Provider services: cannot inject environment variables without service name prefix

[rajyan]

Description

Description

I'm building a Compose provider plugin that injects secrets from external vaults into dependent services. The goal is to replace wrapper scripts (e.g., chamber exec, doppler run --, op run --) with a native Compose integration:

services:
  secrets:
    provider:
      type: my-vault-provider
      options:
        backend: aws-ssm
        param:
          - AUTH0_CLIENT_SECRET=/app/stg/auth0_client_secret

  app:
    depends_on:
      - secrets

Problem

setenv variables are always prefixed with the service name, so AUTH0_CLIENT_SECRET becomes SECRETS_AUTH0_CLIENT_SECRET. Many applications and frameworks require exact variable names (e.g., AUTH0_CLIENT_SECRET for Auth0, NEXT_PUBLIC_* for Next.js), and there is no way to inject them as-is.

${SECRETS_AUTH0_CLIENT_SECRET} in the environment section doesn't work either, since it resolves at parse time before the provider runs.

Proposal

Add a rawsetenv message type to the provider protocol that injects variables without the service name prefix:

{"type": "rawsetenv", "message": "AUTH0_CLIENT_SECRET=xxx"}

The provider binary decides whether each variable should be prefixed (setenv) or injected as-is (rawsetenv).

Possible implementation in pkg/compose/plugins.go:

type envVar struct {
    value    string
    prefixed bool
}

// During plugin output parsing:
case SetEnvType:
    variables[key] = envVar{val, true}
case RawSetEnvType:
    variables[key] = envVar{val, false}

// When injecting into dependent services:
prefix := strings.ToUpper(service.Name) + "_"
for key, v := range variables {
    if v.prefixed {
        s.Environment[prefix+key] = &v.value
    } else {
        s.Environment[key] = &v.value
    }
}