From 44b642fe532483a5a13b14fa08884f9d3dc050b7 Mon Sep 17 00:00:00 2001 From: Kevin Backhouse Date: Thu, 4 Dec 2025 09:33:27 +0000 Subject: [PATCH 1/2] Rename COPILOT_TOKEN -> AI_API_TOKEN --- .devcontainer/post-attach.sh | 4 ++-- src/run_seclab_agent.sh | 2 +- src/seclab_taskflows/mcp_servers/gh_actions.py | 2 +- src/seclab_taskflows/mcp_servers/gh_code_scanning.py | 2 +- src/seclab_taskflows/mcp_servers/gh_file_viewer.py | 2 +- src/seclab_taskflows/mcp_servers/local_gh_resources.py | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.devcontainer/post-attach.sh b/.devcontainer/post-attach.sh index 0fd307a..1fda8ec 100644 --- a/.devcontainer/post-attach.sh +++ b/.devcontainer/post-attach.sh @@ -4,8 +4,8 @@ set -e # If running in Codespaces, check for necessary secrets and print error if missing if [ -v CODESPACES ]; then echo "🔐 Running in Codespaces - injecting secrets from Codespaces settings..." - if [ ! -v COPILOT_TOKEN ]; then - echo "⚠️ Running in Codespaces - please add COPILOT_TOKEN to your Codespaces secrets" + if [ ! -v AI_API_TOKEN ]; then + echo "⚠️ Running in Codespaces - please add AI_API_TOKEN to your Codespaces secrets" fi if [ ! -v GITHUB_PERSONAL_ACCESS_TOKEN ]; then echo "⚠️ Running in Codespaces - please add GITHUB_PERSONAL_ACCESS_TOKEN to your Codespaces secrets" diff --git a/src/run_seclab_agent.sh b/src/run_seclab_agent.sh index 8efdf1a..6cbc0de 100755 --- a/src/run_seclab_agent.sh +++ b/src/run_seclab_agent.sh @@ -10,4 +10,4 @@ mkdir -p data docker run -i \ --mount type=bind,src="$PWD",dst=/app \ - -e GITHUB_PERSONAL_ACCESS_TOKEN="$GITHUB_PERSONAL_ACCESS_TOKEN" -e COPILOT_TOKEN="$COPILOT_TOKEN" "ghcr.io/githubsecuritylab/seclab-taskflow-agent" "$@" + -e GITHUB_PERSONAL_ACCESS_TOKEN="$GITHUB_PERSONAL_ACCESS_TOKEN" -e AI_API_TOKEN="$AI_API_TOKEN" "ghcr.io/githubsecuritylab/seclab-taskflow-agent" "$@" diff --git a/src/seclab_taskflows/mcp_servers/gh_actions.py b/src/seclab_taskflows/mcp_servers/gh_actions.py index 01e574d..048b013 100644 --- a/src/seclab_taskflows/mcp_servers/gh_actions.py +++ b/src/seclab_taskflows/mcp_servers/gh_actions.py @@ -47,7 +47,7 @@ def __repr__(self): GITHUB_PERSONAL_ACCESS_TOKEN = os.getenv('GITHUB_PERSONAL_ACCESS_TOKEN', default='') if not GITHUB_PERSONAL_ACCESS_TOKEN: - GITHUB_PERSONAL_ACCESS_TOKEN = os.getenv('COPILOT_TOKEN') + GITHUB_PERSONAL_ACCESS_TOKEN = os.getenv('AI_API_TOKEN') ACTIONS_DB_DIR = Path(os.getenv('ACTIONS_DB_DIR', default='/app/my_data')) diff --git a/src/seclab_taskflows/mcp_servers/gh_code_scanning.py b/src/seclab_taskflows/mcp_servers/gh_code_scanning.py index f9fbd9b..4e531f5 100644 --- a/src/seclab_taskflows/mcp_servers/gh_code_scanning.py +++ b/src/seclab_taskflows/mcp_servers/gh_code_scanning.py @@ -27,7 +27,7 @@ GITHUB_PERSONAL_ACCESS_TOKEN = os.getenv('GITHUB_PERSONAL_ACCESS_TOKEN', default='') if not GITHUB_PERSONAL_ACCESS_TOKEN: - GITHUB_PERSONAL_ACCESS_TOKEN = os.getenv('COPILOT_TOKEN') + GITHUB_PERSONAL_ACCESS_TOKEN = os.getenv('AI_API_TOKEN') CODEQL_DBS_BASE_PATH = Path(os.getenv('CODEQL_DBS_BASE_PATH', default='/app/my_data')) diff --git a/src/seclab_taskflows/mcp_servers/gh_file_viewer.py b/src/seclab_taskflows/mcp_servers/gh_file_viewer.py index 58a5891..f229b16 100644 --- a/src/seclab_taskflows/mcp_servers/gh_file_viewer.py +++ b/src/seclab_taskflows/mcp_servers/gh_file_viewer.py @@ -44,7 +44,7 @@ def __repr__(self): GITHUB_PERSONAL_ACCESS_TOKEN = os.getenv('GITHUB_PERSONAL_ACCESS_TOKEN', default='') if not GITHUB_PERSONAL_ACCESS_TOKEN: - GITHUB_PERSONAL_ACCESS_TOKEN = os.getenv('COPILOT_TOKEN') + GITHUB_PERSONAL_ACCESS_TOKEN = os.getenv('AI_API_TOKEN') SEARCH_RESULT_DIR = Path(os.getenv('SEARCH_RESULTS_DIR', default='/app/my_data')) diff --git a/src/seclab_taskflows/mcp_servers/local_gh_resources.py b/src/seclab_taskflows/mcp_servers/local_gh_resources.py index 05b6b01..d88ddfe 100644 --- a/src/seclab_taskflows/mcp_servers/local_gh_resources.py +++ b/src/seclab_taskflows/mcp_servers/local_gh_resources.py @@ -24,7 +24,7 @@ GITHUB_PERSONAL_ACCESS_TOKEN = os.getenv('GITHUB_PERSONAL_ACCESS_TOKEN') if not GITHUB_PERSONAL_ACCESS_TOKEN: - GITHUB_PERSONAL_ACCESS_TOKEN = os.getenv('COPILOT_TOKEN') + GITHUB_PERSONAL_ACCESS_TOKEN = os.getenv('AI_API_TOKEN') LOCAL_GH_DIR = Path(os.getenv('LOCAL_GH_DIR', default='/app/my_data')) From 76d7468d48bc9424851a66dcf0cbffff752d3b83 Mon Sep 17 00:00:00 2001 From: Kevin Backhouse Date: Thu, 4 Dec 2025 16:18:30 +0000 Subject: [PATCH 2/2] Remove assumption that AI_API_TOKEN is also a GitHub PAT. --- src/seclab_taskflows/mcp_servers/gh_actions.py | 2 -- src/seclab_taskflows/mcp_servers/gh_code_scanning.py | 2 -- src/seclab_taskflows/mcp_servers/gh_file_viewer.py | 2 -- src/seclab_taskflows/mcp_servers/local_gh_resources.py | 2 -- 4 files changed, 8 deletions(-) diff --git a/src/seclab_taskflows/mcp_servers/gh_actions.py b/src/seclab_taskflows/mcp_servers/gh_actions.py index 048b013..3c69a5c 100644 --- a/src/seclab_taskflows/mcp_servers/gh_actions.py +++ b/src/seclab_taskflows/mcp_servers/gh_actions.py @@ -46,8 +46,6 @@ def __repr__(self): unimportant_triggers = set(['pull_request', 'workflow_dispatch']) GITHUB_PERSONAL_ACCESS_TOKEN = os.getenv('GITHUB_PERSONAL_ACCESS_TOKEN', default='') -if not GITHUB_PERSONAL_ACCESS_TOKEN: - GITHUB_PERSONAL_ACCESS_TOKEN = os.getenv('AI_API_TOKEN') ACTIONS_DB_DIR = Path(os.getenv('ACTIONS_DB_DIR', default='/app/my_data')) diff --git a/src/seclab_taskflows/mcp_servers/gh_code_scanning.py b/src/seclab_taskflows/mcp_servers/gh_code_scanning.py index 4e531f5..db5a52f 100644 --- a/src/seclab_taskflows/mcp_servers/gh_code_scanning.py +++ b/src/seclab_taskflows/mcp_servers/gh_code_scanning.py @@ -26,8 +26,6 @@ mcp = FastMCP("GitHubCodeScanning") GITHUB_PERSONAL_ACCESS_TOKEN = os.getenv('GITHUB_PERSONAL_ACCESS_TOKEN', default='') -if not GITHUB_PERSONAL_ACCESS_TOKEN: - GITHUB_PERSONAL_ACCESS_TOKEN = os.getenv('AI_API_TOKEN') CODEQL_DBS_BASE_PATH = Path(os.getenv('CODEQL_DBS_BASE_PATH', default='/app/my_data')) diff --git a/src/seclab_taskflows/mcp_servers/gh_file_viewer.py b/src/seclab_taskflows/mcp_servers/gh_file_viewer.py index f229b16..1227db8 100644 --- a/src/seclab_taskflows/mcp_servers/gh_file_viewer.py +++ b/src/seclab_taskflows/mcp_servers/gh_file_viewer.py @@ -43,8 +43,6 @@ def __repr__(self): mcp = FastMCP("GitHubFileViewer") GITHUB_PERSONAL_ACCESS_TOKEN = os.getenv('GITHUB_PERSONAL_ACCESS_TOKEN', default='') -if not GITHUB_PERSONAL_ACCESS_TOKEN: - GITHUB_PERSONAL_ACCESS_TOKEN = os.getenv('AI_API_TOKEN') SEARCH_RESULT_DIR = Path(os.getenv('SEARCH_RESULTS_DIR', default='/app/my_data')) diff --git a/src/seclab_taskflows/mcp_servers/local_gh_resources.py b/src/seclab_taskflows/mcp_servers/local_gh_resources.py index d88ddfe..79cfa0a 100644 --- a/src/seclab_taskflows/mcp_servers/local_gh_resources.py +++ b/src/seclab_taskflows/mcp_servers/local_gh_resources.py @@ -23,8 +23,6 @@ mcp = FastMCP("LocalGHResources") GITHUB_PERSONAL_ACCESS_TOKEN = os.getenv('GITHUB_PERSONAL_ACCESS_TOKEN') -if not GITHUB_PERSONAL_ACCESS_TOKEN: - GITHUB_PERSONAL_ACCESS_TOKEN = os.getenv('AI_API_TOKEN') LOCAL_GH_DIR = Path(os.getenv('LOCAL_GH_DIR', default='/app/my_data'))