Skip to content

fix(preview): let the atrium-preview tool actually install in sandboxes#548

Merged
gbasin merged 1 commit into
masterfrom
fix/preview-tool-allowlist
Jul 16, 2026
Merged

fix(preview): let the atrium-preview tool actually install in sandboxes#548
gbasin merged 1 commit into
masterfrom
fix/preview-tool-allowlist

Conversation

@gbasin

@gbasin gbasin commented Jul 16, 2026

Copy link
Copy Markdown
Collaborator

Follow-up to #547. The tool shipped correctly but no sandbox can install it, so an agent asked for a preview would find nothing.

infra/values.local.yaml sets TOOL_ALLOWLIST: "none" to hide the ~78 upstream plugins that have no creds in Atrium. install_tool_shims.py skips anything not on that list — including ours.

Caught by running a real agent turn on prod and exec'ing into the live sandbox:

command -v atrium-preview     -> MISSING
centaur-tools list | preview  -> NOT-IN-CATALOG
echo $TOOL_ALLOWLIST          -> none

The file's own comment predicted exactly this: "When a tool is actually wired up (creds granted + deps installable), list its package name here, comma-separated." It now is — ATRIUM_PREVIEW_LAUNCHER_TOKEN is in centaur-infra-env and iron-proxy injects it host-scoped — so this lists it.

Also documents which name is matched: the directory name under centaur/tools, not pyproject's [project] name (install_tool_shims.py: tool_name = package_dir.name). They're identical here, but the next tool shouldn't have to re-derive that.

Why CI couldn't catch this: CI never installs tool shims, and the tool builds, lints, and passes its tests regardless of this env var. It needs a redeploy to take effect — SESSION_SANDBOX_EXTRA_ENV is read by api-rs and baked into each sandbox at creation.

#547 shipped the tool, but no sandbox could see it: values.local.yaml sets
TOOL_ALLOWLIST: "none" to hide the ~78 upstream plugins, and install_tool_shims
skips every tool not on the list. Verified in a live prod sandbox mid-turn:

  command -v atrium-preview   -> MISSING
  centaur-tools list | preview -> NOT-IN-CATALOG
  echo $TOOL_ALLOWLIST         -> none

That file's own comment called this shot: "When a tool is actually wired up
(creds granted + deps installable), list its package name here." It now is —
the token is in centaur-infra-env and iron-proxy injects it — so list it.

The matched name is the tool's DIRECTORY name, not pyproject's [project] name
(install_tool_shims.py: tool_name = package_dir.name). Both are atrium-preview
here, but the comment now says which one it is so the next tool doesn't guess.

Only reachable by running a real turn on prod: CI never installs tool shims, and
the tool builds, lints, and passes its own tests regardless of this env var.
@gbasin gbasin enabled auto-merge July 16, 2026 20:03
@gbasin gbasin added this pull request to the merge queue Jul 16, 2026
Merged via the queue into master with commit 7b81208 Jul 16, 2026
16 checks passed
@gbasin gbasin deleted the fix/preview-tool-allowlist branch July 16, 2026 20:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant