Skip to content

delivery-kid: log once when PICKIPEDIA_BOT_PASSWORD is missing#92

Merged
jMyles merged 1 commit into
cryptograss:productionfrom
magent-cryptograss:log-missing-bot-creds
Jun 1, 2026
Merged

delivery-kid: log once when PICKIPEDIA_BOT_PASSWORD is missing#92
jMyles merged 1 commit into
cryptograss:productionfrom
magent-cryptograss:log-missing-bot-creds

Conversation

@magent-cryptograss

Copy link
Copy Markdown
Contributor

What

When `pickipedia_client._get_site()` is called with no bot password set, it returned `None` silently — no log line, no signal, no diagnostic. This is how the silent no-op since #87 went undetected for weeks.

Add a single `logger.warning` the first time we hit that branch, gated on a module-level `_warned_missing_creds` flag so we warn once per process rather than spamming logs on every snapshot attempt.

Why now

The snapshot path went silent for weeks. We found the gap by deductive reasoning ("the page doesn't exist, the hook should have fired, where would the snapshot have logged about that") rather than by reading a single explicit log entry. Future deployments where someone forgets to wire the env var (or the vault key gets renamed like #91 just did) will now surface in `docker logs pinning-service` immediately.

Behavior

  • Creds set: zero behavior change — `_site` is cached after first login, the missing-creds branch never runs
  • Creds empty: one log line per process at WARNING level when the first snapshot attempt is made. Subsequent calls in the same process are still silent (the flag stays set)
  • Process restart with empty creds: warns again once. The deploy that fixed delivery-kid: source pickipedia bot creds from BLUERAILROAD_BOT_* vault keys #91 will, after restart, no longer trigger this warning at all

Follow-up that came out of this debugging session

The decision in #87 to reuse the `Magent@magent` BotPassword from blue-railroad-import was a tactical shortcut. Different subsystem, different runtime, different code path — should ideally be a different bot identity (`DeliveryKid@delivery-kid` or similar) for clear attribution in wiki edit history. Filing as a separate issue rather than bundling.

The pickipedia_client snapshot path silently no-op'd from cryptograss#87 deploy
until today — _get_site() returned None when PICKIPEDIA_BOT_PASSWORD
was empty, with no log line to surface the gap. We only found it by
deductive reasoning ("the page doesn't exist, the hook should have
fired, where would the snapshot have logged about that") rather than
by reading a single explicit log entry.

Add a logger.warning the first time we hit that branch, gated on a
module-level _warned_missing_creds flag so we warn once per process
rather than on every snapshot attempt. Future deployments where
someone forgets to wire the env var (or the vault key gets renamed,
as in cryptograss#91) will surface in `docker logs pinning-service` immediately.

No behavior change for the cred-present path — exactly the same
fast-return when _site is cached.
@jMyles
jMyles merged commit a31a4d5 into cryptograss:production Jun 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants