Better handling skill depdenencies on ENV VAR. #9017
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 08c5dfd013
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 8b9694f7dd
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 77ba509ded
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| let mut user_note = None; | ||
| for entry in &answer.answers { | ||
| if let Some(note) = entry.strip_prefix("user_note: ") { | ||
| if !note.trim().is_empty() { | ||
| user_note = Some(note.trim().to_string()); |
There was a problem hiding this comment.
This extraction only looks for entries prefixed with "user_note: ". The RequestUserInputAnswer protocol doesn’t require that prefix, and other clients (including core tests that submit answers: ["yes"]) send plain answer strings. In those cases, values stays empty and the env var is never persisted or injected, so skills will still be missing their required env vars after the prompt. Consider also accepting the first non-empty answer (or any non-user_note entry) when parsing responses.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
Seems like a legit concern.
There was a problem hiding this comment.
I think all clients should follow the same behavior, there is no reason to only set "user_note:" for TUI.
| /// Env var persistence uses keyring first, then falls back to a local file. | ||
| /// Keys are the raw env var names, without skill-level namespacing. | ||
| /// The file lives at `codex_home/env_vars.json` with 0600 permissions on Unix. | ||
| pub(crate) fn load_env_var(codex_home: &Path, name: &str) -> io::Result<Option<String>> { |
There was a problem hiding this comment.
Not a blocker but we should consider consolidating this with the existing logic in codex-rs/rmcp-client/src/oauth.rs. Feels like we should have a secret manager for handling these things.
| ) | ||
| .await; | ||
|
|
||
| let config = turn_context.client.config(); |
There was a problem hiding this comment.
Should this happen before we spin up missing mcp servers?
mzeng-openai
left a comment
mzeng-openai
left a comment
There was a problem hiding this comment.
Stamping to unblock! Please take a look at the issue that Codex spotted if possible.
| pub(crate) description: Option<String>, | ||
| } | ||
| use crate::skills::SkillMetadata; | ||
| /// Resolve required dependency values (session cache, then env vars), |
There was a problem hiding this comment.
nit:new line between imports and function signature?
| let name = dependency.name.clone(); | ||
| if !seen_names.insert(name.clone()) { | ||
| continue; | ||
| } |
There was a problem hiding this comment.
can you use Hashmap.difference method?
There was a problem hiding this comment.
difference only gives you set membership and drops per‑item context; here we must keep each dependency’s metadata (skill name/description)
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 4fba945ca6
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| match env::var(&name) { | ||
| Ok(value) => { | ||
| loaded_values.insert(name.clone(), value); | ||
| continue; |
There was a problem hiding this comment.
When the feature is enabled, this reads env::var directly and caches the value even if it would be excluded by ShellEnvironmentPolicy (e.g., the default *KEY*/*TOKEN* filters). Because ShellHandler later merges dependency_env into exec_params.env, those secrets get injected into every shell run without prompting, bypassing the policy and potentially leaking credentials. Consider only auto-loading vars that would pass create_env (or prompt if excluded) so the policy continues to gate secret propagation.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
It's OK for now.
| is_other: false, | ||
| is_secret: true, |
There was a problem hiding this comment.
is_secret: true is now set for env-var dependency prompts, but the app-server v2 protocol (ToolRequestUserInputQuestion) doesn’t carry isSecret, and bespoke_event_handling drops any extra fields. In app-server clients the flag will be lost, so secret prompts will render as plain text even though core intends masking. This should be forwarded through the app-server protocol/mapping so non-TUI clients can respect secret inputs.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 2e3d4dfd49
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| match env::var(&name) { | ||
| Ok(value) => { | ||
| loaded_values.insert(name.clone(), value); | ||
| continue; |
There was a problem hiding this comment.
resolve_skill_dependencies_for_turn treats any Ok(value) from env::var as satisfied, so a dependency like API_KEY set to the empty string will be cached and skip the prompt. In shells/CI it’s common to export empty placeholders, and downstream tools typically treat empty values as “missing,” so this will silently proceed with an unusable credential. Consider treating empty/whitespace-only values as missing and prompting instead.
Useful? React with 👍 / 👎.
An experimental flow for env var skill dependencies. Skills can now declare required env vars in SKILL.md; if missing, the CLI prompts the user to get the value, and Core will store it in memory (eventually to a local persistent store)
