fix: deduplicate cron PATH into single global line

[alex-solovyev]

Summary

• setup.sh hardcoded PATH="/usr/local/bin:/usr/bin:/bin" in each cron entry, overriding the user's global crontab PATH and breaking nvm/bun/cargo tool discovery
• Added _ensure_cron_path() — manages a single tagged PATH= line at the top of crontab, built from the current $PATH at setup time
• Removed inline PATH= from all 5 cron entries (pulse, stats, process-guard, screen-time, profile-readme)
• Removed OPENCODE_BIN from pulse cron entry — now resolved from PATH at runtime via command -v
• Fixed pulse-wrapper.sh fallback from hardcoded /opt/homebrew/bin/opencode to command -v opencode

Before

*/2 * * * * PATH="/usr/local/bin:/usr/bin:/bin" OPENCODE_BIN=... /bin/bash pulse-wrapper.sh
*/15 * * * * PATH="/usr/local/bin:/usr/bin:/bin" /bin/bash stats-wrapper.sh
* * * * * PATH="/usr/local/bin:/usr/bin:/bin" ... /bin/bash process-guard-helper.sh

Each entry overrode global PATH, losing nvm, bun, and other user paths.

After

PATH=/home/user/.nvm/.../bin:/usr/local/bin:/usr/bin:/bin # aidevops-path
*/2 * * * * PULSE_DIR=... /bin/bash pulse-wrapper.sh
*/15 * * * * /bin/bash stats-wrapper.sh
* * * * * ... /bin/bash process-guard-helper.sh

Single PATH line at top, re-running setup.sh updates it idempotently.

Summary by CodeRabbit

• Chores
  • Improved binary discovery to automatically locate required tools across environments, removing hardcoded paths and improving portability.
  • Centralized PATH configuration for Linux scheduled tasks: deduplicated and enforced a single global PATH for cron entries, removing inline PATH assignments from individual jobs.
  • Ensured cron installation updates are idempotent and consistent across setup flows.
  • Kept macOS scheduling behavior unchanged (launchd remains as before).

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Replaces a hardcoded OPENCODE_BIN with a dynamic command -v lookup in the pulse wrapper and centralizes cron PATH management in setup.sh via a new _ensure_cron_path, removing inline PATH assignments from multiple Linux cron entries so cron entries inherit a single deduplicated PATH line. (50 words)

Changes

Cohort / File(s)	Summary
Binary Resolution .agents/scripts/pulse-wrapper.sh	Replaced hardcoded OPENCODE_BIN="/opt/homebrew/bin/opencode" with dynamic `OPENCODE_BIN="${OPENCODE_BIN:-$(command -v opencode 2>/dev/null
Cron PATH Management & Cron Entries setup.sh	Added _ensure_cron_path to insert/replace a tagged, deduplicated global PATH= line in crontab (Linux-only). Removed inline PATH= fragments from cron job lines and updated cron task construction to rely on the centralized PATH for tasks like pulse, stats, screen-time-snapshot, memory-guard, and profile-readme-update. Also added extra _ensure_cron_path invocation near supervisor-pulse setup.

Sequence Diagram(s)

(omitted)

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• t1342: Add Linux cron support for pulse scheduler #2402: Modifies pulse scheduling/cron setup and opencode invocation (closely related to cron entries and binary resolution).
• t1006: Fix cron PATH and GH_TOKEN detection #1291: Addresses cron environment handling and PATH injection for opencode and related cron tasks.
• t1260: Fix setup.sh to install launchd schedulers on macOS for all users #1971: Alters setup.sh scheduler/launchd and cron installation logic touching PATH/cron interplay.

Suggested labels

enhancement

Suggested reviewers

• marcusquinn

Poem

A path once baked in stone is freed,
command -v plants the running seed.
Cron now reads one tidy line,
Jobs awake with env aligned. ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix: deduplicate cron PATH into single global line' directly and accurately summarizes the main change: consolidating multiple PATH entries in cron jobs into a single global line.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch bugfix/cron-path-dedup

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses a critical issue where cron jobs failed to inherit the user's full environment PATH, leading to problems with tool discovery. By centralizing the management of the crontab's PATH variable and removing redundant inline PATH declarations from individual cron entries, the system now correctly respects user-defined environment configurations, improving robustness and compatibility with various development tools.

Highlights

• Cron PATH Deduplication: The setup.sh script previously hardcoded the PATH variable in each cron entry, which overrode the user's global crontab PATH and prevented proper discovery of tools like nvm, bun, and cargo.
• Global PATH Management: A new function, _ensure_cron_path(), was added to manage a single, tagged PATH= line at the top of the crontab, built from the current $PATH at setup time. This ensures cron jobs inherit the correct environment.
• Inline PATH Removal: The inline PATH= declarations were removed from all five cron entries (pulse, stats, process-guard, screen-time, profile-readme) to rely on the newly managed global PATH.
• Dynamic Binary Discovery: The OPENCODE_BIN variable was removed from the pulse cron entry and its fallback in pulse-wrapper.sh was updated to resolve opencode from the PATH at runtime using command -v.

Changelog

• .agents/scripts/pulse-wrapper.sh
  • Modified the OPENCODE_BIN variable assignment to dynamically find the opencode binary using command -v instead of a hardcoded path.
• setup.sh
  • Introduced a new shell function _ensure_cron_path responsible for creating or updating a single, global PATH entry in the user's crontab, reflecting the current shell's PATH.
  • Invoked _ensure_cron_path during the setup process for Linux systems to ensure cron jobs inherit the correct environment PATH.
  • Removed the explicit PATH environment variable from the supervisor-pulse cron entry.
  • Removed the OPENCODE_BIN environment variable from the supervisor-pulse cron entry.
  • Eliminated the hardcoded PATH environment variable from the stats-wrapper cron entry.
  • Removed the hardcoded PATH environment variable from the process-guard cron entry.
  • Removed the hardcoded PATH environment variable from the screen-time-snapshot cron entry.
  • Removed the hardcoded PATH environment variable from the profile-readme-update cron entry.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

🔍 Code Quality Report

�[0;35m[MONITOR]�[0m Code Review Monitoring Report

�[0;34m[INFO]�[0m Latest Quality Status:
SonarCloud: 0 bugs, 0 vulnerabilities, 396 code smells

�[0;34m[INFO]�[0m Recent monitoring activity:
Tue Mar 10 23:34:48 UTC 2026: Code review monitoring started
Tue Mar 10 23:34:48 UTC 2026: SonarCloud - Bugs: 0, Vulnerabilities: 0, Code Smells: 396

📈 Current Quality Metrics

• BUGS: 0
• CODE SMELLS: 396
• VULNERABILITIES: 0

Generated on: Tue Mar 10 23:34:51 UTC 2026

---

Generated by AI DevOps Framework Code Review Monitoring

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@setup.sh`:
- Around line 113-138: The PATH line currently embeds the marker comment into
the PATH value (marker variable and path_line in _ensure_cron_path), corrupting
cron PATH; change the implementation so the marker is a separate comment line
(e.g., marker_line="# aidevops-path") and keep path_line as a plain "PATH=..."
without the marker, update the grep checks to look for marker_line, and when
constructing current_crontab prepend/replace both marker_line and path_line as
two distinct lines so the marker is not appended into the PATH string.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 9df890bb-efa4-4d55-a503-8bd08aeecfe1

📥 Commits

Reviewing files that changed from the base of the PR and between 705d484 and 0e2f273.

📒 Files selected for processing (2)

• .agents/scripts/pulse-wrapper.sh
• setup.sh

[gemini-code-assist]

Code Review

This pull request correctly addresses an issue where hardcoded PATH variables in cron entries could override user-specific paths. The introduction of a centralized PATH definition in the crontab, managed by the new _ensure_cron_path function, is a solid architectural improvement. The related changes to remove the inline PATH from cron jobs and update pulse-wrapper.sh are consistent with this goal.

However, I've identified several issues in the implementation of _ensure_cron_path. The use of echo to handle crontab content can lead to corruption due to shell expansion. Additionally, the blanket suppression of errors with 2>/dev/null can hide critical issues, and building multi-line strings in variables for streaming can be less efficient and readable than using command groups. I've provided a comment with suggested fixes and improvements to make this function safer and more robust.

_{Note: Security Review did not run due to the size of the PR.}

[gemini-code-assist]

The use of echo "$current_crontab" is unsafe and can corrupt the user's crontab. If the crontab contains any shell-special characters like $ or * that are not properly escaped for the echo command's context, echo will interpret them, leading to data loss or corruption when rewriting the crontab. For example, a line like * * * * * command $VAR would have $VAR expanded by echo if $VAR is set in the script's environment, or disappear if it's not. To fix this, you should use printf '%s\n' "$current_crontab" which prints the variable's content literally. This should be applied to all instances where current_crontab is being piped or used in command substitution.

Additionally, avoid using 2>/dev/null for blanket suppression of command errors in crontab -l and crontab -. This can hide critical authentication, syntax, or system issues, making debugging difficult. Consider handling errors more explicitly or logging them.

While the current code_suggestion maintains the existing structure for line count compatibility, for future improvements, consider streaming multi-line content to crontab - using a command group {...} with printf statements instead of building a large multi-line string in a variable. This can improve readability and efficiency for very large crontabs.

Suggested change

	_ensure_cron_path() {
	local current_crontab marker="# aidevops-path"
	current_crontab=$(crontab -l 2>/dev/null) || current_crontab=""
	# Build the new PATH line from the current environment
	local path_line="PATH=${PATH} ${marker}"
	if echo "$current_crontab" | grep -qF "$marker"; then
	# Remove old line, prepend updated one
	current_crontab="${path_line}
	$(echo "$current_crontab" | grep -vF "$marker")"
	elif [[ -n "$current_crontab" ]]; then
	# Prepend before first entry
	current_crontab="${path_line}
	${current_crontab}"
	else
	current_crontab="$path_line"
	fi
	echo "$current_crontab" | crontab - 2>/dev/null || true
	return 0
	}
	_ensure_cron_path() {
	local current_crontab marker="# aidevops-path"
	current_crontab=$(crontab -l) || current_crontab=""
	# Build the new PATH line from the current environment
	local path_line="PATH=${PATH} ${marker}"
	if printf '%s\n' "$current_crontab" | grep -qF "$marker"; then
	# Remove old line, prepend updated one
	current_crontab="${path_line}\n$(printf '%s\n' "$current_crontab" | grep -vF "$marker")"
	elif [[ -n "$current_crontab" ]]; then
	# Prepend before first entry
	current_crontab="${path_line}\n${current_crontab}"
	else
	current_crontab="$path_line"
	fi
	printf '%s\n' "$current_crontab" | crontab - || true
	return 0
	}

References

1. To prevent command injection from shell metacharacters in crontab entries, wrap variables in single quotes. This is a POSIX-compliant method to prevent all shell expansion, including $(...), backticks, and variable expansion.
2. Avoid using '2>/dev/null' for blanket suppression of command errors in shell scripts to ensure that authentication, syntax, or system issues remain visible for debugging.
3. In shell scripts, stream multi-line content to a file using a command group {...} with echo statements instead of building a multi-line string in a variable, as it improves readability and efficiency.

[github-actions]

🔍 Code Quality Report

�[0;35m[MONITOR]�[0m Code Review Monitoring Report

�[0;34m[INFO]�[0m Latest Quality Status:
SonarCloud: 0 bugs, 0 vulnerabilities, 396 code smells

�[0;34m[INFO]�[0m Recent monitoring activity:
Wed Mar 11 00:44:00 UTC 2026: Code review monitoring started
Wed Mar 11 00:44:00 UTC 2026: SonarCloud - Bugs: 0, Vulnerabilities: 0, Code Smells: 396

📈 Current Quality Metrics

• BUGS: 0
• CODE SMELLS: 396
• VULNERABILITIES: 0

Generated on: Wed Mar 11 00:44:02 UTC 2026

---

Generated by AI DevOps Framework Code Review Monitoring

[coderabbitai]

♻️ Duplicate comments (1)

setup.sh (1)

119-147: ⚠️ Potential issue | 🟠 Major

Keep the cron marker separate and replace only the aidevops-managed PATH block.

Line 134 appends # aidevops-path to the PATH= assignment, which cron parses as part of the value, not as a comment. Lines 136-141 also strip every top-level PATH= line, so rerunning setup can delete user-managed PATH directives for unrelated cron jobs. Please write the marker as its own line and only replace the tagged aidevops block.

In crontab syntax, if an environment-setting line is `PATH=/usr/local/bin:/usr/bin:/bin # aidevops-path`, is `# aidevops-path` treated as a comment or as part of the PATH value? Please cite authoritative `crontab(5)` documentation.

🔧 Suggested fix

 _ensure_cron_path() {
-	local current_crontab marker="# aidevops-path"
+	local current_crontab marker_line="# aidevops-path"
 	current_crontab=$(crontab -l 2>/dev/null) || current_crontab=""
 
 	# Deduplicate PATH entries (preserving order)
 	local deduped_path=""
 	local -A seen_dirs=()
@@
 	done
 	unset IFS
 
-	local path_line="PATH=${deduped_path} ${marker}"
+	local path_line="PATH=${deduped_path}"
+	local managed_block="${marker_line}
+${path_line}"
 
-	# Remove ALL top-level PATH= lines (tagged and untagged bare ones).
-	# Bare PATH= lines (without a cron schedule) conflict with our managed one.
-	# Inline PATH= inside cron entries (e.g. * * * * * PATH=...) are handled
-	# separately by removing them from individual entries.
 	local filtered
-	filtered=$(echo "$current_crontab" | grep -v "^PATH=" || true)
+	filtered=$(printf '%s\n' "$current_crontab" | awk -v marker="$marker_line" '
+		$0 == marker { skip_managed_path=1; next }
+		skip_managed_path && /^PATH=/ { skip_managed_path=0; next }
+		{ skip_managed_path=0; print }
+	')
 
 	if [[ -n "$filtered" ]]; then
-		current_crontab="${path_line}
+		current_crontab="${managed_block}
 ${filtered}"
 	else
-		current_crontab="$path_line"
+		current_crontab="$managed_block"
 	fi
 
-	echo "$current_crontab" | crontab - 2>/dev/null || true
+	printf '%s\n' "$current_crontab" | crontab - 2>/dev/null || true
 	return 0
 }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@setup.sh` around lines 119 - 147, The current code appends the marker into
the PATH value (marker variable and path_line) and then strips all top‑level
PATH= lines (variables current_crontab, marker, path_line, filtered), which can
remove unrelated user PATH settings; change the logic to write the aidevops
marker as its own line (not appended to PATH), and only replace the
aidevops‑managed block: emit a distinct start/end marker line (or a single
unique marker line on its own) adjacent to the managed PATH line, then update
the filtering to remove only a previous aidevops-managed PATH block (e.g.
grep/sed that looks for the marker or the exact PATH preceded/followed by the
marker) instead of deleting all top‑level PATH= lines; keep handling inline
PATH= in cron entries separately as before.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@setup.sh`:
- Around line 119-147: The current code appends the marker into the PATH value
(marker variable and path_line) and then strips all top‑level PATH= lines
(variables current_crontab, marker, path_line, filtered), which can remove
unrelated user PATH settings; change the logic to write the aidevops marker as
its own line (not appended to PATH), and only replace the aidevops‑managed
block: emit a distinct start/end marker line (or a single unique marker line on
its own) adjacent to the managed PATH line, then update the filtering to remove
only a previous aidevops-managed PATH block (e.g. grep/sed that looks for the
marker or the exact PATH preceded/followed by the marker) instead of deleting
all top‑level PATH= lines; keep handling inline PATH= in cron entries separately
as before.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 2800a7ce-5dac-46f3-b1b1-6738043a8dc0

📥 Commits

Reviewing files that changed from the base of the PR and between 0e2f273 and 98b36d1.

📒 Files selected for processing (2)

• .agents/scripts/pulse-wrapper.sh
• setup.sh

🚧 Files skipped from review as they are similar to previous changes (1)

• .agents/scripts/pulse-wrapper.sh

[github-actions]

🔍 Code Quality Report

�[0;35m[MONITOR]�[0m Code Review Monitoring Report

�[0;34m[INFO]�[0m Latest Quality Status:
SonarCloud: 0 bugs, 0 vulnerabilities, 396 code smells

�[0;34m[INFO]�[0m Recent monitoring activity:
Wed Mar 11 01:24:29 UTC 2026: Code review monitoring started
Wed Mar 11 01:24:30 UTC 2026: SonarCloud - Bugs: 0, Vulnerabilities: 0, Code Smells: 396

📈 Current Quality Metrics

• BUGS: 0
• CODE SMELLS: 396
• VULNERABILITIES: 0

Generated on: Wed Mar 11 01:24:32 UTC 2026

---

Generated by AI DevOps Framework Code Review Monitoring

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@setup.sh`:
- Around line 141-150: The current filtered computation removes every top-level
PATH= line; change it to only remove the aidevops-managed marker line and the
PATH= line that immediately follows it so user-owned PATH= lines are preserved.
Modify the logic that sets filtered (currently using grep -vE
"^PATH=|^${marker}$") to instead filter out the marker line and, if present, the
single subsequent PATH= line (e.g. use an awk/sed pass that skips the marker and
the next line only when that next line starts with "PATH="). Keep the rest of
the variables and the recomposition of current_crontab using path_block
unchanged (variables: filtered, current_crontab, path_block, marker).

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 30d717c4-ef67-474b-8cd8-ea6fab88151a

📥 Commits

Reviewing files that changed from the base of the PR and between 98b36d1 and 3c5a74e.

📒 Files selected for processing (2)

• .agents/scripts/pulse-wrapper.sh
• setup.sh

🚧 Files skipped from review as they are similar to previous changes (1)

• .agents/scripts/pulse-wrapper.sh

[github-actions]

🔍 Code Quality Report

�[0;35m[MONITOR]�[0m Code Review Monitoring Report

�[0;34m[INFO]�[0m Latest Quality Status:
SonarCloud: 0 bugs, 0 vulnerabilities, 396 code smells

�[0;34m[INFO]�[0m Recent monitoring activity:
Wed Mar 11 01:33:38 UTC 2026: Code review monitoring started
Wed Mar 11 01:33:39 UTC 2026: SonarCloud - Bugs: 0, Vulnerabilities: 0, Code Smells: 396

📈 Current Quality Metrics

• BUGS: 0
• CODE SMELLS: 396
• VULNERABILITIES: 0

Generated on: Wed Mar 11 01:33:42 UTC 2026

---

Generated by AI DevOps Framework Code Review Monitoring

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud