Skip to content

Support generic fan-out env projection#489

Merged
chubes4 merged 2 commits into
mainfrom
codex-oauth-provider
Jun 2, 2026
Merged

Support generic fan-out env projection#489
chubes4 merged 2 commits into
mainfrom
codex-oauth-provider

Conversation

@chubes4

@chubes4 chubes4 commented May 31, 2026

Copy link
Copy Markdown
Member

Summary

  • Extend the generic CLI channel registry with caller-provided env_from references so integrations can project parent environment values into child sessions without storing raw values in DMC config.
  • Redact projected secret-like values from synchronous CLI stdout/stderr metadata and reuse the same redactor for run artifact PR sections.
  • Keep DMC provider-agnostic: no product-specific gateway names, plugin references, env var names, or OpenCode gateway-mode logic are introduced.

Fixes #488.

Tests

  • php tests/smoke-cli-channel-transport.php
  • php tests/smoke-run-artifact-pr-section-renderer.php
  • php -l inc/Channels/CliChannelRegistry.php && php -l inc/Channels/CliChannelTransport.php && php -l inc/Support/SecretRedactor.php && php -l inc/Support/RunArtifactPrSectionRenderer.php && php -l tests/smoke-cli-channel-transport.php && php -l tests/smoke-run-artifact-pr-section-renderer.php
  • homeboy lint --path /Users/chubes/Developer/data-machine-code@codex-oauth-provider --extension wordpress ⚠️ PHPCS passed; PHPStan still reports existing repo-wide findings plus existing strictness around touched files.
  • homeboy test --path /Users/chubes/Developer/data-machine-code@codex-oauth-provider --extension wordpress ⚠️ blocked by WP Codebox bootstrap failure: resolved data-machine dependency is missing vendor/autoload.php.

Risks

  • env_from reads values from the PHP process environment at dispatch time; integrations still own configuring those parent env vars securely.
  • Redaction is heuristic for configured/static env names and explicit projected secret values; integrations should continue avoiding command echo of secrets where possible.

AI assistance

  • AI assistance: Yes
  • Tool(s): OpenCode (GPT-5.5)
  • Used for: Drafted the implementation, smoke coverage, verification, and PR description; Chris remains responsible for review and merge.

@homeboy-ci

homeboy-ci Bot commented May 31, 2026

Copy link
Copy Markdown
Contributor

Homeboy Results — data-machine-code

Lint

lint — passed

ℹ️ Full options: homeboy docs commands/lint
ℹ️ Save lint baseline: homeboy lint data-machine-code --baseline
Deep dive: homeboy lint data-machine-code --changed-since 1255959

Artifacts and drill-down
  • CI results artifact: homeboy-ci-results-data-machine-code-lint-quality-Linux-node24 contains immediate command JSON for this action invocation.
  • Observation artifact: homeboy-observations-data-machine-code-lint-quality-Linux-node24 contains exported Homeboy run history for deeper queries.
  • Drill-down: download the observation artifact, then run homeboy runs import <dir>, homeboy runs list, and homeboy runs findings <run-id>.
  • Artifacts are attached to the workflow run: https://github.com/Extra-Chill/data-machine-code/actions/runs/26725566413

Test

test — passed

ℹ️ Auto-fix lint issues: homeboy refactor data-machine-code --from lint --write
ℹ️ Collect coverage: homeboy test data-machine-code --coverage
ℹ️ Save test baseline: homeboy test data-machine-code --baseline
ℹ️ Pass args to test runner: homeboy test -- [args]
ℹ️ Full options: homeboy docs commands/test
Deep dive: homeboy test data-machine-code --changed-since 1255959

Artifacts and drill-down
  • CI results artifact: homeboy-ci-results-data-machine-code-test-quality-Linux-node24 contains immediate command JSON for this action invocation.
  • Observation artifact: homeboy-observations-data-machine-code-test-quality-Linux-node24 contains exported Homeboy run history for deeper queries.
  • Drill-down: download the observation artifact, then run homeboy runs import <dir>, homeboy runs list, and homeboy runs findings <run-id>.
  • Artifacts are attached to the workflow run: https://github.com/Extra-Chill/data-machine-code/actions/runs/26725566413

Audit

audit — passed

  • audit — 6 finding(s)
  • Total: 6 finding(s)

Deep dive: homeboy audit data-machine-code --changed-since 1255959

Artifacts and drill-down
  • CI results artifact: homeboy-ci-results-data-machine-code-audit-quality-Linux-node24 contains immediate command JSON for this action invocation.
  • Observation artifact: homeboy-observations-data-machine-code-audit-quality-Linux-node24 contains exported Homeboy run history for deeper queries.
  • Drill-down: download the observation artifact, then run homeboy runs import <dir>, homeboy runs list, and homeboy runs findings <run-id>.
  • Artifacts are attached to the workflow run: https://github.com/Extra-Chill/data-machine-code/actions/runs/26725566413
Tooling versions
  • Homeboy CLI: homeboy 0.213.9+af8c834
  • Extension: wordpress from https://github.com/Extra-Chill/homeboy-extensions
  • Extension revision: 3dc5eafe
  • Action: unknown@unknown

@chubes4 chubes4 changed the title Pass WP AI Gateway credentials to CLI fan-out sessions Support generic fan-out env projection May 31, 2026
@chubes4 chubes4 merged commit 0419a74 into main Jun 2, 2026
5 checks passed
@chubes4 chubes4 deleted the codex-oauth-provider branch June 2, 2026 02:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Support generic runtime secret/env projection for fan-out sessions

1 participant