docs+config: surface the two env-variable expansion syntaxes (#2615)#2851
Conversation
Two incompatible expansion syntaxes coexist in agent YAML today and the
mismatch fails silently at runtime:
- JS template literals (`${env.X}`) for prompts, instructions,
commands, headers and toolset `env` values.
- Shell-style (`$VAR`, `${VAR}`, `~`) for path fields
(`working_dir`, toolset `path`).
Add a 'Variable Expansion in Config Fields' section to the configuration
overview with a quick-reference table, and cross-link from the agents
and tools pages so users can find the supported syntax for each field.
This is the documentation stop-gap requested in docker#2615; runtime
unification is tracked separately.
Two incompatible expansion syntaxes coexist in agent YAML (see docker#2615): JS template literals (`${env.X}`) for prompt-like fields, and shell-style (`$VAR`/`${VAR}`/`~`) for path fields. When the wrong syntax is used in a field, expansion silently no-ops and the literal string is passed through. Emit a slog warning at config-load time when: - a JS-expanded field (description, welcome_message, instruction, commands, headers, env values) contains a shell-style `${UPPER_CASE}` reference and no `${env.X}` is present; - a path field (toolset working_dir, path) contains `${env.X}`. Warnings only — runtime behavior is unchanged. This makes the silent no-op visible while a proper unification is designed (docker#2710).
The 'Variable Expansion in Config Fields' section listed toolset env
values under the JS-template syntax, but the runtime expands them with
os.Expand (shell-style $VAR / ${VAR}). Move env to the shell-style
section, add the api_config.endpoint / api_config.headers entry to the
JS-template list, and adjust the quick-reference table accordingly.
Refs: docker#2615
Address several issues in the warnExpansionMismatches helper:
* Avoid leaking field values: warnPathField previously logged the full
field contents, which can include credentials embedded in path or env
strings. Log only the offending variable name.
* Match lower-case shell identifiers: os.Expand accepts ${user},
${db_path}, etc., but the regex was upper-case-only and let those
silent failures slip through.
* Cover env values in shell-expanded toolsets, ScriptShellToolConfig
(per-script working_dir and env), api_config.endpoint /
api_config.headers / api_config.instruction on api toolsets, and hook
working_dir / env on every HooksConfig list (including matcher-based
PreToolUse, PostToolUse, PermissionRequest, ToolResponseTransform).
* Stop racing with slog.Default(): the helper now takes a *slog.Logger
argument, which Load passes from slog.Default() and tests instantiate
per-test. The test suite no longer mutates the global default logger,
so it is safe to mark warning tests t.Parallel() alongside the rest of
the package.
Refs: docker#2615
docker-agent
left a comment
docker-agent
left a comment
There was a problem hiding this comment.
Assessment: 🟢 APPROVE
The expansion-warning subsystem is well-structured with good test coverage. All medium-severity hypotheses were dismissed: types.Command fields are fully covered (Instruction is set for both simple-string and struct-format commands), and the broad suppression in warnJSField is an intentional documented design tradeoff. One low-severity inconsistency was found between the fast-path guard and the regex in warnPathField.
| // does not recognize. The variable name is captured but the surrounding | ||
| // value is not, since path/env values frequently contain credentials. | ||
| func warnPathField(ctx context.Context, logger *slog.Logger, loc, field, value string) { | ||
| if value == "" || !strings.Contains(value, "${env.") { |
There was a problem hiding this comment.
[LOW] warnPathField fast-path guard misses whitespace variants like ${ env.X}
The fast-path early return uses strings.Contains(value, "${env.") which does not match ${ env.X } (whitespace after ${). However, the jsEnvRefStrict regex (\$\{\s*env\.) does allow leading whitespace inside ${}, and JavaScript template literals also permit this (${ env.HOME } is valid JS that the evaluator would expand). A user who writes ${ env.HOME}/work in a working_dir field would get no warning despite the JS evaluator being able to process it.
Suggested fix: widen the fast-path guard to check for "${" instead of the full "${env.", or remove it and rely solely on the regex:
// Before
if value == "" || !strings.Contains(value, "${env.") {
// After
if value == "" || !strings.Contains(value, "${") {This is a minor gap — spaces in ${env.X} are rare in practice — but the inconsistency between the guard and the regex is a latent correctness issue.
aheritier
added
area/config
4 participants
Stop-gap for #2615 — surfaces the silently-failing variable-expansion mismatch in agent YAML without changing runtime behavior.
Background
Agent YAML uses two incompatible expansion syntaxes:
${env.X}(with||defaults, ternaries, tool calls). Used indescription,welcome_message,instruction,commands, headers, andapi_config. Backed bypkg/js.$VAR,${VAR},~. Used in path-like fields (working_dir, toolsetpath) and toolset/hookenvvalues. Backed byos.Expand/pkg/path.Mixing them up (e.g.
${USER}in adescription, or${env.HOME}in aworking_dir) is a silent no-op: the literal string is passed through. This bites users every few weeks.PR #2710 attempts a runtime unification but is blocked on design (reflection-based walker, breaking
Sourceinterface). This PR takes the smaller steps the issue explicitly invited:Runtime behavior is unchanged.
What's in this PR
Documentation
docs/configuration/overview/index.mdgets a new "Variable Expansion in Config Fields" section with a quick-reference table:${env.X}$X/${X}~description,welcome_messageinstruction(agent + toolset)commands.*headers,remote.headersapi_config.endpoint/headersworking_dir,pathenvvalues (toolset/hook)Cross-links added from
docs/configuration/agents/index.mdanddocs/configuration/tools/index.md.Warnings at config-load
pkg/config/expansion_warnings.goaddswarnExpansionMismatches, called at the end ofconfig.Load. It walks every agent + toolset + hook and emits a singleslog.Warnper offending occurrence withlocation,field,variable, and a link to #2615.Two cases:
${IDENT}indescription,welcome_message,instruction,commands, headers (headers,remote.headers,api_config.headers),api_config.endpoint,api_config.instruction. Suppressed when the same value also contains a real${env.X}so legitimate JS templates with non-env interpolations don't false-positive.${env.X}inworking_dir, toolsetpath, toolsetenv,scriptshellworking_dir/env, all hookworking_dir/env.The warning logs the variable name and location only — never the full field value, since
path:/env:values often contain credentials.Tests
10 table tests in
pkg/config/expansion_warnings_test.gocover both directions, false-positive avoidance, secret non-leakage, lowercase identifiers, mixed JS+shell headers,APIConfig,ScriptShellToolConfig, and hooks. All run witht.Parallel()because the logger is dependency-injected (no globalslog.Default()mutation).Validation
task build✓task test✓ (all packages pass with-race)task lint✓ (0 issues, custom lint clean,go.modtidy)Commits
The two
fix:/docs:follow-ups came out of self-review; happy to squash on merge.Out of scope
EnvProviderthroughpkg/path/expand.goso secrets / env files reachworking_dir. Tracked as a follow-up — it's a small, contained change once this lands.Closes part of #2615 (documentation + visibility); leaves it open for the runtime unification.