feat(container-config): DB-backed env + blocked_hosts for ContainerConfig#2709
Open
markbala wants to merge 1 commit into
Open
feat(container-config): DB-backed env + blocked_hosts for ContainerConfig#2709markbala wants to merge 1 commit into
markbala wants to merge 1 commit into
Conversation
…nfig Add two DB-backed JSON columns to container_configs, materialized into container.json and applied at container spawn: - env: extra env vars injected as -e KEY=VALUE (applied after the OneCLI gateway so they win over its injected vars, e.g. ANTHROPIC_BASE_URL). - blocked_hosts: hosts mapped to 0.0.0.0 via --add-host. Together these let an agent group be routed to a local OpenAI/Anthropic- compatible endpoint and hardened against silent cloud fallback (block api.anthropic.com) without editing source — the infra the /add-ollama-provider skill (nanocoai#1859) documented as a deferred prerequisite. Stored as JSON columns alongside skills/mcp_servers/additional_mounts so they survive materializeContainerJson and are managed via ncl (groups config set-env / block-host / unblock-host). Closes nanocoai#1867. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
github-actions
Bot
added
the
follows-guidelines
This was referenced Jun 8, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Type of Change
Implements maintainer-filed #1867 (a source-level enhancement the maintainers requested).
Description
What. Adds two DB-backed JSON columns to
container_configs—env(Record<string,string>) andblocked_hosts(string[]) — materialised intocontainer.jsonand applied at container spawn:env→ injected as-e KEY=VALUE, after the OneCLI gateway so config vars win (e.g. overridingANTHROPIC_BASE_URL).blocked_hosts→ each mapped to0.0.0.0via--add-host.Why. Lets an agent group be routed to a local OpenAI/Anthropic-compatible endpoint and hardened against silent cloud fallback without editing source — the infra #1859 (
/add-ollama-provider) documented as a deferred prerequisite, so that skill's redirect survives the DB→container.jsonmaterialise instead of being wiped on each spawn. Closes #1867.How. Stored as JSON columns alongside
skills/mcp_servers/additional_mountsfor consistency. Migration 016 adds the columns;configFromDbparses them; backfill carries any legacycontainer.jsonvalues in. Managed viancl groups config set-env/block-host/unblock-host;config getshows both. (#1859's third prereq, the Dockerfile chmod, is an independent concern — out of scope.)Tested.
tscclean;pnpm test335 passing (3 new incontainer-configs.test.ts). Validated live: an agent group pointed at a local Ollama endpoint viaenv.ANTHROPIC_BASE_URLwithapi.anthropic.comblocked —docker inspectconfirms the-evars +ExtraHosts: api.anthropic.com:0.0.0.0, the agent replies via the local model, and the config survives respawns.