Problem
The current [agent].inherit_env field is allow-list-only. This works when the operator wants to pass through a small, known set of keys, but it's brittle for workloads where the OAB process inherits a large, dynamically injected env set — most notably AWS-IRSA / web-identity pods on Kubernetes.
Concrete failure case: when the OAB pod uses an IRSA service account, k8s injects AWS_ROLE_ARN, AWS_WEB_IDENTITY_TOKEN_FILE, AWS_REGION, AWS_DEFAULT_REGION, AWS_STS_REGIONAL_ENDPOINTS, etc. The agent subprocess needs ALL of them to authenticate against AWS, but listing every one in inherit_env is brittle — new keys appear as the platform evolves, and operators forget to add them.
What's actually wanted is the inverse: "inherit everything from the OAB process, except these specific secrets that must stay contained" (DISCORD_BOT_TOKEN, SLACK_BOT_TOKEN, ANTHROPIC_API_KEY, ...).
Discussion: https://discord.com/channels/1491295327620169908/1500049405984772096/1500055699261231267
Proposal
Replace flat [agent].inherit_env with a structured [agent.clear_env] table that supports both filtering directions plus a clean escape hatch:
if enabled (default true):
if allow_list non-empty: pass only those keys from process env
elif deny_list non-empty: pass all process env EXCEPT deny_list
else: pass nothing (pure secure default)
else:
pass all process env (escape hatch — both lists ignored)
allow_list takes priority over deny_list when both are set under enabled = true (deny-list branch is only reached when allow-list is empty). [agent].env always wins on key conflict.
Helm values
agents:
myagent:
clearEnv:
enabled: true # default
allowList: []
denyList: []TOML config
[agent.clear_env]
deny_list = ["DISCORD_BOT_TOKEN", "SLACK_BOT_TOKEN", "ANTHROPIC_API_KEY"]
BREAKING CHANGE (beta)
agents.<name>.inheritEnv is removed. Migration:
- inheritEnv: ["A", "B"]
+ clearEnv:
+ allowList: ["A", "B"]
Helm template hard-fails with a migration message if the legacy key is encountered.
PR
#722
Problem
The current
[agent].inherit_envfield is allow-list-only. This works when the operator wants to pass through a small, known set of keys, but it's brittle for workloads where the OAB process inherits a large, dynamically injected env set — most notably AWS-IRSA / web-identity pods on Kubernetes.Concrete failure case: when the OAB pod uses an IRSA service account, k8s injects
AWS_ROLE_ARN,AWS_WEB_IDENTITY_TOKEN_FILE,AWS_REGION,AWS_DEFAULT_REGION,AWS_STS_REGIONAL_ENDPOINTS, etc. The agent subprocess needs ALL of them to authenticate against AWS, but listing every one ininherit_envis brittle — new keys appear as the platform evolves, and operators forget to add them.What's actually wanted is the inverse: "inherit everything from the OAB process, except these specific secrets that must stay contained" (
DISCORD_BOT_TOKEN,SLACK_BOT_TOKEN,ANTHROPIC_API_KEY, ...).Discussion: https://discord.com/channels/1491295327620169908/1500049405984772096/1500055699261231267
Proposal
Replace flat
[agent].inherit_envwith a structured[agent.clear_env]table that supports both filtering directions plus a clean escape hatch:allow_listtakes priority overdeny_listwhen both are set underenabled = true(deny-list branch is only reached when allow-list is empty).[agent].envalways wins on key conflict.Helm values
TOML config
BREAKING CHANGE (beta)
agents.<name>.inheritEnvis removed. Migration:Helm template hard-fails with a migration message if the legacy key is encountered.
PR
#722