From 56ca5dddf5aad660f37c53ca3bed2d0937e10aee Mon Sep 17 00:00:00 2001 From: jared Date: Fri, 10 Jul 2026 11:23:18 -0400 Subject: [PATCH] vault: session notes 2026-07-10 --- journal/2026-07-10.md | 13 +++++++++++++ reference/planka-v2-api-gotchas.md | 10 ++++++++-- reference/vaultwarden-permission-parity-gotchas.md | 11 +++++++++++ 3 files changed, 32 insertions(+), 2 deletions(-) diff --git a/journal/2026-07-10.md b/journal/2026-07-10.md index 7bfd542..f92db99 100644 --- a/journal/2026-07-10.md +++ b/journal/2026-07-10.md @@ -149,3 +149,16 @@ tags: [scope/global, type/log] **Reason:** other **Vault notes touched:** (none) + +## Session — 2026-07-10T14:52:23Z + +**Project:** /home/jared/dev/cc-os +**Reason:** prompt_input_exit +**Vault notes touched:** +/home/jared/Documents/SecondBrain/vault-backlog-pilot-plan.md +/home/jared/Documents/SecondBrain/vault-backlog-pilot-plan.md +/home/jared/Documents/SecondBrain/vault-backlog-pilot-plan.md +/home/jared/Documents/SecondBrain/vault-backlog-pilot-plan.md +/home/jared/Documents/SecondBrain/vault-backlog-pilot-plan.md +/home/jared/Documents/SecondBrain/vault-backlog-pilot-plan.md +/home/jared/Documents/SecondBrain/reference/apprise-api-selfhosted-gotchas.md diff --git a/reference/planka-v2-api-gotchas.md b/reference/planka-v2-api-gotchas.md index 675a27a..f90e788 100644 --- a/reference/planka-v2-api-gotchas.md +++ b/reference/planka-v2-api-gotchas.md @@ -8,7 +8,7 @@ tags: scope: global source: ovh-prod Planka deploy, 2026-07-08 date: 2026-07-08 -last_updated: 2026-07-08 +last_updated: 2026-07-10 --- # Planka v2 API Gotchas (verified on v2.1.1) @@ -27,7 +27,13 @@ Directly relevant to the `backlog` CLI in `~/dev/ruby-gems` and any Planka autom 3. **Card move needs both fields.** `PATCH /api/cards/:id` requires **both** `listId` and `position`; `listId` alone returns `E_MISSING_OR_INVALID_PARAMS`. 4. **Project delete is not cascading.** `DELETE /api/projects/:id` returns 422 - `"Must not have boards"` — delete each board first. + `"Must not have boards"` — delete each board first. The web UI hits the same + constraint but **fails silently**: the project vanishes locally, then reappears on + reload with no error shown (confirmed 2026-07-10 on the personal-account project). + A non-manager attempting the delete gets a 404 (existence hidden, same as gotcha #6). + Escape hatch when no manager creds are at hand: insert a row into `project_manager` + directly in Postgres (`docker exec planka-postgres psql -U planka`), then delete + boards + project via the API as that user. 5. **Sails literal-alias routes.** Some delete routes embed a literal parameter-name segment: card-label detach is `DELETE /api/cards/:cardId/card-labels/labelId::labelId` (the path literally contains `labelId:` before the id). Normal REST-shaped guesses 404. diff --git a/reference/vaultwarden-permission-parity-gotchas.md b/reference/vaultwarden-permission-parity-gotchas.md index 5bb84cb..2aa93c8 100644 --- a/reference/vaultwarden-permission-parity-gotchas.md +++ b/reference/vaultwarden-permission-parity-gotchas.md @@ -68,5 +68,16 @@ issue #6269): - **`bw unlock --passwordfile` reads only the first line**, so a trailing newline from an editor (nvim etc.) is harmless. +## bw CLI scripting gotchas (verified 2026-07-10, credvault backup script) + +- **`bw unlock` alone does not unlock the vault for subsequent commands** — you must + capture the session token (`BW_SESSION=$(bw unlock --passwordfile f --raw)`) and export + it. Without it, later `bw export`/`bw list` run against a locked vault; with stderr + silenced this looks like a hang or a missing-output failure. +- **`bw config server` fails while logged in** ("Logout required before server config + update"), even when setting the identical URL. Idempotent scripts must compare + `bw config server` (no args prints current) and skip when it matches. +- **`bw login --apikey` errors if already logged in** — guard with `bw login --check`. + Rule of thumb: any "Bitwarden supports X" claim from bitwarden.com/help must be re-verified against the deployed Vaultwarden version before it becomes a security assumption.