Skip to content

feat: update egress proxy secrets on running instances#156

Draft
sjmiller609 wants to merge 2 commits intomainfrom
hypeship/update-egress-proxy-envs
Draft

feat: update egress proxy secrets on running instances#156
sjmiller609 wants to merge 2 commits intomainfrom
hypeship/update-egress-proxy-envs

Conversation

@sjmiller609
Copy link
Collaborator

@sjmiller609 sjmiller609 commented Mar 19, 2026

Summary

  • Adds PUT /instances/{id}/env endpoint for replacing instance env vars at runtime
  • Atomically updates egress proxy header-inject rules so rotated credentials take effect without restart
  • New egressproxy.Service.UpdateInjectRules() method for lightweight in-place rule swap (no iptables re-application)
  • New instances.Manager.UpdateInstanceEnv() method that validates credential bindings, persists metadata, and swaps proxy rules

Test plan

  • Unit test: TestUpdateInjectRules — verifies in-memory rule swap and error on unregistered instance
  • Integration test: extended TestEgressProxyRewritesHTTPSHeaders — rotates key mid-flight and verifies new key is injected while guest still sees mock value
  • CI build and vet pass
  • Manual smoke test with a running VM instance

🤖 Generated with Claude Code

@sjmiller609 @claude
feat: support updating egress proxy secret envs on running instances
4b1342e 
Adds PUT /instances/{id}/env endpoint that replaces instance env vars
and atomically updates egress proxy header-inject rules, enabling
credential rotation without instance restart.

Changes:
- openapi.yaml: new PUT /instances/{id}/env endpoint
- lib/oapi/oapi.go: regenerated from spec
- lib/egressproxy: UpdateInjectRules() for in-place rule swap
- lib/instances: UpdateInstanceEnv() manager method
- cmd/api/api: handler wiring
- Tests: unit test for UpdateInjectRules, integration test for key rotation

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@github-actions
Copy link

github-actions bot commented Mar 19, 2026
edited
Loading

✱ Stainless preview builds

This PR will update the hypeman SDKs with the following commit message.

feat: update egress proxy secrets on running instances

Edit this comment to update it. It will appear in the SDK's changelogs.

hypeman-typescript studio · code · diff

Your SDK build had at least one "note" diagnostic, but this did not represent a regression.
generate ✅build ✅lint ✅test ✅

npm install https://pkg.stainless.com/s/hypeman-typescript/4bec5cb823e24dc0569a110f81620530ca3ad530/dist.tar.gz
New diagnostics (1 note)
💡 Endpoint/NotConfigured: Skipped endpoint because it's not in your Stainless config: `put /instances/{id}/env`
hypeman-openapi studio · code · diff

Your SDK build had at least one "note" diagnostic, but this did not represent a regression.
generate ✅

New diagnostics (1 note)
💡 Endpoint/NotConfigured: Skipped endpoint because it's not in your Stainless config: `put /instances/{id}/env`
hypeman-go studio · code · diff

Your SDK build had at least one "note" diagnostic, but this did not represent a regression.
generate ✅build ✅lint ✅test ✅

go get github.com/stainless-sdks/hypeman-go@231cd00d936abd8a17c761d3d4cd9efc69d6477e
New diagnostics (1 note)
💡 Endpoint/NotConfigured: Skipped endpoint because it's not in your Stainless config: `put /instances/{id}/env`

This comment is auto-generated by GitHub Actions and is automatically kept up to date as you push.
If you push custom code to the preview branch, re-run this workflow to update the comment.
Last updated: 2026-03-19 19:42:44 UTC

@sjmiller609 @claude
fix: add UpdateInstanceEnv to mock and scope mapping
e81e738 
- Add UpdateInstanceEnv stub to mockInstanceManager in builds test
- Add PUT /instances/{id}/env scope mapping (InstanceWrite)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sjmiller609