didericis/bot-bottle
1
0
Fork 0
Code Issues 5 Pull Requests 3 Actions Packages Projects Releases Wiki Activity

refactor(codex): derive trusted paths from guest home
test / unit (pull_request) Successful in 34s
Details
test / integration (pull_request) Successful in 1m3s
Details

Browse Source
This commit is contained in:
didericis (codex)
2026-06-01 17:20:14 -04:00
parent 1d2dfeefa4
commit a8b2237964
4 changed files with 14 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files
bot_bottle/backend/docker/provision/provider_auth.py
+8 -11
View File
@@ -9,22 +9,22 @@ import subprocess
from ..bottle_plan import DockerBottlePlan
_CODEX_HOME_PROJECT = "/home/node"
_CODEX_WORKSPACE = "/home/node/workspace"
_DEFAULT_GUEST_HOME = "/home/node"
def provision_provider_auth(plan: DockerBottlePlan, target: str) -> None:
"""Prepare Codex home state inside a Docker bottle.
Every Codex bottle gets a minimal config.toml that trusts the
in-container launch directory and workspace path. When host
credentials are forwarded, auth.json contains no real access or
refresh token values; it only nudges Codex into the same user/device
auth branch as the host.
in-container launch directory. When host credentials are forwarded,
auth.json contains no real access or refresh token values; it only
nudges Codex into the same user/device auth branch as the host.
"""
if plan.agent_provider_template != "codex":
return
container_home = os.environ.get("BOT_BOTTLE_CONTAINER_HOME", "/home/node")
container_home = os.environ.get(
"BOT_BOTTLE_CONTAINER_HOME", _DEFAULT_GUEST_HOME,
)
auth_dir = f"{container_home}/.codex"
subprocess.run(
@@ -44,10 +44,7 @@ def provision_provider_auth(plan: DockerBottlePlan, target: str) -> None:
)
config_path = f"{auth_dir}/config.toml"
config = (
f'[projects."{_CODEX_HOME_PROJECT}"]\n'
'trust_level = "trusted"\n'
"\n"
f'[projects."{_CODEX_WORKSPACE}"]\n'
f'[projects."{container_home}"]\n'
'trust_level = "trusted"\n'
)
subprocess.run(
bot_bottle/backend/smolmachines/provision/provider_auth.py
+4 -10
View File
@@ -11,18 +11,15 @@ from ..bottle_plan import SmolmachinesBottlePlan
_DEFAULT_GUEST_HOME = "/home/node"
_CODEX_HOME_PROJECT = "/home/node"
_CODEX_WORKSPACE = "/home/node/workspace"
def provision_provider_auth(plan: SmolmachinesBottlePlan, target: str) -> None:
"""Prepare Codex home state inside the smolmachine.
Every Codex bottle gets a minimal config.toml that trusts the
in-guest launch directory and workspace path. When host credentials
are forwarded, the real host access token remains in the egress
bundle env; auth.json only selects Codex's user/device auth code
path.
in-guest launch directory. When host credentials are forwarded,
the real host access token remains in the egress bundle env;
auth.json only selects Codex's user/device auth code path.
"""
if plan.agent_provider_template != "codex":
return
@@ -72,10 +69,7 @@ def provision_provider_auth(plan: SmolmachinesBottlePlan, target: str) -> None:
config_path = f"{auth_dir}/config.toml"
config = (
f'[projects."{_CODEX_HOME_PROJECT}"]\n'
'trust_level = "trusted"\n'
"\n"
f'[projects."{_CODEX_WORKSPACE}"]\n'
f'[projects."{guest_home}"]\n'
'trust_level = "trusted"\n'
)
result = _smolvm.machine_exec(