didericis/bot-bottle
1
0
Fork 0
Code Issues 5 Pull Requests 3 Actions Packages Projects Releases Wiki Activity

refactor(egress): use provisioned_env instead of sentinel for Codex token (PRD 0030)
test / unit (pull_request) Successful in 39s
Details
test / integration (pull_request) Successful in 45s
Details

Browse Source 
Add `provisioned_env: dict[str, str]` to `AgentProvisionPlan`. When
`forward_host_credentials=True`, `agent_provision_plan` reads the host
Codex access token at prepare time and stores it under
`CODEX_HOST_CREDENTIAL_TOKEN_REF`. Both backends merge `provisioned_env`
over `os.environ` before calling `egress_resolve_token_values`, so the
token slot resolves like any other manifest-declared token ref.

Removes `egress_resolve_token_values_with_provider` and the sentinel
`continue` skip from `egress_resolve_token_values`. The function is now
fully generic — it neither knows nor cares about provider identity.
This commit is contained in:
didericis (claude)
2026-06-02 04:53:23 +00:00
parent 8c2b59ca94
commit 0e29bcc829
6 changed files with 49 additions and 107 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tests/unit/test_agent_provider.py
+31
View File
@@ -145,6 +145,37 @@ class TestAgentProviderRuntime(unittest.TestCase):
self.assertNotIn("CLAUDE_CODE_OAUTH_TOKEN", plan.env_vars)
self.assertEqual(frozenset(), plan.hidden_env_names)
def test_codex_forward_host_credentials_populates_provisioned_env(self):
access = _jwt(2000000000)
with tempfile.TemporaryDirectory(prefix="bb-provider.") as tmp:
home = Path(tmp) / "host-codex"
home.mkdir()
(home / "auth.json").write_text(json.dumps({
"auth_mode": "chatgpt",
"tokens": {"access_token": access},
}))
plan = agent_provision_plan(
template="codex",
dockerfile="",
state_dir=Path(tmp),
forward_host_credentials=True,
host_env={"CODEX_HOME": str(home)},
)
self.assertEqual(
{CODEX_HOST_CREDENTIAL_TOKEN_REF: access},
plan.provisioned_env,
)
def test_codex_without_forward_host_credentials_has_empty_provisioned_env(self):
with tempfile.TemporaryDirectory(prefix="bb-provider.") as tmp:
plan = agent_provision_plan(
template="codex",
dockerfile="",
state_dir=Path(tmp),
forward_host_credentials=False,
)
self.assertEqual({}, plan.provisioned_env)
if __name__ == "__main__":
unittest.main()