Skip to content

feat: add support for secret environment variables per agent#243

Merged
pikann merged 3 commits into
masterfrom
feature/support-environment-variables-for-agent
Jul 3, 2026
Merged

feat: add support for secret environment variables per agent#243
pikann merged 3 commits into
masterfrom
feature/support-environment-variables-for-agent

Conversation

@pikann

@pikann pikann commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Summary

Adds per-agent secret environment variables, encrypted at rest and injected into the agent's sandbox container at run time. This addresses two related requests: #240 asked for a way to keep secret config (.env-style values) encrypted, and #241 needs a GITHUB_TOKEN-style credential reachable by git clone inside the sandbox — this is the "configuring environment variables directly for the agent container" approach the maintainer described in the #241 discussion.

This PR only covers the credential-delivery half of #241 (getting a token into the sandbox so cloning works). The other half — letting the agent review or update an existing pull request — is tracked as a separate follow-up and is not part of this PR, so #241 stays open until that lands too.

Changes

Backend (services/api)

  • New agent_environment_variables table (migration 000017), values encrypted with the existing AES-256-GCM secret.Encryptor — the same mechanism already used for llm_api_key_secret.
  • Full CRUD (list/add/update/delete) across domain, postgres repository, service, DTO, handler, and router layers, mirroring the existing agent_mcp_servers slice.
  • Key validation: must match ^[A-Za-z_][A-Za-z0-9_]*$ and can't collide with reserved sandbox-internal variable names (GIT_AUTHOR_*, GIT_COMMITTER_*, OH_SECRET_KEY, OH_EXTRA_PYTHON_PATH, PACA_*), checked case-insensitively so a lowercase lookalike can't bypass it.
  • Creating a duplicate key on the same agent now returns a proper 409 (ErrEnvVarKeyTaken) instead of a raw database error.
  • API responses never return the plaintext value — always masked as "***", even immediately after creation.

Runtime (services/ai-agent)

  • AgentConfig now carries decrypted env_vars, loaded the same way as the LLM API key. A variable that fails to decrypt is omitted entirely rather than injected as an empty string, so it fails clearly (missing) instead of ambiguously (blank).
  • docker_sandbox() injects them as real container environment variables, so they're usable by git clone, build tools, and deploy scripts — not scoped to a single MCP server subprocess. Reserved infra vars always win on name collision as defense-in-depth alongside the backend-side validation.

Frontend (apps/web)

  • New "Environment" tab on the agent detail page to add, list, and delete secret variables — masked values, no reveal affordance once saved.
  • Translated into all supported locales (en, fr, ja, zh-CN, ko, vi, es).

Test plan

  • go build ./... && go vet ./... && go test ./... (services/api)
  • pytest (services/ai-agent)
  • tsc -b && biome check . && vitest run && npm run build (apps/web)
  • Manual smoke test against a live Postgres + Docker sandbox: add a GITHUB_TOKEN variable on an agent, trigger a private-repo clone, confirm the token reaches the container.

Closes #240

pikann added 3 commits July 3, 2026 09:45
- Introduced a new table `agent_environment_variables` to store encrypted environment variables for each agent.
- Implemented CRUD operations for environment variables in the agent repository and service layers.
- Added validation for environment variable keys to ensure they are well-formed and not reserved.
- Updated agent configuration to include environment variables.
- Enhanced API endpoints to manage environment variables, including listing, adding, updating, and deleting.
- Updated error handling for environment variable operations.
@pikann pikann merged commit 3e23310 into master Jul 3, 2026
12 checks passed
@pikann pikann deleted the feature/support-environment-variables-for-agent branch July 3, 2026 14:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[Feature] Update to the official github plugin that can help to configure credentials after clonning

1 participant