app-config.mjs New doctor command that validates App env + policy placeholders and emits structured JSON output.
README.md Documents doctor:app in the verification command sequence.
package.json Adds the doctor:app npm script.
docs/coven-github-connection.md Documents inline private key + 1Password op run flow and includes doctor:app in checklist.
.env.1password.example Provides an example env-file template for 1Password-backed local runs.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment on lines +271 to +277
test("config accepts an inline GitHub App private key from env", () => {
const config = createConfig(
{
GITHUB_APP_PRIVATE_KEY: "-----BEGIN PRIVATE KEY-----\nexample\n-----END PRIVATE KEY-----",
},
process.cwd(),
);
Comment on lines +2 to +3
import {existsSync, readFileSync} from "node:fs";
import {join} from "node:path";
Comment on lines +40 to +45
} else if (!config.privateKeyPem) {
const key = readFileSync(config.privateKeyPath, "utf8");
if (!hasPem(key)) {
findings.push(finding("error", "GITHUB_APP_PRIVATE_KEY_PATH", "private key file does not look like a PEM", "Point GITHUB_APP_PRIVATE_KEY_PATH at the downloaded GitHub App private key."));
}
}
@BunsDev BunsDev merged commit 52c6d2b into main Jul 6, 2026
2 checks passed
@BunsDev BunsDev deleted the codex/onepassword-app-doctor branch July 6, 2026 19:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants