chore(template): address review feedback — scrub token from .git/config + document env vars

Addresses FLAG 1 and FLAG 2 from the 7-Gate review on PR #20. FLAG 1 (token persisted on disk): Previous: `git clone https://x-access-token:${GITHUB_TOKEN}@github.com/...` wrote the full tokenized URL into /workspace/repo/.git/config as `[remote "origin"] url = …`. Token survived container restarts on any bind-mounted workspace_dir. Fix: after clone, `git remote set-url origin https://github.com/${GITHUB_REPO}.git` scrubs the token from the remote URL. Token is only in the clone command's argv (transient) and not persisted on disk. Falls back to anonymous for public repos. FLAG 2 (docs not updated): Added GITHUB_REPO and GITHUB_TOKEN entries under a new 'GitHub' section in .env.example with notes about (a) what they're read for, (b) that GITHUB_TOKEN should be registered as a global secret via POST /admin/secrets, (c) how it's handled to avoid on-disk persistence. FLAG 3 (per-workspace gating) is deferred to a separate issue — it's a platform design question about secret scope/ACLs, not a template fix.
2026-04-13 21:07:26 -07:00 · 2026-04-13 21:07:26 -07:00 · cf9d2acbf9
commit cf9d2acbf9
parent 2693e9ab3b
2 changed files with 10 additions and 2 deletions
--- a/.env.example
+++ b/.env.example
@ -31,6 +31,10 @@ PLUGINS_DIR=                   # Path to plugins/ directory (default: /plugins i
 # Observability (Awareness)
 # AWARENESS_URL=                         # If set, injected into workspace containers along with a deterministic AWARENESS_NAMESPACE derived from workspace ID. Enables the cross-session memory MCP server.

+# GitHub
+# GITHUB_REPO=owner/repo                 # Target repo for agent initial_prompt clone (e.g. Molecule-AI/molecule-monorepo). Read inside workspace containers.
+# GITHUB_TOKEN=                          # Personal access token / installation token used by agents that clone private repos. Register as a global secret via POST /admin/secrets for propagation to workspace env. Token is used in-URL during clone and then scrubbed from .git/config via `git remote set-url`.
+
 # Webhooks
 # GITHUB_WEBHOOK_SECRET=                 # HMAC secret used to verify incoming GitHub webhook payloads at /webhooks/github.

--- a/org-templates/molecule-dev/org.yaml
+++ b/org-templates/molecule-dev/org.yaml
@ -16,9 +16,13 @@ defaults:
  # be ready yet. Keep it local: clone, read, memorize. Wait for tasks.
  initial_prompt: |
    You just started. Set up your environment silently — do NOT contact other agents yet.
-    1. Clone the repo (authenticated when GITHUB_TOKEN is available, anonymous otherwise):
+    1. Clone the repo (authenticated when GITHUB_TOKEN is available, anonymous otherwise).
+       When a token is present, use it in-URL ONLY for the clone, then immediately scrub
+       the remote URL so the token is never persisted to /workspace/repo/.git/config:
       if [ -n "$GITHUB_TOKEN" ]; then
-         git clone "https://x-access-token:${GITHUB_TOKEN}@github.com/${GITHUB_REPO}.git" /workspace/repo 2>/dev/null || (cd /workspace/repo && git pull)
+         git clone "https://x-access-token:${GITHUB_TOKEN}@github.com/${GITHUB_REPO}.git" /workspace/repo 2>/dev/null \
+           && (cd /workspace/repo && git remote set-url origin "https://github.com/${GITHUB_REPO}.git") \
+           || (cd /workspace/repo && git pull)
       else
         git clone "https://github.com/${GITHUB_REPO}.git" /workspace/repo 2>/dev/null || (cd /workspace/repo && git pull)
       fi