From a593605caac13ce434458a79731bc5d79937f769 Mon Sep 17 00:00:00 2001 From: jordan Date: Mon, 23 Feb 2026 05:12:26 -0700 Subject: [PATCH] fix: call ensureProjectJWTSecret in AddComponentBatch AddComponent (single-component path) already calls ensureProjectJWTSecret, but AddComponentBatch has its own parallel implementation that bypassed it. Components added via the /batch endpoint never had JWT_SECRET provisioned, causing CrashLoopBackOff on startup ("JWT_SECRET must be set"). Add the call before the createInitialComponentDeployment loop so the secret is stored in the credential store before K8s Secrets are created. Co-Authored-By: Claude Sonnet 4.6 --- internal/service/component_batch.go | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/internal/service/component_batch.go b/internal/service/component_batch.go index e6b3bd2..beb61c5 100644 --- a/internal/service/component_batch.go +++ b/internal/service/component_batch.go @@ -297,12 +297,16 @@ func (s *ComponentService) AddComponentBatch(ctx context.Context, projectID stri "components", componentNames, ) - // 9. Create initial K8s deployments for components that need one + // 9. Ensure a JWT_SECRET exists for this project (required by skeleton service startup). + // Generated once per project on the first code component; reused for all subsequent components. + s.ensureProjectJWTSecret(ctx, projectID) + + // 10. Create initial K8s deployments for components that need one for _, comp := range codeComponents { s.createInitialComponentDeployment(ctx, projectID, projectDomain, comp) } - // 10. Combine infrastructure and code component results + // 11. Combine infrastructure and code component results results = append(results, codeComponents...) return results, nil