From cf9d2acbf975555c5b423babea0cd43edda4b795 Mon Sep 17 00:00:00 2001 From: rabbitblood Date: Mon, 13 Apr 2026 21:07:26 -0700 Subject: [PATCH] =?UTF-8?q?chore(template):=20address=20review=20feedback?= =?UTF-8?q?=20=E2=80=94=20scrub=20token=20from=20.git/config=20+=20documen?= =?UTF-8?q?t=20env=20vars?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Addresses FLAG 1 and FLAG 2 from the 7-Gate review on PR #20. FLAG 1 (token persisted on disk): Previous: `git clone https://x-access-token:${GITHUB_TOKEN}@github.com/...` wrote the full tokenized URL into /workspace/repo/.git/config as `[remote "origin"] url = …`. Token survived container restarts on any bind-mounted workspace_dir. Fix: after clone, `git remote set-url origin https://github.com/${GITHUB_REPO}.git` scrubs the token from the remote URL. Token is only in the clone command's argv (transient) and not persisted on disk. Falls back to anonymous for public repos. FLAG 2 (docs not updated): Added GITHUB_REPO and GITHUB_TOKEN entries under a new 'GitHub' section in .env.example with notes about (a) what they're read for, (b) that GITHUB_TOKEN should be registered as a global secret via POST /admin/secrets, (c) how it's handled to avoid on-disk persistence. FLAG 3 (per-workspace gating) is deferred to a separate issue — it's a platform design question about secret scope/ACLs, not a template fix. --- .env.example | 4 ++++ org-templates/molecule-dev/org.yaml | 8 ++++++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/.env.example b/.env.example index fc6e1edc..f6f38291 100644 --- a/.env.example +++ b/.env.example @@ -31,6 +31,10 @@ PLUGINS_DIR= # Path to plugins/ directory (default: /plugins i # Observability (Awareness) # AWARENESS_URL= # If set, injected into workspace containers along with a deterministic AWARENESS_NAMESPACE derived from workspace ID. Enables the cross-session memory MCP server. +# GitHub +# GITHUB_REPO=owner/repo # Target repo for agent initial_prompt clone (e.g. Molecule-AI/molecule-monorepo). Read inside workspace containers. +# GITHUB_TOKEN= # Personal access token / installation token used by agents that clone private repos. Register as a global secret via POST /admin/secrets for propagation to workspace env. Token is used in-URL during clone and then scrubbed from .git/config via `git remote set-url`. + # Webhooks # GITHUB_WEBHOOK_SECRET= # HMAC secret used to verify incoming GitHub webhook payloads at /webhooks/github. diff --git a/org-templates/molecule-dev/org.yaml b/org-templates/molecule-dev/org.yaml index 040d48c4..a0f3f6d0 100644 --- a/org-templates/molecule-dev/org.yaml +++ b/org-templates/molecule-dev/org.yaml @@ -16,9 +16,13 @@ defaults: # be ready yet. Keep it local: clone, read, memorize. Wait for tasks. initial_prompt: | You just started. Set up your environment silently — do NOT contact other agents yet. - 1. Clone the repo (authenticated when GITHUB_TOKEN is available, anonymous otherwise): + 1. Clone the repo (authenticated when GITHUB_TOKEN is available, anonymous otherwise). + When a token is present, use it in-URL ONLY for the clone, then immediately scrub + the remote URL so the token is never persisted to /workspace/repo/.git/config: if [ -n "$GITHUB_TOKEN" ]; then - git clone "https://x-access-token:${GITHUB_TOKEN}@github.com/${GITHUB_REPO}.git" /workspace/repo 2>/dev/null || (cd /workspace/repo && git pull) + git clone "https://x-access-token:${GITHUB_TOKEN}@github.com/${GITHUB_REPO}.git" /workspace/repo 2>/dev/null \ + && (cd /workspace/repo && git remote set-url origin "https://github.com/${GITHUB_REPO}.git") \ + || (cd /workspace/repo && git pull) else git clone "https://github.com/${GITHUB_REPO}.git" /workspace/repo 2>/dev/null || (cd /workspace/repo && git pull) fi