feat(agent-providers): non-interactive right agent providers add CLI#116
Merged
Conversation
de4ps
force-pushed
the
feat/agent-providers-add-cli
branch
from
63b87dd to
930d340
Compare
Provider management has been dashboard-only since v0.3.0 — agents,
fleet operators, and automation tools that drive `right` programmatically
have no way to attach a provider without going through the Telegram
Mini App. The new subcommand fills that gap by exposing the same
internal-socket REST API the dashboard uses, with the validation,
locking, and gateway-side rollback that path already provides:
RIGHT_PROVIDER_CREDENTIAL=<token> \
right agent providers add my-agent \
--type generic \
--label litellm \
--upstream-host litellm.example.com \
--header-name x-api-key \
--env-var ANTHROPIC_API_KEY
Built-in profiles work the same way without the generic-only flags:
RIGHT_PROVIDER_CREDENTIAL=<token> \
right agent providers add my-agent \
--type github --label gh
The credential value is taken from the `RIGHT_PROVIDER_CREDENTIAL`
environment variable rather than `--credential` value-flag when both
are absent on argv — passing secrets via argv leaks them to `ps`,
shell history, and journald, the same anti-pattern this codebase
already avoids for telegram tokens (see `right init --telegram-token`,
which also accepts `RIGHT_TELEGRAM_TOKEN`). `hide_env_values = true`
keeps the env var out of `--help` output.
Requires `right up` to be running (the subcommand talks to
`~/.right/run/internal.sock`) and emits a clear error pointing at
`right up` when the socket is absent. Output is the same
`ProviderView` JSON the dashboard sees, so callers can pipe to `jq`.
This is intended for fleet automation where the dashboard is not the
control plane (e.g. a multi-tenant registrar provisioning agents
on a shared host). Dashboard-driven workflows are unchanged.
de4ps
force-pushed
the
feat/agent-providers-add-cli
branch
from
930d340 to
41a689d
Compare
…s before socket probe - Replace unwrap_or_default() on to_string_pretty with error propagation (FAIL FAST; matches the precedent in cmd handling JSON output) so an automation caller never receives silent empty output. - Validate generic --upstream-host/--env-var before probing the internal socket, so a misconfigured command reports the actionable arg error even when 'right up' is not running.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Provider management has been dashboard-only since v0.3.0 — agents, fleet operators, and automation tools that drive
rightprogrammatically have no way to attach a provider without going through the Telegram Mini App. The new subcommand fills that gap by exposing the same internal-socket REST API the dashboard uses, with the validation, locking, and gateway-side rollback that path already provides:Built-in profiles work the same way without the generic-only flags:
The credential value is taken from the
RIGHT_PROVIDER_CREDENTIALenvironment variable rather than--credentialvalue-flag when both are absent on argv — passing secrets via argv leaks them tops, shell history, and journald, the same anti-pattern this codebase already avoids for telegram tokens (seeright init --telegram-token, which also acceptsRIGHT_TELEGRAM_TOKEN).hide_env_values = truekeeps the env var out of--helpoutput.Requires
right upto be running (the subcommand talks to~/.right/run/internal.sock) and emits a clear error pointing atright upwhen the socket is absent. Output is the sameProviderViewJSON the dashboard sees, so callers can pipe tojq.This is intended for fleet automation where the dashboard is not the control plane (e.g. a multi-tenant registrar provisioning agents on a shared host). Dashboard-driven workflows are unchanged.