molecule-core

History

rabbitblood e08f28c962 feat(platform): provision-time env mutator hook for plugins Add `provisionhook.EnvMutator` extension point so out-of-tree plugins (e.g. github-app-auth, vault-secrets) can inject or override env vars right before container Start, without forking core or piling more provider-specific code into the handlers package. WorkspaceHandler gains an optional `envMutators provisionhook.Registry` wired in via SetEnvMutators during boot. The hook fires after built-in secret loads + per-agent git identity, so plugins can both read what's already there and override anything they own (GIT_AUTHOR_, GITHUB_TOKEN). A nil registry is a no-op via Registry.Run's nil-receiver branch — keeps the hot path a single nil compare and means existing flows stay green even with zero plugins registered. Mutator failure aborts provisioning and marks the workspace failed with the wrapped error in last_sample_error. Failing fast surfaces the cause to the operator instead of letting an agent boot into opaque "git push 401" loops it can never recover from on its own. Tests cover ordered execution, chained env visibility, first-error abort, nil-receiver no-op, nil-mutator drop, registration order, and concurrent register-vs-run safety (-race clean). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-16 06:47:09 -07:00
..
mutator_test.go	feat(platform): provision-time env mutator hook for plugins	2026-04-16 06:47:09 -07:00
mutator.go	feat(platform): provision-time env mutator hook for plugins	2026-04-16 06:47:09 -07:00

rabbitblood e08f28c962 feat(platform): provision-time env mutator hook for plugins

Add `provisionhook.EnvMutator` extension point so out-of-tree plugins
(e.g. github-app-auth, vault-secrets) can inject or override env vars
right before container Start, without forking core or piling more
provider-specific code into the handlers package.

WorkspaceHandler gains an optional `envMutators *provisionhook.Registry`
wired in via SetEnvMutators during boot. The hook fires after built-in
secret loads + per-agent git identity, so plugins can both read what's
already there and override anything they own (GIT_AUTHOR_*, GITHUB_TOKEN).

A nil registry is a no-op via Registry.Run's nil-receiver branch — keeps
the hot path a single nil compare and means existing flows stay green
even with zero plugins registered.

Mutator failure aborts provisioning and marks the workspace failed with
the wrapped error in last_sample_error. Failing fast surfaces the cause
to the operator instead of letting an agent boot into opaque "git push
401" loops it can never recover from on its own.

Tests cover ordered execution, chained env visibility, first-error abort,
nil-receiver no-op, nil-mutator drop, registration order, and concurrent
register-vs-run safety (-race clean).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-16 06:47:09 -07:00

mutator_test.go

feat(platform): provision-time env mutator hook for plugins

2026-04-16 06:47:09 -07:00

mutator.go

feat(platform): provision-time env mutator hook for plugins

2026-04-16 06:47:09 -07:00