fix(codex): provision dummy user auth state
This commit is contained in:
@@ -19,6 +19,7 @@ from .bottle_plan import SmolmachinesBottlePlan
|
||||
from .provision import ca as _ca
|
||||
from .provision import git as _git
|
||||
from .provision import prompt as _prompt
|
||||
from .provision import provider_auth as _provider_auth
|
||||
from .provision import skills as _skills
|
||||
from .provision import supervise as _supervise
|
||||
|
||||
@@ -61,6 +62,11 @@ class SmolmachinesBottleBackend(
|
||||
) -> str | None:
|
||||
return _prompt.provision_prompt(plan, target)
|
||||
|
||||
def provision_provider_auth(
|
||||
self, plan: SmolmachinesBottlePlan, target: str
|
||||
) -> None:
|
||||
_provider_auth.provision_provider_auth(plan, target)
|
||||
|
||||
def provision_skills(
|
||||
self, plan: SmolmachinesBottlePlan, target: str
|
||||
) -> None:
|
||||
|
||||
@@ -97,6 +97,7 @@ class SmolmachinesBottlePlan(BottlePlan):
|
||||
agent_prompt_mode: PromptMode = "append_file"
|
||||
agent_provider_template: str = "claude"
|
||||
agent_dockerfile_path: str = ""
|
||||
codex_auth_file: Path | None = None
|
||||
|
||||
def print(self, *, remote_control: bool) -> None:
|
||||
"""Compact y/N preflight. Same shape as the Docker
|
||||
|
||||
@@ -16,6 +16,7 @@ from pathlib import Path
|
||||
|
||||
from ...agent_provider import runtime_for
|
||||
from ...backend import BottleSpec
|
||||
from ...codex_auth import write_codex_dummy_auth_file
|
||||
from ...backend.docker.bottle_state import (
|
||||
BottleMetadata,
|
||||
agent_state_dir,
|
||||
@@ -144,9 +145,12 @@ def resolve_plan(
|
||||
agent_dir = agent_state_dir(slug)
|
||||
agent_dir.mkdir(parents=True, exist_ok=True)
|
||||
prompt_file = agent_dir / "prompt.txt"
|
||||
codex_auth_file = agent_dir / "codex-auth.json"
|
||||
agent = manifest.agents[spec.agent_name]
|
||||
prompt_file.write_text(agent.prompt or "")
|
||||
prompt_file.chmod(0o600)
|
||||
if provider.forward_host_credentials:
|
||||
write_codex_dummy_auth_file(codex_auth_file, dict(os.environ))
|
||||
|
||||
machine_name = f"bot-bottle-{slug}"
|
||||
# Stash the agent image ref — `launch.launch` runs the
|
||||
@@ -182,6 +186,7 @@ def resolve_plan(
|
||||
agent_prompt_mode=provider_runtime.prompt_mode,
|
||||
agent_provider_template=provider.template,
|
||||
agent_dockerfile_path=agent_dockerfile_path,
|
||||
codex_auth_file=codex_auth_file if provider.forward_host_credentials else None,
|
||||
)
|
||||
|
||||
|
||||
|
||||
@@ -0,0 +1,30 @@
|
||||
"""Provision non-secret provider auth markers into a smolmachines bottle."""
|
||||
|
||||
from __future__ import annotations
|
||||
|
||||
import os
|
||||
|
||||
from .. import smolvm as _smolvm
|
||||
from ..bottle_plan import SmolmachinesBottlePlan
|
||||
|
||||
|
||||
_DEFAULT_GUEST_HOME = "/home/node"
|
||||
|
||||
|
||||
def provision_provider_auth(plan: SmolmachinesBottlePlan, target: str) -> None:
|
||||
"""Copy a dummy Codex auth marker when host credentials are
|
||||
forwarded through egress.
|
||||
|
||||
The real host access token remains in the egress bundle env; this
|
||||
file only selects Codex's user/device auth code path.
|
||||
"""
|
||||
if not plan.codex_auth_file:
|
||||
return
|
||||
guest_home = os.environ.get("BOT_BOTTLE_GUEST_HOME", _DEFAULT_GUEST_HOME)
|
||||
auth_dir = f"{guest_home}/.codex"
|
||||
auth_path = f"{auth_dir}/auth.json"
|
||||
|
||||
_smolvm.machine_exec(target, ["mkdir", "-p", auth_dir])
|
||||
_smolvm.machine_cp(str(plan.codex_auth_file), f"{target}:{auth_path}")
|
||||
_smolvm.machine_exec(target, ["chown", "node:node", auth_path])
|
||||
_smolvm.machine_exec(target, ["chmod", "600", auth_path])
|
||||
Reference in New Issue
Block a user