Open
Conversation
WalkthroughScripts, docs, and gitignore were changed to load environment variables from both project-local ChangesEnvironment file loading and credential handling
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Possibly related PRs
Important Pre-merge checks failedPlease resolve all errors before merging. Addressing warnings is optional. ❌ Failed checks (1 inconclusive)
✅ Passed checks (9 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Tip 💬 Introducing Slack Agent: The best way for teams to turn conversations into code.Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.
Built for teams:
One agent for your entire SDLC. Right inside Slack. Review rate limit: 9/10 reviews remaining, refill in 6 minutes. Comment |
aireilly
force-pushed
the
fix/support-local-env-file
branch
from
ccddf29 to
c323a7e
Compare
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 9
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In
`@plugins/docs-tools/skills/docs-workflow-create-jira/scripts/create-jira-ticket.sh`:
- Around line 18-20: The script currently sources a local ".env" relative to the
current working directory which can fail if the script is invoked from
elsewhere; update create-jira-ticket.sh to compute the project root from the
PLAN_FILE variable (or fallback to BASE_PATH/PLAN_FILE if needed), resolve the
".env" path against that root (e.g., project_root/.env) and source that resolved
path instead of plain ".env" so the local overrides are reliably loaded;
reference the existing PLAN_FILE and/or BASE_PATH variables when building the
absolute path and only attempt to source if the resolved file exists.
In `@plugins/docs-tools/skills/docs-workflow-create-jira/SKILL.md`:
- Line 31: Update the documentation sentence to note that create-jira-ticket.sh
accepts a backward-compatible alias by mentioning both environment variable
names: JIRA_API_TOKEN (preferred) and JIRA_AUTH_TOKEN (fallback), and also state
that JIRA_EMAIL is required; reference the script name create-jira-ticket.sh and
the exact env var names so readers know the fallback is supported.
In
`@plugins/docs-tools/skills/docs-workflow-jira-ready/scripts/jira-ready-check.sh`:
- Around line 64-65: Replace the unsafe "set -a; source ~/.env" and "set -a;
source .env" usage with a safe key/value parser: first capture the current
environment keys (e.g., export -p or env | cut to a set), then parse ~/.env
line-by-line (ignoring non-KEY=VALUE lines and shell commands) and export values
only for keys that do not already exist, then parse .env likewise but only set
keys that were present before the script started (i.e., do not overwrite
pre-existing exports); ensure parsing skips/strips quotes, comments, and empty
lines and logs/ignores malformed lines, and apply the same replacement for both
occurrences of the source commands (the two "set -a; source ..." statements
referring to ~/.env and .env).
- Around line 62-66: The script only sources ~/.env and .env when JIRA_API_TOKEN
is empty, which can leave JIRA_EMAIL undefined; update the logic so the env
files are sourced unconditionally (or at least when either JIRA_API_TOKEN or
JIRA_EMAIL is missing) by moving or duplicating the set -a; source ~/.env and
set -a; source .env calls outside the if block (referencing JIRA_API_TOKEN,
JIRA_EMAIL and the existing source lines) so credentials from .env are always
available before the later checks.
In `@plugins/docs-tools/skills/git-pr-reader/scripts/git_pr_reader.py`:
- Around line 91-101: The load_env_file() loop currently assigns variables from
".env" with os.environ[key.strip()] = value.strip(), which overwrites existing
shell env vars; change that assignment to use os.environ.setdefault(key.strip(),
value.strip()) so both "~/.env" and ".env" only set values when the variable is
not already present (refer to the env_path loop and the os.environ usage inside
load_env_file).
In `@plugins/docs-tools/skills/jira-reader/scripts/jira_reader.py`:
- Around line 153-155: The error message for the missing token is too long and
must mention both accepted env names; update the ValueError raised after the
token lookup (the token = os.environ.get("JIRA_API_TOKEN") or
os.environ.get("JIRA_AUTH_TOKEN") block) to use a wrapped/parenthesized string
under 100 chars that explicitly names both JIRA_API_TOKEN and the legacy
JIRA_AUTH_TOKEN alias so Ruff is satisfied and the message matches the lookup
logic.
- Around line 133-143: The loop that loads .env files currently overwrites
pre-existing environment variables when env_path == ".env" by using direct
assignment to os.environ; change that behavior so both branches use
os.environ.setdefault (or otherwise check for existing keys before assigning) so
that existing exported env vars are preserved; update the block that processes
lines (the for env_path in [...] loop and the key/value handling logic) to call
os.environ.setdefault(key.strip(), value.strip()) for both
os.path.expanduser("~/.env") and ".env" instead of assigning with
os.environ[key] = value.
In `@plugins/docs-tools/skills/jira-writer/scripts/jira_writer.py`:
- Line 62: The ValueError message in the raise ValueError(...) call exceeds the
project's line-length limit (Ruff E501); shorten or split the string so the line
is within the limit — for example replace the long literal with a shorter
message like "JIRA_API_TOKEN env var not set. Add to .env or ~/.env" or split it
across two concatenated literals (e.g. "JIRA_API_TOKEN environment variable not
set. " + "Add it to .env or ~/.env") in the raise ValueError(...) expression to
keep the code style checker satisfied.
- Around line 35-45: The loop loading .env files currently overwrites existing
environment variables when env_path == ".env" due to using os.environ[...] =
value; change that assignment so the code only sets the key if it is not already
present (e.g., use os.environ.setdefault or check key in os.environ before
setting) so pre-existing process env vars retain precedence; update the block
that handles env_path == ".env" (the loop over env_path and the branch that does
os.environ[...] = ...) to use a non-overwriting set operation.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: 855d12d7-4d10-4d38-bf28-72021ec0e5c7
📒 Files selected for processing (21)
.gitignoreplugins/docs-tools/.claude-plugin/plugin.jsonplugins/docs-tools/README.mdplugins/docs-tools/agents/docs-planner.mdplugins/docs-tools/agents/docs-writer.mdplugins/docs-tools/agents/requirements-analyst.mdplugins/docs-tools/agents/requirements-discoverer.mdplugins/docs-tools/agents/technical-reviewer.mdplugins/docs-tools/skills/docs-orchestrator/SKILL.mdplugins/docs-tools/skills/docs-review-style/SKILL.mdplugins/docs-tools/skills/docs-review-technical/SKILL.mdplugins/docs-tools/skills/docs-workflow-create-jira/SKILL.mdplugins/docs-tools/skills/docs-workflow-create-jira/scripts/create-jira-ticket.shplugins/docs-tools/skills/docs-workflow-jira-ready/SKILL.mdplugins/docs-tools/skills/docs-workflow-jira-ready/scripts/jira-ready-check.shplugins/docs-tools/skills/git-pr-reader/SKILL.mdplugins/docs-tools/skills/git-pr-reader/scripts/git_pr_reader.pyplugins/docs-tools/skills/jira-reader/SKILL.mdplugins/docs-tools/skills/jira-reader/scripts/jira_reader.pyplugins/docs-tools/skills/jira-writer/SKILL.mdplugins/docs-tools/skills/jira-writer/scripts/jira_writer.py
There was a problem hiding this comment.
♻️ Duplicate comments (3)
plugins/docs-tools/skills/docs-workflow-create-jira/scripts/create-jira-ticket.sh (1)
18-20:⚠️ Potential issue | 🟠 Major | ⚡ Quick winResolve the local
.envpath against the project root.
source .envonly works when the script is launched from the repo root. The orchestrator sets an absoluteBASE_PATHbut does not guarantee the script runs from that location. If invoked from any other working directory (e.g., from.agent_workspace), the local override silently fails, breaking the core feature of this PR.Derive the project root from
PLAN_FILEand source that file explicitly.🔧 Proposed fix
+PROJECT_ROOT="$(cd "$(dirname "$PLAN_FILE")/.." && pwd)" + # Load global defaults, then local overrides source ~/.env 2>/dev/null || true -source .env 2>/dev/null || true +source "${PROJECT_ROOT}/.env" 2>/dev/null || true🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@plugins/docs-tools/skills/docs-workflow-create-jira/scripts/create-jira-ticket.sh` around lines 18 - 20, The local .env is being sourced with a relative path which fails if the script isn't run from the repo root; instead resolve the project root from the PLAN_FILE (or BASE_PATH) and source the env file using that absolute path. Update the script (create-jira-ticket.sh) to compute the project root from the PLAN_FILE variable (e.g., dirname/resolve PLAN_FILE) and then source "$PROJECT_ROOT/.env" (and keep sourcing ~/.env first), ensuring the explicit absolute path is used so the local overrides are applied regardless of current working directory.plugins/docs-tools/skills/docs-workflow-jira-ready/scripts/jira-ready-check.sh (2)
62-66:⚠️ Potential issue | 🟠 Major | ⚡ Quick win
JIRA_EMAILcan be missed because env loading is gated on token presence.Line 62 only loads env files when
JIRA_API_TOKENis empty. If the token is exported butJIRA_EMAILis only in.env/~/.env, Line 75 will fail even though credentials exist in the env files.🔧 Suggested fix
-if [[ -z "${JIRA_API_TOKEN:-}" ]]; then - # Load global defaults, then local overrides - set -a; source ~/.env 2>/dev/null || true; set +a - set -a; source .env 2>/dev/null || true; set +a -fi +# Load global defaults, then local overrides +set -a; source ~/.env 2>/dev/null || true; set +a +set -a; source .env 2>/dev/null || true; set +a🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@plugins/docs-tools/skills/docs-workflow-jira-ready/scripts/jira-ready-check.sh` around lines 62 - 66, The env-file loading is gated on JIRA_API_TOKEN which can cause JIRA_EMAIL to be missing later; move or change the logic so that the lines that source ~/.env and .env (the set -a; source ~/.env ... and set -a; source .env ...) are executed unconditionally (or at least before any checks that rely on JIRA_EMAIL or JIRA_API_TOKEN), then perform the empty-variable checks for JIRA_API_TOKEN and JIRA_EMAIL afterwards; update references to JIRA_API_TOKEN and JIRA_EMAIL so the script reads values provided by the sourced files even when JIRA_API_TOKEN is already exported.
64-65:⚠️ Potential issue | 🟠 Major | 🏗️ Heavy liftMultiple issues with direct
.envsourcing: precedence violation, path resolution, and safety.
Precedence violation:
sourceoverwrites pre-existing environment variables, violating the PR objective that "pre-existing environment variables" have highest precedence. To honor that contract, you must check whether each key exists before setting it.Path resolution:
source .envis relative to the current working directory. If this script is invoked from a different directory (e.g., from.agent_workspace), the local override will silently fail.Safety concern: Directly sourcing
.envexecutes arbitrary shell commands. While.envfiles are user-controlled (not untrusted), a safer key/value parser would avoid command execution.🔧 Recommended fix
Replace the unsafe
sourceusage with a safe key/value parser that:
- Captures initial environment keys
- Loads
~/.envas defaults- Loads local
.env(resolved to project root) as overrides- Only sets keys that don't already exist in the pre-script environment
Example implementation:
# Capture pre-existing keys EXISTING_KEYS=$(export -p | sed -n 's/^declare -x \([^=]*\)=.*/\1/p' | sort) # Function to safely load env file load_env_file() { local file="$1" [[ -f "$file" ]] || return 0 while IFS='=' read -r key value; do # Skip comments, empty lines, and malformed lines [[ "$key" =~ ^[[:space:]]*# ]] && continue [[ -z "$key" ]] && continue [[ "$key" =~ ^[A-Za-z_][A-Za-z0-9_]*$ ]] || continue # Only set if not already in environment if ! grep -qFx "$key" <<<"$EXISTING_KEYS"; then # Strip quotes and export value="${value%\"}" value="${value#\"}" export "$key=$value" fi done < <(grep -v '^[[:space:]]*$' "$file") } # Resolve project root from script location or a known anchor # Adjust based on your repo structure PROJECT_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../../../.." && pwd)" # Load global defaults, then local overrides load_env_file ~/.env load_env_file "${PROJECT_ROOT}/.env"🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@plugins/docs-tools/skills/docs-workflow-jira-ready/scripts/jira-ready-check.sh` around lines 64 - 65, Replace the two unsafe "set -a; source ..." lines in jira-ready-check.sh with a safe loader: capture pre-existing environment keys into EXISTING_KEYS, implement a load_env_file function that parses key=value lines (skipping comments, malformed lines, stripping quotes) and only exports keys not present in EXISTING_KEYS, resolve the local .env path from the script location (e.g., using BASH_SOURCE to compute PROJECT_ROOT) and then call load_env_file for ~/.env first and the resolved PROJECT_ROOT/.env second so defaults are loaded then local overrides without overwriting pre-existing environment variables.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Duplicate comments:
In
`@plugins/docs-tools/skills/docs-workflow-create-jira/scripts/create-jira-ticket.sh`:
- Around line 18-20: The local .env is being sourced with a relative path which
fails if the script isn't run from the repo root; instead resolve the project
root from the PLAN_FILE (or BASE_PATH) and source the env file using that
absolute path. Update the script (create-jira-ticket.sh) to compute the project
root from the PLAN_FILE variable (e.g., dirname/resolve PLAN_FILE) and then
source "$PROJECT_ROOT/.env" (and keep sourcing ~/.env first), ensuring the
explicit absolute path is used so the local overrides are applied regardless of
current working directory.
In
`@plugins/docs-tools/skills/docs-workflow-jira-ready/scripts/jira-ready-check.sh`:
- Around line 62-66: The env-file loading is gated on JIRA_API_TOKEN which can
cause JIRA_EMAIL to be missing later; move or change the logic so that the lines
that source ~/.env and .env (the set -a; source ~/.env ... and set -a; source
.env ...) are executed unconditionally (or at least before any checks that rely
on JIRA_EMAIL or JIRA_API_TOKEN), then perform the empty-variable checks for
JIRA_API_TOKEN and JIRA_EMAIL afterwards; update references to JIRA_API_TOKEN
and JIRA_EMAIL so the script reads values provided by the sourced files even
when JIRA_API_TOKEN is already exported.
- Around line 64-65: Replace the two unsafe "set -a; source ..." lines in
jira-ready-check.sh with a safe loader: capture pre-existing environment keys
into EXISTING_KEYS, implement a load_env_file function that parses key=value
lines (skipping comments, malformed lines, stripping quotes) and only exports
keys not present in EXISTING_KEYS, resolve the local .env path from the script
location (e.g., using BASH_SOURCE to compute PROJECT_ROOT) and then call
load_env_file for ~/.env first and the resolved PROJECT_ROOT/.env second so
defaults are loaded then local overrides without overwriting pre-existing
environment variables.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: e8e2eb27-2a98-45ee-80dd-ee328ddbecec
📒 Files selected for processing (21)
.gitignoreplugins/docs-tools/.claude-plugin/plugin.jsonplugins/docs-tools/README.mdplugins/docs-tools/agents/docs-planner.mdplugins/docs-tools/agents/docs-writer.mdplugins/docs-tools/agents/requirements-analyst.mdplugins/docs-tools/agents/requirements-discoverer.mdplugins/docs-tools/agents/technical-reviewer.mdplugins/docs-tools/skills/docs-orchestrator/SKILL.mdplugins/docs-tools/skills/docs-review-style/SKILL.mdplugins/docs-tools/skills/docs-review-technical/SKILL.mdplugins/docs-tools/skills/docs-workflow-create-jira/SKILL.mdplugins/docs-tools/skills/docs-workflow-create-jira/scripts/create-jira-ticket.shplugins/docs-tools/skills/docs-workflow-jira-ready/SKILL.mdplugins/docs-tools/skills/docs-workflow-jira-ready/scripts/jira-ready-check.shplugins/docs-tools/skills/git-pr-reader/SKILL.mdplugins/docs-tools/skills/git-pr-reader/scripts/git_pr_reader.pyplugins/docs-tools/skills/jira-reader/SKILL.mdplugins/docs-tools/skills/jira-reader/scripts/jira_reader.pyplugins/docs-tools/skills/jira-writer/SKILL.mdplugins/docs-tools/skills/jira-writer/scripts/jira_writer.py
✅ Files skipped from review due to trivial changes (13)
- .gitignore
- plugins/docs-tools/skills/docs-workflow-jira-ready/SKILL.md
- plugins/docs-tools/skills/git-pr-reader/SKILL.md
- plugins/docs-tools/.claude-plugin/plugin.json
- plugins/docs-tools/skills/jira-writer/SKILL.md
- plugins/docs-tools/skills/docs-workflow-create-jira/SKILL.md
- plugins/docs-tools/skills/docs-orchestrator/SKILL.md
- plugins/docs-tools/skills/jira-reader/SKILL.md
- plugins/docs-tools/agents/requirements-discoverer.md
- plugins/docs-tools/agents/requirements-analyst.md
- plugins/docs-tools/skills/docs-review-style/SKILL.md
- plugins/docs-tools/skills/jira-reader/scripts/jira_reader.py
- plugins/docs-tools/agents/technical-reviewer.md
🚧 Files skipped from review as they are similar to previous changes (5)
- plugins/docs-tools/skills/git-pr-reader/scripts/git_pr_reader.py
- plugins/docs-tools/agents/docs-planner.md
- plugins/docs-tools/agents/docs-writer.md
- plugins/docs-tools/skills/jira-writer/scripts/jira_writer.py
- plugins/docs-tools/skills/docs-review-technical/SKILL.md
Harden .env loading across all docs-tools scripts: - Shell scripts: resolve .env from project root (via git rev-parse) instead of relying on CWD; use safe key/value parser instead of source to prevent arbitrary shell execution from .env files - Python scripts: use setdefault for both .env and ~/.env so pre-existing env vars are never overwritten; load .env before ~/.env so local settings take precedence; strip surrounding quotes from values - jira-ready-check.sh: source env unconditionally (not just when JIRA_API_TOKEN is empty) so JIRA_EMAIL is also loaded - Documentation: mention JIRA_AUTH_TOKEN backward-compatible alias and JIRA_EMAIL requirement in SKILL.md files - Error messages: mention both JIRA_API_TOKEN and JIRA_AUTH_TOKEN Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> rh-pre-commit.version: 2.3.2 rh-pre-commit.check-secrets: ENABLED
aireilly
force-pushed
the
fix/support-local-env-file
branch
from
c323a7e to
39fd971
Compare
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In
`@plugins/docs-tools/skills/docs-workflow-create-jira/scripts/create-jira-ticket.sh`:
- Around line 20-43: The loader currently loads ~/.env first then the project
.env using _safe_load_env which only exports unset keys, causing ~/.env to win;
change the flow so project-local env overrides user env: either call
_safe_load_env on "$_project_root/.env" before loading ~/.env, or modify
_safe_load_env to accept an optional "override" flag so when invoked for
"$_project_root/.env" it will export and replace existing keys (but still avoid
clobbering truly pre-existing environment variables), referencing the
_safe_load_env function, the ~/.env load, and the "$_project_root/.env"
invocation to implement the fix.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: 19af4fd6-c1f0-44cd-bffb-4b941697a0fa
📒 Files selected for processing (21)
.gitignoreplugins/docs-tools/.claude-plugin/plugin.jsonplugins/docs-tools/README.mdplugins/docs-tools/agents/docs-planner.mdplugins/docs-tools/agents/docs-writer.mdplugins/docs-tools/agents/requirements-analyst.mdplugins/docs-tools/agents/requirements-discoverer.mdplugins/docs-tools/agents/technical-reviewer.mdplugins/docs-tools/skills/docs-orchestrator/SKILL.mdplugins/docs-tools/skills/docs-review-style/SKILL.mdplugins/docs-tools/skills/docs-review-technical/SKILL.mdplugins/docs-tools/skills/docs-workflow-create-jira/SKILL.mdplugins/docs-tools/skills/docs-workflow-create-jira/scripts/create-jira-ticket.shplugins/docs-tools/skills/docs-workflow-jira-ready/SKILL.mdplugins/docs-tools/skills/docs-workflow-jira-ready/scripts/jira-ready-check.shplugins/docs-tools/skills/git-pr-reader/SKILL.mdplugins/docs-tools/skills/git-pr-reader/scripts/git_pr_reader.pyplugins/docs-tools/skills/jira-reader/SKILL.mdplugins/docs-tools/skills/jira-reader/scripts/jira_reader.pyplugins/docs-tools/skills/jira-writer/SKILL.mdplugins/docs-tools/skills/jira-writer/scripts/jira_writer.py
✅ Files skipped from review due to trivial changes (12)
- .gitignore
- plugins/docs-tools/skills/docs-workflow-create-jira/SKILL.md
- plugins/docs-tools/.claude-plugin/plugin.json
- plugins/docs-tools/skills/docs-workflow-jira-ready/SKILL.md
- plugins/docs-tools/agents/requirements-discoverer.md
- plugins/docs-tools/skills/docs-orchestrator/SKILL.md
- plugins/docs-tools/skills/docs-review-style/SKILL.md
- plugins/docs-tools/agents/technical-reviewer.md
- plugins/docs-tools/agents/docs-writer.md
- plugins/docs-tools/skills/jira-writer/SKILL.md
- plugins/docs-tools/skills/jira-reader/SKILL.md
- plugins/docs-tools/agents/docs-planner.md
🚧 Files skipped from review as they are similar to previous changes (4)
- plugins/docs-tools/skills/git-pr-reader/SKILL.md
- plugins/docs-tools/agents/requirements-analyst.md
- plugins/docs-tools/skills/jira-reader/scripts/jira_reader.py
- plugins/docs-tools/skills/docs-workflow-jira-ready/scripts/jira-ready-check.sh
Swap the shell script load order to match the Python scripts: project .env first (local overrides), then ~/.env (global defaults). Since _safe_load_env only sets unset keys, first-loaded wins. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> rh-pre-commit.version: 2.3.2 rh-pre-commit.check-secrets: ENABLED
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In
`@plugins/docs-tools/skills/docs-workflow-jira-ready/scripts/jira-ready-check.sh`:
- Around line 82-85: The script currently derives _project_root from SCRIPT_DIR,
which ties .env loading to the script repo; instead resolve the caller project
root from the current working directory and only fall back to the script
directory if that fails. Change the logic around _project_root so it first runs
git rev-parse --show-toplevel (or simply checks $PWD/.env) using the runtime
working directory (e.g. "$PWD") and call _safe_load_env with that path if
present, otherwise fall back to using SCRIPT_DIR-based resolution; update
references to _project_root, SCRIPT_DIR, and the _safe_load_env invocation in
jira-ready-check.sh accordingly.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: 5483d219-d831-4fc8-bec7-c7910404f7ec
📒 Files selected for processing (2)
plugins/docs-tools/skills/docs-workflow-create-jira/scripts/create-jira-ticket.shplugins/docs-tools/skills/docs-workflow-jira-ready/scripts/jira-ready-check.sh
🚧 Files skipped from review as they are similar to previous changes (1)
- plugins/docs-tools/skills/docs-workflow-create-jira/scripts/create-jira-ticket.sh
Comment on lines
+82
to
85
| _project_root="$(cd "$SCRIPT_DIR" 2>/dev/null && git rev-parse --show-toplevel 2>/dev/null || true)" | ||
| if [[ -n "$_project_root" ]]; then | ||
| _safe_load_env "$_project_root/.env" | ||
| fi |
There was a problem hiding this comment.
Local .env resolution is coupled to the script repo, not runtime project.
Line 82 resolves _project_root from SCRIPT_DIR, which can miss the caller project’s ./.env when this script is invoked from another repository/worktree. That undermines the per-project override objective.
Proposed adjustment
-_project_root="$(cd "$SCRIPT_DIR" 2>/dev/null && git rev-parse --show-toplevel 2>/dev/null || true)"
+_project_root="$(git rev-parse --show-toplevel 2>/dev/null || pwd)"
if [[ -n "$_project_root" ]]; then
_safe_load_env "$_project_root/.env"
fi🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In
`@plugins/docs-tools/skills/docs-workflow-jira-ready/scripts/jira-ready-check.sh`
around lines 82 - 85, The script currently derives _project_root from
SCRIPT_DIR, which ties .env loading to the script repo; instead resolve the
caller project root from the current working directory and only fall back to the
script directory if that fails. Change the logic around _project_root so it
first runs git rev-parse --show-toplevel (or simply checks $PWD/.env) using the
runtime working directory (e.g. "$PWD") and call _safe_load_env with that path
if present, otherwise fall back to using SCRIPT_DIR-based resolution; update
references to _project_root, SCRIPT_DIR, and the _safe_load_env invocation in
jira-ready-check.sh accordingly.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
~/.env(global defaults) and./.env(local overrides), with local.envtaking precedence over~/.envJIRA_AUTH_TOKENis accepted as a backward-compatible alias forJIRA_API_TOKENin all scripts (was missing fromjira-ready-check.sh).envto.gitignoreto prevent accidental credential commits.envlocationsPrecedence order (highest wins)
.env(project-specific overrides)~/.env(global defaults)Changed files
Scripts (5):
jira_reader.py,jira_writer.py,git_pr_reader.py—load_env_file()now loads both locationscreate-jira-ticket.sh— sources both.envfilesjira-ready-check.sh— sources both.envfiles + addsJIRA_AUTH_TOKENfallbackDocumentation (13):
README.md— documents both locations andJIRA_AUTH_TOKENalias.gitignore— added.envTest plan
~/.envwhen only~/.envexists.envwhen only local.envexists.envoverrides~/.envwhen both existJIRA_AUTH_TOKENworks as alias in all scriptsCloses #127
🤖 Generated with Claude Code
Summary by CodeRabbit
New Features
Documentation
Chores