From e0b76b04f4eeedde04deed073f97b289603cb78e Mon Sep 17 00:00:00 2001 From: rabbitblood Date: Mon, 13 Apr 2026 19:19:21 -0700 Subject: [PATCH 1/2] chore(template): authenticated git clone in initial_prompt when GITHUB_TOKEN is set Fixes the template-layer half of #13. Previously initial_prompt cloned `https://github.com/${GITHUB_REPO}.git` with no authentication, which fails for private repos in non-TTY docker exec with: fatal: could not read Username for 'https://github.com': terminal prompts disabled Now the prompt uses `https://x-access-token:${GITHUB_TOKEN}@github.com/...` when GITHUB_TOKEN is present in env (global secret, set per CEO on 2026-04-13), falls back to anonymous clone when it isn't. This is a belt-and-suspenders template default. The platform-level fix (#13) is still needed so the provisioner rewrites clone URLs consistently, but the template should work out of the box too. --- org-templates/molecule-dev/org.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/org-templates/molecule-dev/org.yaml b/org-templates/molecule-dev/org.yaml index 9e938ef3..040d48c4 100644 --- a/org-templates/molecule-dev/org.yaml +++ b/org-templates/molecule-dev/org.yaml @@ -16,7 +16,12 @@ defaults: # be ready yet. Keep it local: clone, read, memorize. Wait for tasks. initial_prompt: | You just started. Set up your environment silently — do NOT contact other agents yet. - 1. Clone the repo: git clone https://github.com/${GITHUB_REPO}.git /workspace/repo 2>/dev/null || (cd /workspace/repo && git pull) + 1. Clone the repo (authenticated when GITHUB_TOKEN is available, anonymous otherwise): + if [ -n "$GITHUB_TOKEN" ]; then + git clone "https://x-access-token:${GITHUB_TOKEN}@github.com/${GITHUB_REPO}.git" /workspace/repo 2>/dev/null || (cd /workspace/repo && git pull) + else + git clone "https://github.com/${GITHUB_REPO}.git" /workspace/repo 2>/dev/null || (cd /workspace/repo && git pull) + fi 2. Set up git hooks: cd /workspace/repo && git config core.hooksPath .githooks 3. Read /workspace/repo/CLAUDE.md to understand the project 4. Read your system prompt at /configs/system-prompt.md to understand your role From cd739ef299bbde71e14e92948e70f9683c2f90bb Mon Sep 17 00:00:00 2001 From: rabbitblood Date: Mon, 13 Apr 2026 21:07:26 -0700 Subject: [PATCH 2/2] =?UTF-8?q?chore(template):=20address=20review=20feedb?= =?UTF-8?q?ack=20=E2=80=94=20scrub=20token=20from=20.git/config=20+=20docu?= =?UTF-8?q?ment=20env=20vars?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Addresses FLAG 1 and FLAG 2 from the 7-Gate review on PR #20. FLAG 1 (token persisted on disk): Previous: `git clone https://x-access-token:${GITHUB_TOKEN}@github.com/...` wrote the full tokenized URL into /workspace/repo/.git/config as `[remote "origin"] url = …`. Token survived container restarts on any bind-mounted workspace_dir. Fix: after clone, `git remote set-url origin https://github.com/${GITHUB_REPO}.git` scrubs the token from the remote URL. Token is only in the clone command's argv (transient) and not persisted on disk. Falls back to anonymous for public repos. FLAG 2 (docs not updated): Added GITHUB_REPO and GITHUB_TOKEN entries under a new 'GitHub' section in .env.example with notes about (a) what they're read for, (b) that GITHUB_TOKEN should be registered as a global secret via POST /admin/secrets, (c) how it's handled to avoid on-disk persistence. FLAG 3 (per-workspace gating) is deferred to a separate issue — it's a platform design question about secret scope/ACLs, not a template fix. --- .env.example | 4 ++++ org-templates/molecule-dev/org.yaml | 8 ++++++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/.env.example b/.env.example index fc6e1edc..f6f38291 100644 --- a/.env.example +++ b/.env.example @@ -31,6 +31,10 @@ PLUGINS_DIR= # Path to plugins/ directory (default: /plugins i # Observability (Awareness) # AWARENESS_URL= # If set, injected into workspace containers along with a deterministic AWARENESS_NAMESPACE derived from workspace ID. Enables the cross-session memory MCP server. +# GitHub +# GITHUB_REPO=owner/repo # Target repo for agent initial_prompt clone (e.g. Molecule-AI/molecule-monorepo). Read inside workspace containers. +# GITHUB_TOKEN= # Personal access token / installation token used by agents that clone private repos. Register as a global secret via POST /admin/secrets for propagation to workspace env. Token is used in-URL during clone and then scrubbed from .git/config via `git remote set-url`. + # Webhooks # GITHUB_WEBHOOK_SECRET= # HMAC secret used to verify incoming GitHub webhook payloads at /webhooks/github. diff --git a/org-templates/molecule-dev/org.yaml b/org-templates/molecule-dev/org.yaml index 040d48c4..a0f3f6d0 100644 --- a/org-templates/molecule-dev/org.yaml +++ b/org-templates/molecule-dev/org.yaml @@ -16,9 +16,13 @@ defaults: # be ready yet. Keep it local: clone, read, memorize. Wait for tasks. initial_prompt: | You just started. Set up your environment silently — do NOT contact other agents yet. - 1. Clone the repo (authenticated when GITHUB_TOKEN is available, anonymous otherwise): + 1. Clone the repo (authenticated when GITHUB_TOKEN is available, anonymous otherwise). + When a token is present, use it in-URL ONLY for the clone, then immediately scrub + the remote URL so the token is never persisted to /workspace/repo/.git/config: if [ -n "$GITHUB_TOKEN" ]; then - git clone "https://x-access-token:${GITHUB_TOKEN}@github.com/${GITHUB_REPO}.git" /workspace/repo 2>/dev/null || (cd /workspace/repo && git pull) + git clone "https://x-access-token:${GITHUB_TOKEN}@github.com/${GITHUB_REPO}.git" /workspace/repo 2>/dev/null \ + && (cd /workspace/repo && git remote set-url origin "https://github.com/${GITHUB_REPO}.git") \ + || (cd /workspace/repo && git pull) else git clone "https://github.com/${GITHUB_REPO}.git" /workspace/repo 2>/dev/null || (cd /workspace/repo && git pull) fi