Commit 9b35a13
* Add declarative bring-your-own agent support (#191 Phase 1)
Let users run arbitrary coding agents from global config with no Go code,
no fork, and no Dockerfile in this repo — the issue's "first useful
iteration" acceptance criteria:
agents:
aider:
image: ghcr.io/acme/aider-bbox:latest
command: ["aider"]
env_forward: [OPENAI_API_KEY, "AIDER_*"]
mcp:
mode: env
Then `bbox agents doctor aider` and `bbox aider` work.
Changes:
- Extend AgentOverride with description, default_env, env_required,
credentials.persist, settings entries, per-profile egress_hosts, and
mcp.mode. Add AgentFromOverride (pure config->Agent mapping) and
ValidateCustomAgent (pure load-time checks; image-ref parser injected
as a closure to keep the domain free of go-containerregistry).
- Inject universal BBOX_* env vars into every VM via
agent.BuildUniversalEnv, applied authoritatively after forwarded host
vars. BBOX_MCP_URL uses a new shared config.MCPEndpointPath ("/mcp")
constant, de-duplicating the path previously hardcoded in the proxy and
all five built-in clients.
- mcp.mode: env enables the proxy without a config-file injector; the
agent discovers it via BBOX_MCP_URL. mcp.mode: config is rejected.
- Add `bbox agents list|inspect|doctor`. inspect shows field provenance
and env names only (never values); doctor exits non-zero on invalid
config or missing required env. `bbox list` stays a shared alias.
- Safer defaults for custom agents: empty env_forward, egress profile
standard, MCP authz safe-tools.
- Security: workspace-local config can never add a custom agent or new
credential paths, repoint an existing agent's image/command, or widen
its env_forward — tighten-only (mergeAgentOverride). Validate
credential/settings paths are relative and cannot escape the home dir.
- Add a guard test pinning go-microvm's gateway IP to the literal
pkg/sandbox uses for BBOX_MCP_URL.
Deferred to follow-ups: agents import/export, OCI-embedded manifests,
mcp.mode: config, agents add/init, and trusted host-side plugins.
Implemented via an architect -> implement -> 5-axis panel review -> fix
orchestration loop.
Fixes #191
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01VP887qH8BMW4PMUXBuEqGc
* Address review: boot canonical BYO agent, tighten MCP merge, UX
- custom_agent.go: ValidateCustomAgent skips the egress_hosts gate when
mcp.mode=env so the issue #191 canonical aider example passes
- sandbox.go: at runtime, mcp.mode=env + hostless non-permissive profile
yields an empty (gateway-only) restricted policy instead of failing
egress.Resolve, so the canonical example actually boots (all external
egress still blocked; proxy is the only path out)
- sandbox.go: Prepare enforces env_required presence before booting the
VM, failing fast with a pointer to 'bbox agents doctor'
- config.go: mergeAgentOverride ignores workspace-local MCP.Mode (#2,
CWE-862) and makes per-agent MCP.Enabled tighten-only (#3, CWE-862)
- main.go: not-found path for declared-but-skipped agents points at
'bbox agents doctor' instead of the generic available-agents list
- agents.go: TYPE column in list; provenance brackets for EnvForward and
Egress profile; MISSING marker and doctor missing-env name the remedy;
unknown-agent errors point at 'bbox agents list'
- tests: new runtime boot test, canonical-example validation test,
tighten-only MCP.Enabled test; renamed MCPModeOverride test to
LocalMCPModeIgnored
---------
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
1 parent e3ffe7a commit 9b35a13
21 files changed
Lines changed: 3414 additions & 169 deletions
File tree
- cmd/bbox
- internal/infra
- config
- mcp
- vm
- pkg
- clients
- claudecode
- codex
- gemini
- hermes
- opencode
- domain
- agent
- config
- sandbox
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
114 | 114 | | |
115 | 115 | | |
116 | 116 | | |
| 117 | + | |
| 118 | + | |
| 119 | + | |
| 120 | + | |
| 121 | + | |
| 122 | + | |
| 123 | + | |
| 124 | + | |
| 125 | + | |
117 | 126 | | |
118 | 127 | | |
119 | 128 | | |
| |||
0 commit comments