[codex] Add MCP agent sandbox JWT config#333
Merged
Merged
Conversation
|
| Filename | Overview |
|---|---|
| charts/retool/templates/deployment_mcp.yaml | Adds AGENT_SANDBOX_JWT_PRIVATE_KEY env var injection; new block is structurally identical to the existing oauthIntrospectionAuthToken block at lines 139–148, with a jwt-private-key default key name consistent with the values comments. |
| charts/retool/ci/test-mcp-agent-sandbox-secret-option.yaml | New CI overlay exercising the secretKeyRef code path with a custom key name (private-key); satisfies the required oauthIntrospectionAuthToken guard via the inline token field. |
| charts/retool/ci/test-mcp-enabled-option.yaml | Adds agentSandboxJwtPrivateKey inline literal to the existing enabled-option CI overlay, exercising the else-if branch. |
| charts/retool/values.yaml | Documents the four new config keys in comments; inline literal is clearly marked as dev/testing only; in sync with the root values.yaml. |
| charts/retool/Chart.yaml | Patch version bump from 6.11.1 to 6.11.2, appropriate for the additive config change. |
| values.yaml | Root values.yaml kept in sync with charts/retool/values.yaml; identical diff. |
Flowchart
%%{init: {'theme': 'neutral'}}%%
flowchart TD
A[mcp.config] --> B{agentSandboxJwtPrivateKeySecretName set?}
B -- Yes --> C[secretKeyRef\nname: SecretName\nkey: SecretKey OR 'jwt-private-key']
C --> D[AGENT_SANDBOX_JWT_PRIVATE_KEY\nenv var via valueFrom]
B -- No --> E{agentSandboxJwtPrivateKey set?}
E -- Yes --> F[Inline literal\nvalue: privateKey]
F --> G[AGENT_SANDBOX_JWT_PRIVATE_KEY\nenv var via value]
E -- No --> H[Env var omitted\nno AGENT_SANDBOX_JWT_PRIVATE_KEY]
Reviews (1): Last reviewed commit: "Add MCP agent sandbox JWT key config" | Re-trigger Greptile
JatinNanda
approved these changes
Jun 12, 2026
Contributor
Author
Merge activity
|
JatinNanda
added a commit
that referenced
this pull request
Jun 13, 2026
JatinNanda
added a commit
that referenced
this pull request
Jun 15, 2026
…gres.urlSecretName); require encryption key (#331) * fix(rr): stop agentSandbox externalSecret.name from hijacking postgres; require its encryption key setting rr.agentSandbox.externalSecret.name (intended for the JWT keypair) silently (a) routed the agent sandbox postgres connection to that secret's postgres-url key and (b) coupled the encryption key to it. an existing deployment that just wanted to reuse its backend postgres crashed at runtime with getaddrinfo ENOTFOUND. - postgres now only reads from externalSecret when postgres.fromExternalSecret: true (default false); otherwise it inherits the backend's config.postgresql connection, even when externalSecret.name is set for the JWT - require the agent sandbox encryption key (validateSecrets, mirroring the JWT keys): the proxy derives the sandbox-iframe asset-token HMAC key from AGENT_SANDBOX_ENCRYPTION_KEY and throws when serving a sandbox without it (agent_executor/proxy/src/config.ts getAssetTokenHmacSecret), so 'optional' would surface as a green pod that fails at first sandbox use. fail loudly at render instead. - updated both validateSecrets fail hints to mention postgres.fromExternalSecret: true - values.yaml (both copies): add postgres.fromExternalSecret, mark encryptionKey required, note 64 hex - bump chart 6.11.1 -> 6.11.2; update ci fixtures to supply the now-required encryption key and add fromExternalSecret: true to the Option-4 sandbox fixture * Respect postgres.passwordSecretName in presence of rr.agentSandbox.externalSecret (cherry picked from commit 38304c0) * refactor(rr): replace postgres.fromExternalSecret with postgres.urlSecretName the fromExternalSecret boolean was redundant with the existing Option-3 postgres.urlSecretName/urlSecretKey: 'read postgres-url from externalSecret.name' is identical to pointing urlSecretName at that same secret (urlSecretKey already defaults to postgres-url). drop the bespoke flag and the externalSecret postgres branch entirely, so externalSecret.name covers ONLY the JWT/encryption keys and never sources postgres. - remove rr.agentSandbox.postgres.fromExternalSecret (both values.yaml copies) - postgresUrlEnv: delete the externalSecret postgres branch; move the passwordSecretName PGPASSWORD support (#332) into the urlSecretName branch, so 'DSN from a secret + auto-rotated password from another secret' uses Option 3 - validateSecrets: drop the externalSecret term from $explicitPg; repoint both fail hints to postgres.urlSecretName - ci: test-agent-sandbox-enabled-option uses postgres.urlSecretName (Option 3) pointed at its JWT secret instead of the removed flag * fix(rr): render blobStorage env onto the workflow worker the agentExecutor / snapshotRetention temporal activities run on the WORKFLOW_TEMPORAL_WORKER (registered in workflowsExecutor/onpremWorker) and read snapshot blob storage via getBlobStoreForSnapshots (RR_SNAPSHOTS_* with an RR_DEFAULT_* fallback). but gitServer.commonEnv was only injected onto the main backend and the standalone git-server pod, so the worker had no RR_DEFAULT_* and snapshot blob access failed there -- forcing operators to hand-plumb RR_SNAPSHOTS_* via env. include gitServer.commonEnv on the worker when rr.gitServer.enabled (no git-server host/port split -- the worker is a blob-storage client, not the git server). self-guards on rr.blobStorage being set, so it no-ops otherwise. * chore(rr): bump chart version to 6.11.3 (rebased past #333) --------- Co-authored-by: Ryan Artecona <ryanartecona@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds typed MCP configuration for AGENT_SANDBOX_JWT_PRIVATE_KEY, supporting both inline values and Kubernetes Secret references. Documents the new mcp.config keys in both synced values files and adds CI overlays for inline and secret-backed rendering. Bumps the chart patch version to 6.11.2. Validated with Helm render checks, targeted helm lint, a full CI option render sweep, and the values sync diff.