Part of epic: Eyevinn/osaas-app#3762
Problem
docker-entrypoint.sh calls npx -y @osaas/cli@latest web config-to-env $CONFIG_SVC with no --env flag and no token refresh. On dev and stage, the CLI defaults to prod, calls the prod token service with a dev/stage JWT, and gets "Authorization token is invalid: The token signature is invalid."
Fix
Align with the web-runner pattern:
- Add env-detection from
OSC_MCP_URL before the config block:
if [[ -z "${OSC_ENV:-}" && -n "${OSC_MCP_URL:-}" ]]; then
_extracted=$(echo "$OSC_MCP_URL" | sed -n 's|.*\.svc\.\([a-z]*\)\.osaas\.io.*|\1|p')
OSC_ENV=${_extracted:-prod}
fi
-
Add token refresh block (matching web-runner).
-
Pass --env to the CLI call:
eval $(npx -y @osaas/cli@latest web config-to-env ${OSC_ENV:+--env "$OSC_ENV"} $CONFIG_SVC)Reference implementation
See birme/claude-runner#14 and birme/codex-runner#8. Web-runner is the reference for the ${OSC_ENV:+--env "$OSC_ENV"} pattern.
🤖 Generated with Claude Code
Part of epic: Eyevinn/osaas-app#3762
Problem
docker-entrypoint.shcallsnpx -y @osaas/cli@latest web config-to-env $CONFIG_SVCwith no--envflag and no token refresh. On dev and stage, the CLI defaults to prod, calls the prod token service with a dev/stage JWT, and gets "Authorization token is invalid: The token signature is invalid."Fix
Align with the web-runner pattern:
OSC_MCP_URLbefore the config block:Add token refresh block (matching web-runner).
Pass
--envto the CLI call:Reference implementation
See birme/claude-runner#14 and birme/codex-runner#8. Web-runner is the reference for the
${OSC_ENV:+--env "$OSC_ENV"}pattern.🤖 Generated with Claude Code