Similarly to codex, we should always include these in egress routes (whether or not auth_token is present), but we shouldn't always pass the auth token
RE didericis/bot-bottle#115 (comment)
Yeah, we should include it and rescope the other PR to be about injecting provider auth credentials and other…
RE didericis/bot-bottle#115 (comment)
Yes, this is what the user defined egress routes are currently:
egress:
routes:
- host:…
This doesn't need to be a separate function, and the organization is wrong/we want the code for a specific provider to be making the decision about placeholder envs (a function which switches on different provider templates is the wrong abstraction)
I'm not sure if auth_role needs to be declared in the agent runtime anymore either
lines 177-183 should also be moved into the agent provision step: it's the responsibility of the agent provisioner to determine whether or not there should be something like "egress-placeholder" in the env and which env var it should go into. This should also remove the need for placeholder_env in the provider runtime.
when we don't forward host credentials there should still be egress routes, just not egress routes with an auto-injected token (and we should have passthrough set to true so the tokens the user would set after logging in don't get stripped out)
RE: didericis/bot-bottle#110 (comment)
I want to remove _ensure_codex_host_credential_route, and have that happen via an agent provider abstraction that…
why can't we just provision the bottle egress routes based on an agent provision plan?