didericis/bot-bottle
1
0
Fork 0
Code Issues 7 Pull Requests 5 Actions Packages Projects Releases Wiki Activity

PRD 0029: Codex host credentials through egress #110

Merged
didericis merged 25 commits from codex/prd-codex-host-credentials into main 2026-06-01 23:16:25 -04:00
Conversation 18 Commits 25 Files Changed 32
+16 -9
2 changed files with 16 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 59df0b0f0f - Show all commits
bot_bottle/agent_provider.py
+7 -7
View File
@@ -160,14 +160,14 @@ def agent_provision_plan(
config_file.chmod(0o600) config_file.chmod(0o600)
files.append(AgentProvisionFile(config_file, config_path)) files.append(AgentProvisionFile(config_file, config_path))
for host in CODEX_HOST_CREDENTIAL_HOSTS:
egress_routes.append(EgressRoute(
host=host,
auth_scheme="Bearer" if forward_host_credentials else "",
token_ref=CODEX_HOST_CREDENTIAL_TOKEN_REF if forward_host_credentials else "",
tls_passthrough=True,
))
if forward_host_credentials: if forward_host_credentials:
for host in CODEX_HOST_CREDENTIAL_HOSTS:
egress_routes.append(EgressRoute(
host=host,
auth_scheme="Bearer",
token_ref=CODEX_HOST_CREDENTIAL_TOKEN_REF,
tls_passthrough=True,
))
auth_file = state_dir / "codex-auth.json" auth_file = state_dir / "codex-auth.json"
write_codex_dummy_auth_file(auth_file, host_env or dict(os.environ)) write_codex_dummy_auth_file(auth_file, host_env or dict(os.environ))
files.append(AgentProvisionFile(auth_file, f"{auth_dir}/auth.json")) files.append(AgentProvisionFile(auth_file, f"{auth_dir}/auth.json"))
tests/unit/test_agent_provider.py
+9 -2
View File
@@ -117,7 +117,7 @@ class TestAgentProviderRuntime(unittest.TestCase):
self.assertEqual(CODEX_HOST_CREDENTIAL_TOKEN_REF, r.token_ref) self.assertEqual(CODEX_HOST_CREDENTIAL_TOKEN_REF, r.token_ref)
self.assertTrue(r.tls_passthrough) self.assertTrue(r.tls_passthrough)
def test_codex_without_forward_host_credentials_has_no_egress_routes(self): def test_codex_without_forward_host_credentials_has_passthrough_egress_routes(self):
with tempfile.TemporaryDirectory(prefix="bb-provider.") as tmp: with tempfile.TemporaryDirectory(prefix="bb-provider.") as tmp:
plan = agent_provision_plan( plan = agent_provision_plan(
template="codex", template="codex",
@@ -125,7 +125,14 @@ class TestAgentProviderRuntime(unittest.TestCase):
state_dir=Path(tmp), state_dir=Path(tmp),
forward_host_credentials=False, forward_host_credentials=False,
) )
self.assertEqual((), plan.egress_routes) self.assertEqual(
{r.host for r in plan.egress_routes},
set(CODEX_HOST_CREDENTIAL_HOSTS),
)
for r in plan.egress_routes:
self.assertEqual("", r.auth_scheme)
self.assertEqual("", r.token_ref)
self.assertTrue(r.tls_passthrough)
def test_claude_plan_has_no_egress_routes(self): def test_claude_plan_has_no_egress_routes(self):
with tempfile.TemporaryDirectory(prefix="bb-provider.") as tmp: with tempfile.TemporaryDirectory(prefix="bb-provider.") as tmp: