BunnyWay action exonerated; correct hoppy template env footgun

[ractive]

Investigation requested by the operator: verify whether BunnyWay/actions/container-update-image is the cause of iter-9's env-vars-wiped sign-in failure, and create a bug report.

Verdict

BunnyWay action is innocent. Their PATCH {id, imageTag} does NOT wipe environmentVariables; bunny's Magic Containers PATCH endpoint preserves omitted fields. Pod recreate also preserves env.

The actual culprit is hoppy container template env with the wrong --env arg list — its 'replaces all' semantics has no guard rail against the destructive N>0→0 transition.

Tests run against live admin app

Test	Before	After	Verdict
Direct PATCH {id, imageTag} (replicates BunnyWay action)	envCount=9	envCount=9	API preserves
Pod recreate	envCount=9	envCount=9	preserves
hoppy template env with zero --env	envCount=9	envCount=0	silent wipe
hoppy template env with one --env	envCount=9	envCount=1	replaces all

Admin briefly went down during the zero-flag test, restored to 9 vars + verified sign-in (HTTP 200) post-restore.

Changes

• New: kb/bunnyway-actions-investigation.md — full reproduction + exoneration.
• Rewritten: MC.1 in hoppy-bug-report-magic-containers.md — describes the real bug (zero-flag wipe + replace-all surprise), removes the BunnyWay/PATCH framing.
• Retracted: iter-9 deviation Iter-7b: admin app + Better Auth (email/password + TOTP) #7 — corrected to point at hoppy template env, not BunnyWay.

Recommended hoppy fix

hoppy container template env --app-id A --container-id C
# Today: silently sets env to []
# Should be: error 'at least one --env required, use --clear to wipe all'

hoppy container template env --add KEY=VAL    # missing
hoppy container template env --remove KEY     # missing
hoppy container template env --replace-all --env KEY=VAL ...   # rename current default

🤖 Generated with Claude Code

Summary by CodeRabbit

• Documentation
  • Updated investigation report clarifying the root cause of environment variable issues.
  • Added detailed bug report documenting how certain operational commands can inadvertently clear environment variables.
  • Revised deployment deviation notes with corrected findings and recommendations for preventing similar incidents.

[coderabbitai]

📝 Walkthrough

Walkthrough

Three knowledge base documents are updated to document an investigation conclusion: BunnyWay/actions/container-update-image is exonerated from wiping Magic Container env vars; hoppy container template env with zero --env flags is identified as the destructive mechanism causing the observed incidents.

Changes

Investigation & Root-Cause Correction

Layer / File(s)	Summary
Investigation Report kb/bunnyway-actions-investigation.md	New closed investigation document exonerates BunnyWay/actions/container-update-image via four tests (direct PATCH, pod recreate, and two hoppy container template env calls). Identifies hoppy container template env with zero --env flags as the actual destructive mechanism and attributes iter-9 incident to accidental/destructive hoppy invocation. Recommends guardrails in hoppy and documentation corrections.
Bug Report Update kb/hoppy-bug-report-magic-containers.md	Rewrites "Issue 1" from PATCH-based env wipe to focus on container template env silently wiping all env vars when invoked with zero --env flags, including reproduction snippet and updated safety mitigations. Updates cross-reference index MC.1 to match new wording.
Iteration Go-Live Documentation kb/iteration-09-go-live-bunny-infra.md	Updates deviation #7 to remove prior claim that BunnyWay/actions strips env vars; replaces with hoppy container template env "replace all" semantics as root cause. Adjusts action items to recommend GitHub secrets as source-of-truth and stricter hoppy behavior, while reiterating BunnyWay/actions PATCH correctness.

Possibly related PRs

• ractive/wardrobe-assistants.ch#10: Invokes the BunnyWay/actions/container-update-image action that this PR exonerates, both documents address the action's behavior with Magic Containers.
• ractive/wardrobe-assistants.ch#9: Both PRs update iteration-09 and hoppy documentation regarding Magic Container env handling and zero---env destructive behavior.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 Bunny hops forth with proof in paw,
BunnyWay's name is cleared of flaw—
Hoppy's reckless zero-env is to blame,
Not the action's patches—now we know the game!

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main finding: BunnyWay action is exonerated and hoppy template env's footgun is identified and corrected.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch iter-9/bunnyway-investigation

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@kb/bunnyway-actions-investigation.md`:
- Line 32: The fenced code block containing the PATCH request starting with
"PATCH https://api.bunny.net/mc/apps/{appId}/containers/{containerId}" is
unlabeled and triggers MD040; fix it by adding a language identifier (e.g.,
`http`) to the opening fence so the block begins with ```http and keep the
existing block content exactly as shown (Headers and Body lines).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: c518da3f-6dbc-46ab-bfa4-1deea2715b1e

📥 Commits

Reviewing files that changed from the base of the PR and between 09fad6c and 423b1d0.

📒 Files selected for processing (3)

• kb/bunnyway-actions-investigation.md
• kb/hoppy-bug-report-magic-containers.md
• kb/iteration-09-go-live-bunny-infra.md

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Add a language identifier to the fenced code block.

Line 32 uses an unlabeled fence, which triggers MD040. Please annotate it (e.g., http).

Proposed fix

-```
+```http
 PATCH https://api.bunny.net/mc/apps/{appId}/containers/{containerId}
 Headers: Content-Type: application/json, AccessKey: {apiKey}
 Body: { "id": "{containerId}", "imageTag": "{tag}", "imageDigest"?: "{digest}" }

</details>

<!-- suggestion_start -->

<details>
<summary>📝 Committable suggestion</summary>

> ‼️ **IMPORTANT**
> Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

```suggestion

🧰 Tools

🪛 markdownlint-cli2 (0.22.1)

[warning] 32-32: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@kb/bunnyway-actions-investigation.md` at line 32, The fenced code block
containing the PATCH request starting with "PATCH
https://api.bunny.net/mc/apps/{appId}/containers/{containerId}" is unlabeled and
triggers MD040; fix it by adding a language identifier (e.g., `http`) to the
opening fence so the block begins with ```http and keep the existing block
content exactly as shown (Headers and Body lines).