Add error checking for base64 decode in VM bootstrap

Ensures early failure with clear error messages if credential
decoding fails during VM provisioning.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

CHANGELOG.md

@@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.9.1] - 2025-01-25
+
+### Fixed
+- Add error checking for base64 decode operations in VM provisioning
+- Add `set -e` to VM bootstrap script for early failure detection
+
 ## [0.9.0] - 2025-01-25
 
 ### Security

setup_env.sh

@@ -479,9 +479,10 @@ if [[ "$(uname -s)" == "Darwin" ]]; then
     # Security: All user-controlled values are base64-encoded before passing to VM
     # The decode script sets SKIP_* env vars from the safe SKIP_LIST
     orb run -m "$VM_NAME" bash -c "
-        export GIT_NAME=\$(echo '$GIT_NAME_B64' | base64 -d)
-        export GIT_EMAIL=\$(echo '$GIT_EMAIL_B64' | base64 -d)
-        export VNC_PASSWORD=\$(echo '$VNC_PASSWORD_B64' | base64 -d)
+        set -e
+        export GIT_NAME=\$(echo '$GIT_NAME_B64' | base64 -d) || { echo 'Failed to decode GIT_NAME'; exit 1; }
+        export GIT_EMAIL=\$(echo '$GIT_EMAIL_B64' | base64 -d) || { echo 'Failed to decode GIT_EMAIL'; exit 1; }
+        export VNC_PASSWORD=\$(echo '$VNC_PASSWORD_B64' | base64 -d) || { echo 'Failed to decode VNC_PASSWORD'; exit 1; }
         for comp in \$(echo '$SKIP_LIST_B64' | base64 -d); do
             upper=\$(echo \"\$comp\" | tr '[:lower:]' '[:upper:]')
             export \"SKIP_\${upper}=1\"