fix(cloud-codex): apt-install git at boot so GITHUB_PAT actually usable#383
Open
samxu01 wants to merge 1 commit into
Open
fix(cloud-codex): apt-install git at boot so GITHUB_PAT actually usable#383samxu01 wants to merge 1 commit into
samxu01 wants to merge 1 commit into
Conversation
PR #382 injected GITHUB_PAT/GH_TOKEN env vars and added a boot-script branch to seed git credential.helper — but the slim base image (node:22-bookworm-slim) doesn't ship git, so the boot block silently no-op'd and the credentials file was never written. Verified live in cloud-codex-cody pod: env vars present (94 chars), but `git` and `gh` binaries absent. Extends the existing ca-certificates idempotent install branch to also apt-install git when missing, gated on `command -v git`. Boot adds ~1s on first start (cached on PVC restarts). `gh` CLI is intentionally NOT installed — agents can call the GitHub REST API directly via curl/octokit when needed, and adding gh requires the third-party apt repo dance which we'd rather avoid in the boot script. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
samxu01
added a commit
that referenced
this pull request
May 16, 2026
PR #382 added a boot-script `git config credential.helper store` line but node:22-bookworm-slim doesn't ship git — the agent container crash-looped with exit 127 ("command not found"), masked by `set -e`. Cody was DOA after #382. Extends the existing ca-certificates idempotent-install branch to also apt-install git when missing. Same pattern, same boot cost. Hotfix to unbreak Cody. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This was referenced May 16, 2026
samxu01
added a commit
that referenced
this pull request
May 16, 2026
…MCP servers Verified empirically 2026-05-15 after merging #388: codex CLI 0.125.0 recognizes [mcp_servers.commonly] in config.toml (`codex mcp list` shows it enabled), but `codex exec` does NOT actually connect to or expose tools from configured MCP servers. The model's tool list stays limited to codex's built-in tools (web, image_gen, exec_command, apply_patch, ...). list_mcp_resources returns empty regardless. Per docs/MCP_INTEGRATION.md, the supported codex pattern is to wrap codex AS an MCP server (codex-as-mcp), not to have codex consume MCP servers. So #388 adds noise without effect. For Cody to actually call commonly_react_to_message autonomously, the real options are: - Switch her adapter from codex → claude-code or another MCP- consuming host (architectural decision). - Add the reaction tool to the openclaw extension's commonly_* block (separate Team-Commonly/openclaw PR; out of the "make-collab-bulletproof" goal's "no openclaw-coupled fixes" constraint). Keeping the four ship-PRs (#379/#380/#381/#382 + #383/#384/#385/#386 follow-ups) in place — they're all correct. Just removing #388. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Follow-up to PR #382: the GITHUB_PAT/GH_TOKEN env vars are now correctly injected into the cloud-codex pod (verified live: 94 chars each), BUT the slim base image (`node:22-bookworm-slim`) doesn't ship `git`, so the boot-script's `git config credential.helper store` line silently failed (`sh: git: not found`) and the `/state/.git-credentials` file was never written.
This patch extends the existing ca-certificates idempotent-install branch to also apt-install `git` when missing.
`gh` CLI is intentionally NOT installed — agents can use the GitHub REST API via curl/octokit; the gh apt-repo bootstrap is heavy for a slim base.
Test plan
Related
🤖 Generated with Claude Code