From 9b198f4e50941b5c2333ed71d50f1fce81e0b7b3 Mon Sep 17 00:00:00 2001
From: Bryan Johnson <bojj27@gmail.com>
Date: Wed, 27 May 2026 09:02:07 -0700
Subject: [PATCH] v0.5.1: run self_update BEFORE the auth prompt
 (chicken-and-egg fix)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

In 0.5.0 (and every prior version), prompt_first_run_auth was called
unconditionally at script load time, BEFORE self_update. On a never-
authenticated box, this meant a broken lib/oauth.sh trapped the user:
  1. larry starts
  2. no creds → auth prompt fires
  3. pick OAuth → old broken oauth.sh runs → rate_limit_error
  4. Ctrl-C at the API-key fallback prompt
  5. script exits — self_update never ran
  6. relaunch → exact same trap, forever

Fix: defer the auth-prompt call to run AFTER self_update. The auth
function DEFINITION stays where it is; only the CALL site moves. Now
on a fresh box:
  1. larry starts
  2. self_update phase A pulls MANIFEST and refreshes everything,
     including a patched lib/oauth.sh
  3. THEN the auth prompt fires, using the now-correct OAuth code

Verified: with no ANTHROPIC_API_KEY and no .oauth.json, the manifest
sync log lines appear before the "First-run authentication setup" menu.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
 VERSION  |  2 +-
 larry.sh | 17 +++++++++++++----
 2 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/VERSION b/VERSION
index 8f0916f..4b9fcbe 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-0.5.0
+0.5.1
diff --git a/larry.sh b/larry.sh
index c323ad6..e6ebd74 100755
--- a/larry.sh
+++ b/larry.sh
@@ -36,7 +36,7 @@ set -o pipefail
 # ─────────────────────────────────────────────────────────────────────────────
 # Config
 # ─────────────────────────────────────────────────────────────────────────────
-LARRY_VERSION="0.5.0"
+LARRY_VERSION="0.5.1"
 LARRY_HOME="${LARRY_HOME:-$HOME/.larry}"
 LARRY_BASE_URL="${LARRY_BASE_URL:-https://raw.githubusercontent.com/bojj27/cloverleaf-larry/main}"
 LARRY_UPDATE_URL="${LARRY_UPDATE_URL:-${LARRY_BASE_URL}/larry.sh}"
@@ -176,9 +176,10 @@ prompt_api_key() {
   log "API key saved."
 }
 
-if [ -z "$LARRY_AUTH_MODE" ]; then
-  prompt_first_run_auth
-fi
+# NOTE: the auth-prompt CALL (prompt_first_run_auth) is deliberately deferred
+# until AFTER self_update has run — otherwise a broken lib/oauth.sh traps the
+# user before the auto-update mechanism gets a chance to fix it. See call site
+# below the self_update block.
 
 # ─────────────────────────────────────────────────────────────────────────────
 # Fetch agents if missing
@@ -352,6 +353,14 @@ self_update() {
 }
 self_update
 
+# ── Deferred auth prompt ────────────────────────────────────────────────────
+# Now that self_update has had a chance to refresh lib/oauth.sh, gate on
+# credentials. On a fresh box (no .oauth.json, no API key) this is the first
+# interactive prompt the user sees.
+if [ -z "$LARRY_AUTH_MODE" ]; then
+  prompt_first_run_auth
+fi
+
 # ─────────────────────────────────────────────────────────────────────────────
 # Cloverleaf environment detection
 # Surfaces HCIROOT / HCISITE / HCISITEDIR and which tool layer is present