Spaces:
Runtime error
Runtime error
Ashira Pitchayapakayakul commited on
Commit Β·
d0ef0a5
1
Parent(s): 633a37a
SECURITY: set +x BEFORE secret loop (was after) + remove later set -x re-enable
Browse files
start.sh
CHANGED
|
@@ -39,6 +39,9 @@ else
|
|
| 39 |
fi
|
| 40 |
|
| 41 |
# ββ 2. Bind HF Space secrets β ~/.hermes/.env βββββββββββββββββββββββββββββββ
|
|
|
|
|
|
|
|
|
|
| 42 |
mkdir -p ~/.hermes
|
| 43 |
{
|
| 44 |
echo "# Auto-generated from HF Space secrets at boot"
|
|
@@ -51,6 +54,8 @@ mkdir -p ~/.hermes
|
|
| 51 |
done
|
| 52 |
} > ~/.hermes/.env
|
| 53 |
chmod 600 ~/.hermes/.env
|
|
|
|
|
|
|
| 54 |
|
| 55 |
# ββ 3. Git config + clone axentx repos for auto-orchestrate auto-commit ββββ
|
| 56 |
# Disable interactive prompts globally so failed-auth git ops fail fast.
|
|
@@ -119,15 +124,12 @@ if ! ollama list 2>/dev/null | grep -q "gemma4:e4b"; then
|
|
| 119 |
fi
|
| 120 |
|
| 121 |
# ββ 6. Discord bot (background) βββββββββββββββββββββββββββββββββββββββββββββ
|
| 122 |
-
#
|
| 123 |
-
set +x
|
| 124 |
if [[ -n "${DISCORD_BOT_TOKEN:-}" ]]; then
|
| 125 |
set -a; source ~/.hermes/.env 2>/dev/null; set +a
|
| 126 |
nohup python ~/.claude/bin/hermes-discord-bot.py >> "$LOG_DIR/discord-bot.log" 2>&1 &
|
| 127 |
-
echo "[$(date +%H:%M:%S)] discord bot started"
|
| 128 |
fi
|
| 129 |
-
# Re-enable trace AFTER secrets are sourced (variables in env, not echoed)
|
| 130 |
-
set -x
|
| 131 |
|
| 132 |
# ββ 7. Cron loop β fires Hermes daemons 24/7 (no sleep gaps) ββββββββββββββββ
|
| 133 |
cat > /tmp/hermes-cron.sh <<'CRONSH'
|
|
|
|
| 39 |
fi
|
| 40 |
|
| 41 |
# ββ 2. Bind HF Space secrets β ~/.hermes/.env βββββββββββββββββββββββββββββββ
|
| 42 |
+
# π DISABLE shell trace before touching secret values.
|
| 43 |
+
set +x
|
| 44 |
+
echo "[$(date +%H:%M:%S)] writing ~/.hermes/.env from secret env vars (trace OFF)"
|
| 45 |
mkdir -p ~/.hermes
|
| 46 |
{
|
| 47 |
echo "# Auto-generated from HF Space secrets at boot"
|
|
|
|
| 54 |
done
|
| 55 |
} > ~/.hermes/.env
|
| 56 |
chmod 600 ~/.hermes/.env
|
| 57 |
+
echo "[$(date +%H:%M:%S)] .env written ($(wc -l < ~/.hermes/.env) keys, perms 600)"
|
| 58 |
+
# Trace OFF for the rest of boot β we already have line numbers above and won't need them post-secrets.
|
| 59 |
|
| 60 |
# ββ 3. Git config + clone axentx repos for auto-orchestrate auto-commit ββββ
|
| 61 |
# Disable interactive prompts globally so failed-auth git ops fail fast.
|
|
|
|
| 124 |
fi
|
| 125 |
|
| 126 |
# ββ 6. Discord bot (background) βββββββββββββββββββββββββββββββββββββββββββββ
|
| 127 |
+
# Trace stays OFF β never re-enable past secrets section.
|
|
|
|
| 128 |
if [[ -n "${DISCORD_BOT_TOKEN:-}" ]]; then
|
| 129 |
set -a; source ~/.hermes/.env 2>/dev/null; set +a
|
| 130 |
nohup python ~/.claude/bin/hermes-discord-bot.py >> "$LOG_DIR/discord-bot.log" 2>&1 &
|
| 131 |
+
echo "[$(date +%H:%M:%S)] discord bot started"
|
| 132 |
fi
|
|
|
|
|
|
|
| 133 |
|
| 134 |
# ββ 7. Cron loop β fires Hermes daemons 24/7 (no sleep gaps) ββββββββββββββββ
|
| 135 |
cat > /tmp/hermes-cron.sh <<'CRONSH'
|