env (#540) #542

Merged

charles merged 2 commits from dev/540 into main

2026-04-28 20:47:07 +00:00

dev commented

2026-04-28 19:44:14 +00:00

Collaborator

Summary

config/agents.json is now fleet-only: types + default_reviewer_type only. The dashboard's PUT /config/agents has a narrower blast radius — it can only touch fleet config.
config/service.json (new) carries all service-infra fields: forge URL, container image, MCP commands, watchdogs, node_flows, auth, penpot, pipeline, janitor, shutdown, session/usage tuning, webhook secret rotation.
Environment variables are the sole accepted path for all secrets: OAuth client IDs/secrets, PUBLIC_BASE_URL, WEBHOOK_SECRET. Env wins over any on-disk value.
Migration mode: service-infra fields in agents.json still work during the migration window — they emit one deprecation warning per field and are promoted to the service config. Operators can run just config-split to migrate without a hard cutover.
PUT /config/agents now pre-checks content for service/secret fields and returns 400 with a per-field pointer to the correct home before the Zod pass runs.

Changes

service-config-schema.ts — new Zod schema for service.json + SERVICE_FIELDS_HOME / LEGACY_SERVICE_FIELDS / LEGACY_SECRET_FIELDS
agents-config-schema.ts — narrowed to fleet-only; repos removed
webhook-config.ts — dual-file loader: reads service.json alongside agents.json; env-var overrides for all secrets; migration loop
config.ts — PUT /config/agents pre-check for misplaced fields with actionable 400 responses
auth.ts — autheliaLogoutUrl made optional (deprecated)
scripts/config-split.ts — one-shot migration helper
justfile — config-split recipe
docs/configuration.md — full field reference for all three locations

Test plan

137 tests pass across 3 test files (agents-config-schema, config handler, webhook-config)
just config-split --dry-run preview on existing deployment
Service starts cleanly with split config/agents.json + config/service.json
Legacy single-file agents.json still boots (deprecation warnings, not errors)

Closes #540

🤖 Generated with Claude Code

## Summary - **`config/agents.json`** is now fleet-only: `types` + `default_reviewer_type` only. The dashboard's `PUT /config/agents` has a narrower blast radius — it can only touch fleet config. - **`config/service.json`** (new) carries all service-infra fields: forge URL, container image, MCP commands, watchdogs, node_flows, auth, penpot, pipeline, janitor, shutdown, session/usage tuning, webhook secret rotation. - **Environment variables** are the sole accepted path for all secrets: OAuth client IDs/secrets, `PUBLIC_BASE_URL`, `WEBHOOK_SECRET`. Env wins over any on-disk value. - **Migration mode**: service-infra fields in `agents.json` still work during the migration window — they emit one deprecation warning per field and are promoted to the service config. Operators can run `just config-split` to migrate without a hard cutover. - **`PUT /config/agents`** now pre-checks content for service/secret fields and returns `400` with a per-field pointer to the correct home before the Zod pass runs. ## Changes - `service-config-schema.ts` — new Zod schema for `service.json` + `SERVICE_FIELDS_HOME` / `LEGACY_SERVICE_FIELDS` / `LEGACY_SECRET_FIELDS` - `agents-config-schema.ts` — narrowed to fleet-only; `repos` removed - `webhook-config.ts` — dual-file loader: reads `service.json` alongside `agents.json`; env-var overrides for all secrets; migration loop - `config.ts` — `PUT /config/agents` pre-check for misplaced fields with actionable 400 responses - `auth.ts` — `autheliaLogoutUrl` made optional (deprecated) - `scripts/config-split.ts` — one-shot migration helper - `justfile` — `config-split` recipe - `docs/configuration.md` — full field reference for all three locations ## Test plan - [ ] 137 tests pass across 3 test files (agents-config-schema, config handler, webhook-config) - [ ] `just config-split --dry-run` preview on existing deployment - [ ] Service starts cleanly with split `config/agents.json` + `config/service.json` - [ ] Legacy single-file agents.json still boots (deprecation warnings, not errors) Closes #540 🤖 Generated with [Claude Code](https://claude.com/claude-code)

dev added 1 commit

2026-04-28 19:44:14 +00:00

refactor(config): split agents.json into agents/service files + env for secrets (#540 )

qa / qa (pull_request) Failing after 12m2s

Details

qa / dockerfile (pull_request) Successful in 15s

Details

6ab1a7ff86

- `config/agents.json` is now fleet-only: types + default_reviewer_type
- `config/service.json` carries all service-infra fields (forge URL,
  container image, MCP commands, watchdogs, node_flows, auth, penpot,
  pipeline, janitor, shutdown, session/usage tuning, webhook secret
  rotation)
- OAuth credentials (Forgejo/GitHub/GitLab client IDs/secrets) and
  PUBLIC_BASE_URL move exclusively to environment variables; env wins
  over any on-disk value via `pickOAuthSecret`
- WEBHOOK_SECRET env var wins over webhook_secret_file
- Migration mode: service-infra fields in agents.json emit a deprecation
  warning per field and are still honoured (operators can run
  `just config-split` to migrate without a hard cutover)
- `service-config-schema.ts`: Zod schema for service.json + exported
  SERVICE_FIELDS_HOME / LEGACY_SERVICE_FIELDS / LEGACY_SECRET_FIELDS
- `agents-config-schema.ts`: narrowed to fleet-only (removed all service
  and secret sub-schemas)
- `PUT /config/agents`: pre-checks content for service/secret fields and
  returns 400 with a per-field pointer to the correct home before the
  Zod pass runs
- `auth.ts`: made autheliaLogoutUrl optional (deprecated, no longer read)
- `scripts/config-split.ts`: one-shot migration helper
- `justfile`: added `config-split` recipe
- `docs/configuration.md`: full field reference for all three locations
- Tests: config handler tests rewritten for fleet-only PUT; agents-config-
  schema tests updated (repos removed from fleet schema); 18 new tests in
  webhook-config.test.ts covering split-config loading, legacy migration
  warnings, and env-var OAuth overrides

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

dev referenced this pull request from a commit

2026-04-28 19:59:13 +00:00

fix(ci): update /whoami test — authelia_logout_url no longer surfaced (#542)

dev added 1 commit

2026-04-28 19:59:13 +00:00

fix(ci): update /whoami test — authelia_logout_url no longer surfaced (#542 )

qa / qa (pull_request) Successful in 12m52s

Details

qa / dockerfile (pull_request) Successful in 14s

Details

1e49fd5d9c

`#540` deprecated `authelia_logout_url` and stopped populating
`autheliaLogoutUrl` on `AuthConfig`, so `/whoami` now returns
`null` for `logout_url`. Update the assertion to match.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

dev requested review from reviewer

2026-04-28 20:23:39 +00:00

dev referenced this pull request from a commit

2026-04-28 20:28:48 +00:00

fix(ci): update /whoami test — authelia_logout_url no longer surfaced (#542)

dev force-pushed dev/540 from 1e49fd5d9c

qa / qa (pull_request) Successful in 12m52s

Details

qa / dockerfile (pull_request) Successful in 14s

Details

to c31626ea65

qa / qa (pull_request) Successful in 12m23s