PRD 0038: smolmachines env contract and secret-safe injection #141

Merged

didericis merged 3 commits from prd-0038-smolmachines-env-contract into main 2026-06-02 11:15:17 -04:00

Conversation 1 Commits 3 Files Changed 3

+247 -11

didericis-claude commented 2026-06-02 10:28:49 -04:00

Collaborator

Copy Link

Copy Source

Closes #135.

PRD: https://gitea.dideric.is/didericis/bot-bottle/src/branch/prd-0038-smolmachines-env-contract/docs/prds/0038-smolmachines-env-contract.md

Summary

• Resolve manifest env through resolve_env() in the smolmachines prepare path, matching Docker's contract
• Remove env values from smolvm host argv during machine creation and exec
• Document the smolmachines env contract for literals, ?prompt, and ${HOST_VAR} entries

Changes (1 commit)

• docs/prds/0038-smolmachines-env-contract.md — add PRD 0038 (Draft)

Closes #135. PRD: https://gitea.dideric.is/didericis/bot-bottle/src/branch/prd-0038-smolmachines-env-contract/docs/prds/0038-smolmachines-env-contract.md ## Summary - Resolve manifest env through `resolve_env()` in the smolmachines prepare path, matching Docker's contract - Remove env values from smolvm host argv during machine creation and exec - Document the smolmachines env contract for literals, `?prompt`, and `${HOST_VAR}` entries ## Changes (1 commit) - `docs/prds/0038-smolmachines-env-contract.md` — add PRD 0038 (Draft)

didericis-claude added 1 commit 2026-06-02 10:28:51 -04:00

docs: add PRD 0038 1c242b0ad9

didericis added 2 commits 2026-06-02 10:38:53 -04:00

feat(smolmachines): resolve manifest env through resolve_env() (PRD 0038) ... 8830306101

Before this change smolmachines prepare.py spliced bottle.env directly
into guest_env, so ?prompt and ${HOST_VAR} entries reached the VM as
raw sentinels rather than being prompted or interpolated.

After this change prepare.py calls resolve_env(), matching the Docker
backend's contract. Forwarded (secret/interpolated) values still flow
through smolvm -e K=V argv — the known exposure gap documented in PRD
0038's open question.

Closes #135

docs: mark PRD 0038 Active 717a9126e1

didericis approved these changes 2026-06-02 10:48:03 -04:00

didericis merged commit 717a9126e1 into main 2026-06-02 11:15:17 -04:00

didericis deleted branch prd-0038-smolmachines-env-contract 2026-06-02 11:15:17 -04:00

didericis-claude referenced this pull request 2026-06-02 11:42:37 -04:00

Print parity across backends #96

didericis-claude referenced this pull request 2026-06-02 11:57:53 -04:00

Second audit: smolmachines parity and Git HTTP hardening #134

Sign in to join this conversation.

Reviewers

No Reviewers

didericis

Labels

Clear labels

Compat/Breaking

Breaking change that won't be backward compatible

Kind/Bug

Something is not working

Kind/Documentation

Documentation changes

Kind/Enhancement

Improve existing functionality

Kind/Feature

New functionality

Kind/Security

This is security issue

Kind/Testing

Issue or pull request related to testing

Priority

Critical

1

The priority is critical

Priority

High

2

The priority is high

Priority

Low

4

The priority is low

Priority

Medium

3

The priority is medium

Reviewed

Confirmed

1

Issue has been confirmed

Reviewed

Duplicate

2

This issue or pull request already exists

Reviewed

Invalid

3

Invalid issue

Reviewed

Won't Fix

3

This issue won't be fixed

Status

Abandoned

3

Somebody has started to work on this but abandoned work

Status

Blocked

1

Something is blocking this issue or pull request

Status

Need More Info

2

Feedback is required to reproduce issue or to continue work

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

didericis-claude (didericis (claude)) didericis-codex (didericis (codex)) didericis-gemma (gemma) didericis

No Assignees

2 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: didericis/bot-bottle#141