From 97a4fb86457447090e38f93928f2b63f09e76c2c Mon Sep 17 00:00:00 2001
From: Bryce Adelstein Lelbach aka wash <brycelelbach@gmail.com>
Date: Wed, 8 Apr 2026 09:58:48 -0400
Subject: [PATCH 1/3] fix: handle GitHub API rate limits in install scripts

The install scripts used `curl -s` which silently swallows HTTP errors.
When the GitHub API returns a 403 (rate limit) or other failure, the
scripts would either print a misleading "Could not find release" error
or, in the case of install-latest-linux.sh, proceed with an empty URL.

Switch to `curl -sf` so HTTP errors produce a non-zero exit code, and
add explicit error handling with a clear message about rate limiting.
Also add a missing empty-URL guard to install-latest-linux.sh.
---
 bin/install-latest-linux.sh | 15 +++++++++++++--
 bin/install-latest.sh       | 11 ++++++++---
 2 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/bin/install-latest-linux.sh b/bin/install-latest-linux.sh
index da516c9ae..5ed29903c 100755
--- a/bin/install-latest-linux.sh
+++ b/bin/install-latest-linux.sh
@@ -1,8 +1,19 @@
 #!/usr/bin/env bash
 set -eo pipefail
 
-# Install the latest version of the Linux binary
-DOWNLOAD_URL="$(curl -s https://api.github.com/repos/brevdev/brev-cli/releases/latest | grep "browser_download_url.*linux.*amd64" | cut -d '"' -f 4)"
+# Fetch release metadata from GitHub API
+API_RESPONSE="$(curl -sf https://api.github.com/repos/brevdev/brev-cli/releases/latest 2>&1)" || {
+    echo "Error: Failed to fetch release info from GitHub API." >&2
+    echo "This may be caused by rate limiting. Try again later or set a GITHUB_TOKEN." >&2
+    exit 1
+}
+
+# Extract the download URL for linux/amd64
+DOWNLOAD_URL="$(echo "${API_RESPONSE}" | grep "browser_download_url.*linux.*amd64" | cut -d '"' -f 4)"
+if [ -z "${DOWNLOAD_URL}" ]; then
+    echo "Error: Could not find release for linux amd64" >&2
+    exit 1
+fi
 
 # Create temporary directory and ensure cleanup
 TMP_DIR="$(mktemp -d)"
diff --git a/bin/install-latest.sh b/bin/install-latest.sh
index 16f5c6343..1c6a13c66 100755
--- a/bin/install-latest.sh
+++ b/bin/install-latest.sh
@@ -9,10 +9,15 @@ case "${ARCH}" in
     aarch64) ARCH="arm64" ;;
 esac
 
-# Get the appropriate download URL for this platform
-DOWNLOAD_URL="$(curl -s https://api.github.com/repos/brevdev/brev-cli/releases/latest | grep "browser_download_url.*${OS}.*${ARCH}" | cut -d '"' -f 4)"
+# Fetch release metadata from GitHub API
+API_RESPONSE="$(curl -sf https://api.github.com/repos/brevdev/brev-cli/releases/latest 2>&1)" || {
+    echo "Error: Failed to fetch release info from GitHub API." >&2
+    echo "This may be caused by rate limiting. Try again later or set a GITHUB_TOKEN." >&2
+    exit 1
+}
 
-# Verify we found a suitable release
+# Extract the download URL for this platform
+DOWNLOAD_URL="$(echo "${API_RESPONSE}" | grep "browser_download_url.*${OS}.*${ARCH}" | cut -d '"' -f 4)"
 if [ -z "${DOWNLOAD_URL}" ]; then
     echo "Error: Could not find release for ${OS} ${ARCH}" >&2
     exit 1

From 3f4278c9087ae5102be9b361a47a814677204d0f Mon Sep 17 00:00:00 2001
From: Pratik Patel <pratpatel@nvidia.com>
Date: Mon, 13 Apr 2026 16:26:24 -0700
Subject: [PATCH 2/3] review feedback + enhancements from PR 343

---
 bin/install-latest-linux.sh    |  8 ++++++--
 bin/install-latest.sh          |  8 ++++++--
 scripts/install-agent-skill.sh | 21 +++++++++++++++------
 3 files changed, 27 insertions(+), 10 deletions(-)

diff --git a/bin/install-latest-linux.sh b/bin/install-latest-linux.sh
index 5ed29903c..187e1c18b 100755
--- a/bin/install-latest-linux.sh
+++ b/bin/install-latest-linux.sh
@@ -2,9 +2,12 @@
 set -eo pipefail
 
 # Fetch release metadata from GitHub API
-API_RESPONSE="$(curl -sf https://api.github.com/repos/brevdev/brev-cli/releases/latest 2>&1)" || {
+API_RESPONSE="$(curl -sf ${GITHUB_TOKEN:+-H "Authorization: token ${GITHUB_TOKEN}"} https://api.github.com/repos/brevdev/brev-cli/releases/latest)" || {
     echo "Error: Failed to fetch release info from GitHub API." >&2
-    echo "This may be caused by rate limiting. Try again later or set a GITHUB_TOKEN." >&2
+    echo "This is often caused by rate limiting when many requests come from the same IP." >&2
+    echo "If you are using a VPN, try turning it off and running this script again." >&2
+    echo "You can also set GITHUB_TOKEN to avoid rate limits." >&2
+    echo "For more details, see: https://docs.github.com/rest/overview/resources-in-the-rest-api#rate-limiting" >&2
     exit 1
 }
 
@@ -12,6 +15,7 @@ API_RESPONSE="$(curl -sf https://api.github.com/repos/brevdev/brev-cli/releases/
 DOWNLOAD_URL="$(echo "${API_RESPONSE}" | grep "browser_download_url.*linux.*amd64" | cut -d '"' -f 4)"
 if [ -z "${DOWNLOAD_URL}" ]; then
     echo "Error: Could not find release for linux amd64" >&2
+    echo "GitHub API response (truncated): ${API_RESPONSE:0:200}" >&2
     exit 1
 fi
 
diff --git a/bin/install-latest.sh b/bin/install-latest.sh
index 1c6a13c66..03f3cc479 100755
--- a/bin/install-latest.sh
+++ b/bin/install-latest.sh
@@ -10,9 +10,12 @@ case "${ARCH}" in
 esac
 
 # Fetch release metadata from GitHub API
-API_RESPONSE="$(curl -sf https://api.github.com/repos/brevdev/brev-cli/releases/latest 2>&1)" || {
+API_RESPONSE="$(curl -sf ${GITHUB_TOKEN:+-H "Authorization: token ${GITHUB_TOKEN}"} https://api.github.com/repos/brevdev/brev-cli/releases/latest)" || {
     echo "Error: Failed to fetch release info from GitHub API." >&2
-    echo "This may be caused by rate limiting. Try again later or set a GITHUB_TOKEN." >&2
+    echo "This is often caused by rate limiting when many requests come from the same IP." >&2
+    echo "If you are using a VPN, try turning it off and running this script again." >&2
+    echo "You can also set GITHUB_TOKEN to avoid rate limits." >&2
+    echo "For more details, see: https://docs.github.com/rest/overview/resources-in-the-rest-api#rate-limiting" >&2
     exit 1
 }
 
@@ -20,6 +23,7 @@ API_RESPONSE="$(curl -sf https://api.github.com/repos/brevdev/brev-cli/releases/
 DOWNLOAD_URL="$(echo "${API_RESPONSE}" | grep "browser_download_url.*${OS}.*${ARCH}" | cut -d '"' -f 4)"
 if [ -z "${DOWNLOAD_URL}" ]; then
     echo "Error: Could not find release for ${OS} ${ARCH}" >&2
+    echo "GitHub API response (truncated): ${API_RESPONSE:0:200}" >&2
     exit 1
 fi
 
diff --git a/scripts/install-agent-skill.sh b/scripts/install-agent-skill.sh
index e8597c2e3..5f73f1e0b 100755
--- a/scripts/install-agent-skill.sh
+++ b/scripts/install-agent-skill.sh
@@ -116,12 +116,21 @@ done
 rm -rf "$TMPDIR"
 
 # Resolve commit SHA and write .version file
-COMMIT_SHA=$(curl -fsSL "https://api.github.com/repos/$REPO/commits/$BRANCH" 2>/dev/null | grep '"sha"' | head -1 | sed 's/.*"sha": *"\([^"]*\)".*/\1/')
-if [[ -n "$COMMIT_SHA" ]]; then
-    for dir in "${INSTALL_DIRS[@]}"; do
-        printf 'branch=%s\ncommit=%s\n' "$BRANCH" "$COMMIT_SHA" > "$dir/.version"
-    done
-    echo -e "  ${GREEN}✓${NC} .version (${COMMIT_SHA:0:12})"
+VERSION_RESPONSE=$(curl -fsSL "https://api.github.com/repos/$REPO/commits/$BRANCH" 2>&1) || true
+if echo "$VERSION_RESPONSE" | grep -q "API rate limit exceeded"; then
+    echo -e "  ${YELLOW}⚠${NC} .version (skipped — GitHub API rate limit exceeded)"
+    echo -e "  ${YELLOW}If you are using a VPN, try turning it off and running this script again.${NC}"
+    echo -e "  ${YELLOW}See: https://docs.github.com/rest/overview/resources-in-the-rest-api#rate-limiting${NC}"
+else
+    COMMIT_SHA=$(echo "$VERSION_RESPONSE" | grep '"sha"' | head -1 | sed 's/.*"sha": *"\([^"]*\)".*/\1/')
+    if [[ -n "$COMMIT_SHA" ]]; then
+        for dir in "${INSTALL_DIRS[@]}"; do
+            printf 'branch=%s\ncommit=%s\n' "$BRANCH" "$COMMIT_SHA" > "$dir/.version"
+        done
+        echo -e "  ${GREEN}✓${NC} .version (${COMMIT_SHA:0:12})"
+    else
+        echo -e "  ${YELLOW}⚠${NC} .version (could not resolve commit SHA)"
+    fi
 fi
 
 echo ""

From f815d2148efcfd17446178baec2ff82475c1a289 Mon Sep 17 00:00:00 2001
From: Pratik Patel <pratpatel@nvidia.com>
Date: Tue, 14 Apr 2026 14:27:33 -0700
Subject: [PATCH 3/3] review feedback

---
 bin/install-latest-linux.sh    | 36 ----------------------------------
 bin/install-latest.sh          |  2 +-
 scripts/install-agent-skill.sh |  2 +-
 3 files changed, 2 insertions(+), 38 deletions(-)
 delete mode 100755 bin/install-latest-linux.sh

diff --git a/bin/install-latest-linux.sh b/bin/install-latest-linux.sh
deleted file mode 100755
index 187e1c18b..000000000
--- a/bin/install-latest-linux.sh
+++ /dev/null
@@ -1,36 +0,0 @@
-#!/usr/bin/env bash
-set -eo pipefail
-
-# Fetch release metadata from GitHub API
-API_RESPONSE="$(curl -sf ${GITHUB_TOKEN:+-H "Authorization: token ${GITHUB_TOKEN}"} https://api.github.com/repos/brevdev/brev-cli/releases/latest)" || {
-    echo "Error: Failed to fetch release info from GitHub API." >&2
-    echo "This is often caused by rate limiting when many requests come from the same IP." >&2
-    echo "If you are using a VPN, try turning it off and running this script again." >&2
-    echo "You can also set GITHUB_TOKEN to avoid rate limits." >&2
-    echo "For more details, see: https://docs.github.com/rest/overview/resources-in-the-rest-api#rate-limiting" >&2
-    exit 1
-}
-
-# Extract the download URL for linux/amd64
-DOWNLOAD_URL="$(echo "${API_RESPONSE}" | grep "browser_download_url.*linux.*amd64" | cut -d '"' -f 4)"
-if [ -z "${DOWNLOAD_URL}" ]; then
-    echo "Error: Could not find release for linux amd64" >&2
-    echo "GitHub API response (truncated): ${API_RESPONSE:0:200}" >&2
-    exit 1
-fi
-
-# Create temporary directory and ensure cleanup
-TMP_DIR="$(mktemp -d)"
-trap 'rm -rf "${TMP_DIR}"' EXIT
-
-# Download the latest release
-curl -L "${DOWNLOAD_URL}" -o "${TMP_DIR}/$(basename "${DOWNLOAD_URL}")"
-
-# Find and extract the archive
-ARCHIVE_FILE="$(find "${TMP_DIR}" -name "brev*.tar.gz" -type f)"
-tar -xzf "${ARCHIVE_FILE}" -C "${TMP_DIR}"
-
-# Install the binary to system location
-sudo mv "${TMP_DIR}/brev" /usr/local/bin/brev
-sudo chmod +x /usr/local/bin/brev
-
diff --git a/bin/install-latest.sh b/bin/install-latest.sh
index 03f3cc479..df223523d 100755
--- a/bin/install-latest.sh
+++ b/bin/install-latest.sh
@@ -20,7 +20,7 @@ API_RESPONSE="$(curl -sf ${GITHUB_TOKEN:+-H "Authorization: token ${GITHUB_TOKEN
 }
 
 # Extract the download URL for this platform
-DOWNLOAD_URL="$(echo "${API_RESPONSE}" | grep "browser_download_url.*${OS}.*${ARCH}" | cut -d '"' -f 4)"
+DOWNLOAD_URL="$(echo "${API_RESPONSE}" | grep "browser_download_url.*${OS}.*${ARCH}" | cut -d '"' -f 4 || true)"
 if [ -z "${DOWNLOAD_URL}" ]; then
     echo "Error: Could not find release for ${OS} ${ARCH}" >&2
     echo "GitHub API response (truncated): ${API_RESPONSE:0:200}" >&2
diff --git a/scripts/install-agent-skill.sh b/scripts/install-agent-skill.sh
index 5f73f1e0b..247a64ca3 100755
--- a/scripts/install-agent-skill.sh
+++ b/scripts/install-agent-skill.sh
@@ -122,7 +122,7 @@ if echo "$VERSION_RESPONSE" | grep -q "API rate limit exceeded"; then
     echo -e "  ${YELLOW}If you are using a VPN, try turning it off and running this script again.${NC}"
     echo -e "  ${YELLOW}See: https://docs.github.com/rest/overview/resources-in-the-rest-api#rate-limiting${NC}"
 else
-    COMMIT_SHA=$(echo "$VERSION_RESPONSE" | grep '"sha"' | head -1 | sed 's/.*"sha": *"\([^"]*\)".*/\1/')
+    COMMIT_SHA=$(echo "$VERSION_RESPONSE" | grep '"sha"' | head -1 | sed 's/.*"sha": *"\([^"]*\)".*/\1/' || true)
     if [[ -n "$COMMIT_SHA" ]]; then
         for dir in "${INSTALL_DIRS[@]}"; do
             printf 'branch=%s\ncommit=%s\n' "$BRANCH" "$COMMIT_SHA" > "$dir/.version"