fix(task_runner): forward ~/.ductor/.env secrets to one-shot subprocess#139
Open
ryuhaneul wants to merge 1 commit into
Open
fix(task_runner): forward ~/.ductor/.env secrets to one-shot subprocess#139ryuhaneul wants to merge 1 commit into
ryuhaneul wants to merge 1 commit into
Conversation
Interactive CLI calls already merge ~/.ductor/.env via cli/executor.py:_build_env (mtime-cached, hot-reload). Cron, webhook, and background one-shots only received DUCTOR_HOME. Extend run_oneshot_task to merge load_env_secrets results into one_shot.env_overrides when ductor_home is known, skipping keys already in os.environ or explicitly set above (DUCTOR_HOME). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Background
When I edit
~/.ductor/.envwhile ductor is running (e.g. adding a new API key for a new skill, or rotating a secret), interactive chat picks up the change on the very next message —cli/executor.py:_build_envre-reads the file each turn viaenv_secrets.load_env_secrets(mtime-cached, no override of existing process env).Cron, webhook, and background one-shots don't see the edit until I fully restart the bot, because they only receive
DUCTOR_HOMEinjected intoOneShotCommand.env_overrides(added by rr#19 / #121). Any newly added key in.envis invisible to them until restart.It would be more convenient if those one-shots also re-read
.envso a freshly added key is usable on the next cron tick / background task without bouncing the bot.Proposed change
In
infra/task_runner.run_oneshot_task, whenductor_homeis provided, also mergeload_env_secrets(ductor_home / ".env")intoone_shot.env_overrides, skipping keys already set inos.environor already present inenv_overrides(so the existingDUCTOR_HOMEinjection stays authoritative). Same low-priority merge policy ascli/executor.py:_build_env— keys already in the process environment are never overridden.When
ductor_homeisNone, behavior is unchanged.Test plan
pytest tests/infra/test_task_runner.py tests/infra/test_env_secrets.py tests/cron tests/background tests/webhook— 317 passedruff checkcleanruff format --checkcleanmypycleanAdded
tests/infra/test_task_runner.pywith 3 regression gates for the new merge policy:.envkeys absent fromos.environare forwarded intoenv_overrides.envDUCTOR_HOMEset above the merge is never overridden by a strayDUCTOR_HOME=line in.env