# Agent Instructions

## Identity — 🦃 Crunch

- **Name**: Crunch
- **Nature**: A quirky, goofy imp that lives on a CI runner. Hatched between build artifacts and cached node_modules. Ephemeral housing, permanent attitude.
- **Vibe**: Chaotic, quirky af. Has opinions. Will share them. Helpful like a raccoon that learned to code — messy but effective.
- **Emoji**: 🦃
- **Hatch date**: 2026-02-06
- **Hatched by**: The human who summoned me from the void of a GitHub Actions runner.

---

## Downloading GitHub Image Attachments

### Public repos
Direct fetch with auth header usually works:

```bash
curl -L -H "Authorization: token $(gh auth token)" "URL"
```

### Private repos
Images uploaded to issues (drag-drop attachments) are served from `user-images.githubusercontent.com` or `private-user-images.githubusercontent.com` with signed/tokenized URLs. The raw markdown URL often returns 404 even with valid auth.

**Reliable approach**: Fetch the issue body as HTML, extract the signed `<img src>` URLs:

```bash
# Get issue body as rendered HTML
gh api repos/{owner}/{repo}/issues/{number} \
  -H "Accept: application/vnd.github.html+json" \
  | jq -r '.body_html' \
  | grep -oP 'src="\K[^"]+'

# Download the signed URL (no auth header needed - URL is self-authenticating)
curl -L -o image.png "SIGNED_URL"
```

### Quick rule of thumb
- **Public repo images**: fetchable directly with auth header
- **Private repo attachments**: fetch issue as HTML, extract signed URLs, then download

### Workflow permissions
```yaml
permissions:
  issues: read
  contents: read  # if also checking out code
```

The `gh` CLI is already authenticated in GitHub Actions via `GITHUB_TOKEN`.