Merge pull request #5 from o3-cloud/claude/issue-4-20250715-2236

Add environment variable support for MCP secrets

Author: AgentO3

README.md

@@ -45,8 +45,13 @@ Get your first AI agent running in under 2 minutes:
 
 ```bash
 # 1. Install Agentman
+
+# From PyPI (recommended)
 pip install agentman-mcp
 
+# Or, install the latest version from GitHub using uv
+uv tool install git+https://github.com/o3-cloud/agentman.git@main#egg=agentman-mcp
+
 # 2. Create and run your first agent
 mkdir my-agent && cd my-agent
 agentman run --from-agentfile -t my-agent .
@@ -215,6 +220,32 @@ The intuitive `Agentfile` syntax lets you focus on designing intelligent workflo
 | **🔐 Secure Secrets** | Environment-based secret handling with templates |
 | **🧪 Battle-Tested** | 91%+ test coverage ensures reliability |
 
+### ✨ Environment Variable Expansion in Agentfiles
+
+Now you can use environment variables directly in your `Agentfile` and `Agentfile.yml` for more flexible and secure configurations.
+
+**Usage examples:**
+
+**Agentfile format**
+```dockerfile
+# Agentfile format
+SECRET ALIYUN_API_KEY ${ALIYUN_API_KEY}
+MCP_SERVER github-mcp-server
+ENV GITHUB_PERSONAL_ACCESS_TOKEN ${GITHUB_TOKEN}
+```
+
+**YAML format**
+```yaml
+# YAML format
+secrets:
+  - name: ALIYUN_API_KEY
+    value: ${ALIYUN_API_KEY}
+mcp_servers:
+  - name: github-mcp-server
+    env:
+      GITHUB_PERSONAL_ACCESS_TOKEN: ${GITHUB_TOKEN}
+```
+
 ### 🌟 What Makes Agentman Different?
 
 **Traditional AI Development:**
@@ -744,7 +775,7 @@ agentman/
 ## 🏗️ Building from Source
 
 ```bash
-git clone https://github.com/yeahdongcn/agentman.git
+git clone https://github.com/o3-cloud/agentman.git
 cd agentman
 
 # Install

src/agentman/agentfile_parser.py

@@ -1,10 +1,43 @@
 """Agentfile parser module for parsing Agentfile configurations."""
 
 import json
+import os
+import re
 from dataclasses import dataclass, field
 from typing import Any, Dict, List, Optional, Union
 
 
+def expand_env_vars(value: str) -> str:
+    """
+    Expand environment variables in a string.
+
+    Supports both ${VAR} and $VAR syntax.
+    If environment variable is not found, returns the original placeholder.
+
+    Args:
+        value: String that may contain environment variable references
+
+    Returns:
+        String with environment variables expanded
+    """
+    if not isinstance(value, str):
+        return value
+
+    # Pattern to match ${VAR} or $VAR (where VAR is alphanumeric + underscore)
+    pattern = r'\$\{([A-Za-z_][A-Za-z0-9_]*)\}|\$([A-Za-z_][A-Za-z0-9_]*)'
+
+    def replace_var(match):
+        # Get the variable name from either group
+        var_name = match.group(1) or match.group(2)
+        env_value = os.environ.get(var_name)
+        if env_value is not None:
+            return env_value
+            # Return the original placeholder if env var not found
+        return match.group(0)
+
+    return re.sub(pattern, replace_var, value)
+
+
 @dataclass
 class MCPServer:
     """Represents an MCP server configuration."""
@@ -516,7 +549,8 @@ def _handle_secret(self, parts: List[str]):
         # Check if it's an inline value: SECRET KEY value
         if len(parts) >= 3:
             value = ' '.join(parts[2:])  # Join all remaining parts as the value
-            secret = SecretValue(name=secret_name, value=self._unquote(value))
+            expanded_value = expand_env_vars(self._unquote(value))
+            secret = SecretValue(name=secret_name, value=expanded_value)
             self.config.secrets.append(secret)
             self.current_context = None
         # Check if it's a context (no value, will be populated with sub-instructions)
@@ -565,7 +599,8 @@ def _handle_secret_sub_instruction(self, instruction: str, parts: List[str]):
         if len(parts) >= 2:
             key = instruction.upper()
             value = ' '.join(parts[1:])
-            secret_context.values[key] = self._unquote(value)
+            expanded_value = expand_env_vars(self._unquote(value))
+            secret_context.values[key] = expanded_value
         else:
             raise ValueError("SECRET context requires KEY VALUE format")
 
@@ -680,14 +715,16 @@ def _handle_server_sub_instruction(self, instruction: str, parts: List[str]):
                     key, value = env_part.split('=', 1)  # Split only on first =
                     key = self._unquote(key)
                     value = self._unquote(value)
-                    server.env[key] = value
+                    expanded_value = expand_env_vars(value)
+                    server.env[key] = expanded_value
                 else:
                     raise ValueError("ENV requires KEY VALUE or KEY=VALUE")
             elif len(parts) >= 3:
                 # Handle KEY VALUE format
                 key = self._unquote(parts[1])
                 value = self._unquote(' '.join(parts[2:]))  # Join remaining parts as value
-                server.env[key] = value
+                expanded_value = expand_env_vars(value)
+                server.env[key] = expanded_value
             else:
                 raise ValueError("ENV requires KEY VALUE or KEY=VALUE")
 

src/agentman/yaml_parser.py

@@ -16,6 +16,7 @@
     Router,
     SecretContext,
     SecretValue,
+    expand_env_vars,
 )
 
 
@@ -135,7 +136,11 @@ def _parse_mcp_servers(self, servers_config: List[Dict[str, Any]]):
             if 'env' in server_config:
                 env = server_config['env']
                 if isinstance(env, dict):
-                    server.env = env
+                    # Expand environment variables in values
+                    expanded_env = {}
+                    for key, value in env.items():
+                        expanded_env[key] = expand_env_vars(value)
+                    server.env = expanded_env
                 else:
                     raise ValueError("MCP server 'env' must be a dictionary")
 
@@ -299,13 +304,18 @@ def _parse_secrets(self, secrets_config: List[Union[str, Dict[str, Any]]]):
 
                 if 'value' in secret_config:
                     # Inline secret value
-                    secret = SecretValue(name=name, value=secret_config['value'])
+                    expanded_value = expand_env_vars(secret_config['value'])
+                    secret = SecretValue(name=name, value=expanded_value)
                     self.config.secrets.append(secret)
                 elif 'values' in secret_config:
                     # Secret context with multiple values
                     values = secret_config['values']
                     if isinstance(values, dict):
-                        secret = SecretContext(name=name, values=values)
+                        # Expand environment variables in values
+                        expanded_values = {}
+                        for key, value in values.items():
+                            expanded_values[key] = expand_env_vars(value)
+                        secret = SecretContext(name=name, values=expanded_values)
                         self.config.secrets.append(secret)
                     else:
                         raise ValueError("Secret 'values' must be a dictionary")