docs: record ClawEmail dashboard full API base
This commit is contained in:
+64
@@ -0,0 +1,64 @@
|
||||
# 2026-05-10 run pitfall: env parsing and Chrome CDP Origin
|
||||
|
||||
During a follow-up run using the low-token Codex OAuth skill, two reusable pitfalls appeared before the flow reached OpenAI signup:
|
||||
|
||||
## 1. Do not blindly `source` the env file
|
||||
|
||||
`~/.hermes/env/codex_oauth_onboarding.env` may contain unquoted paths with spaces, e.g. Chrome app paths. Plain shell `source` can fail with an error like:
|
||||
|
||||
```text
|
||||
...codex_oauth_onboarding.env: line 7: Chrome.app/Contents/MacOS/Google: No such file or directory
|
||||
```
|
||||
|
||||
For validation/probe scripts, parse `KEY=VALUE` safely in Python instead of shell sourcing, or require quoting before shell use.
|
||||
|
||||
Minimal safe parser pattern:
|
||||
|
||||
```python
|
||||
from pathlib import Path
|
||||
import re, shlex
|
||||
|
||||
env = {}
|
||||
for line in Path.home().joinpath('.hermes/env/codex_oauth_onboarding.env').read_text().splitlines():
|
||||
line = line.strip()
|
||||
if not line or line.startswith('#') or '=' not in line:
|
||||
continue
|
||||
if line.startswith('export '):
|
||||
line = line[7:].strip()
|
||||
k, v = line.split('=', 1)
|
||||
k, v = k.strip(), v.strip()
|
||||
if not re.match(r'^[A-Za-z_][A-Za-z0-9_]*$', k):
|
||||
continue
|
||||
try:
|
||||
if v and v[0] in '"\'':
|
||||
v = shlex.split(v)[0]
|
||||
except Exception:
|
||||
pass
|
||||
env[k] = v.strip('"\'')
|
||||
```
|
||||
|
||||
## 2. Chrome CDP WebSocket Origin rejection
|
||||
|
||||
When using Python `websocket-client` against an existing Chrome remote debugging port, Chrome can reject the handshake:
|
||||
|
||||
```text
|
||||
websocket._exceptions.WebSocketBadStatusException:
|
||||
Handshake status 403 Forbidden
|
||||
Rejected an incoming WebSocket connection from the http://127.0.0.1:9224 origin.
|
||||
Use --remote-allow-origins=http://127.0.0.1:9224 or --remote-allow-origins=*
|
||||
```
|
||||
|
||||
Preferred prevention: launch automation Chrome with:
|
||||
|
||||
```bash
|
||||
--remote-allow-origins=*
|
||||
```
|
||||
|
||||
If the Chrome instance is already running, try a matching Origin when connecting:
|
||||
|
||||
```python
|
||||
import websocket
|
||||
ws = websocket.create_connection(ws_url, timeout=10, origin='http://127.0.0.1:9224')
|
||||
```
|
||||
|
||||
Do this before concluding Dashboard CDP is unavailable.
|
||||
Reference in New Issue
Block a user