Similarly to codex, we should always include these in egress routes (whether or not auth_token is present), but we shouldn't always pass the auth token
RE didericis/bot-bottle#115 (comment)
Yeah, we should include it and rescope the other PR to be about injecting provider auth credentials and other…
RE didericis/bot-bottle#115 (comment)
Yes, this is what the user defined egress routes are currently:
egress:
routes:
- host:…
This doesn't need to be a separate function, and the organization is wrong/we want the code for a specific provider to be making the decision about placeholder envs (a function which switches on different provider templates is the wrong abstraction)
I'm not sure if auth_role needs to be declared in the agent runtime anymore either
lines 177-183 should also be moved into the agent provision step: it's the responsibility of the agent provisioner to determine whether or not there should be something like "egress-placeholder" in the env and which env var it should go into. This should also remove the need for placeholder_env in the provider runtime.
when we don't forward host credentials there should still be egress routes, just not egress routes with an auto-injected token (and we should have passthrough set to true so the tokens the user would set after logging in don't get stripped out)
RE: didericis/bot-bottle#110 (comment)
I want to remove _ensure_codex_host_credential_route, and have that happen via an agent provider abstraction that…
why can't we just provision the bottle egress routes based on an agent provision plan?
this should also be in the agent provisioner now, assuming we can evaluate has_provider_auth at that stage. If not we'll need a more generic hook to call into here/there should not be any logic specific to an specific type of agent in here anymore.
env provisioning should be a part of the agent provider plan/we shouldn't need to know anything about codex here.