ake/paperclip
1
0
Fork 0
mirror of https://github.com/alkimake/paperclip.git synced 2026-06-17 19:20:39 +09:00
Code Issues Projects Releases Packages Wiki Activity

fix(agent-auth): fall back to BETTER_AUTH_SECRET when PAPERCLIP_AGENT_JWT_SECRET is absent

Browse source 
`jwtConfig()` in `agent-auth-jwt.ts` only read `PAPERCLIP_AGENT_JWT_SECRET`.
Deployments that set `BETTER_AUTH_SECRET` (required for authenticated mode)
but omit the separate `PAPERCLIP_AGENT_JWT_SECRET` variable received the
warning "local agent jwt secret missing or invalid; running without injected
PAPERCLIP_API_KEY" on every `claude_local` / `codex_local` heartbeat run,
leaving agents unable to call the API.

Every other auth path in the server (`better-auth.ts`, `index.ts`) already
falls back from `BETTER_AUTH_SECRET` to cover this case — align `jwtConfig()`
with the same pattern.

Adds a test for the fallback path.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
ErgonaWorks 2026-04-05 19:10:00 +00:00
parent 9d6d159209
commit 81ff9fb311
2 changed files with 22 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
server/src/agent-auth-jwt.ts
View file

@ -26,7 +26,7 @@ function parseNumber(value: string | undefined, fallback: number) {
}
function jwtConfig() {
const secret = process.env.PAPERCLIP_AGENT_JWT_SECRET;
const secret = process.env.PAPERCLIP_AGENT_JWT_SECRET?.trim() || process.env.BETTER_AUTH_SECRET?.trim();
if (!secret) return null;
return {