Fix host-binary Policies

Author: slimslenderslacks

src/docker.clj

@@ -287,7 +287,7 @@
   (format "%s ; %s"
           (->> secrets
                (map (fn [[k v]] 
-                      (format "%s=$(cat /secret/%s | sed -e \"s/^[[:space:]]*//\")" v (name k))))
+                      (format "export %s=$(cat /secret/%s | sed -e \"s/^[[:space:]]*//\")" v (name k))))
                (string/join " ; "))
           s))
 
@@ -298,7 +298,7 @@
           (-> (images {"reference" [(:image container-definition)]})
               first))
          :Config)
-        real-entrypoint (string/join " " (concat Entrypoint (or (:command container-definition) :Cmd)))]
+        real-entrypoint (string/join " " (concat Entrypoint (or (:command container-definition) Cmd)))]
     (-> container-definition
         (assoc :entrypoint ["/bin/sh" "-c" (injected-entrypoint (:secrets container-definition) real-entrypoint)])
         (dissoc :command))))

src/extension/docker-compose.yaml

@@ -1,6 +1,6 @@
 services:
   mcp_docker:
-    image: mcp/docker:0.0.1
+    image: mcp/docker:0.0.2
     ports:
       - 8811:8811
     volumes:

src/extension/flake.lock

@@ -0,0 +1,35 @@
+{
+  description = "Go development environment";
+
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+    flake-utils.url = "github:numtide/flake-utils";
+  };
+
+  outputs = { self, nixpkgs, flake-utils }:
+    flake-utils.lib.eachDefaultSystem (system:
+      let
+        pkgs = nixpkgs.legacyPackages.${system};
+      in
+      {
+        devShells.default = pkgs.mkShell {
+          buildInputs = with pkgs; [
+            # Go compiler and tools
+            go
+            gopls          # Go language server
+            go-tools       # Additional Go tools
+            delve         # Go debugger
+            golangci-lint # Linter
+          ];
+
+          shellHook = ''
+            echo "🚀 Welcome to Go development environment!"
+            echo "Available tools:"
+            echo "  - go (compiler)"
+            echo "  - gopls (language server)"
+            echo "  - golangci-lint (linter)"
+            echo "  - delve (debugger)"
+          '';
+        };
+      });
+} 

src/extension/flake.nix

@@ -39,11 +39,12 @@ func NewApiClient(socketPath string) ApiClient {
 type Secret struct {
 	Name  string
 	Value string
+	Policies []string
 }
 
 func (d apiClientImpl) SetSecret(ctx context.Context, s secretsapi.Secret) error {
 	apiReq := d.SecretsApi.SetJfsSecret(ctx)
-	req := secretsapi.NewSecret(s.Name, s.Value)
+	req := secretsapi.NewSecret(s.Name, s.Value, s.Policies)
 	_, err := apiReq.Secret(*req).Execute()
 	return err
 }

src/extension/host-binary/pkg/client/client.go

@@ -125,6 +125,14 @@
     identity))
 
 (comment
+  (docker/run-container
+    {:image "vonwig/stripe:latest"
+     :secrets {:stripe.api_key "API_KEY"}
+     :entrypoint ["/bin/sh" "-c" "cat /secret/stripe.api_key"]})
+  (docker/run-container
+    {:image "vonwig/stripe:latest"
+     :secrets {:stripe.api_key "API_KEY"}
+     :entrypoint ["/bin/sh" "-c" "cat /secret/stripe.api_key"]})
   (async/<!!
    (call-tool
     {:image "vonwig/stripe:latest"
@@ -157,18 +165,16 @@
 
 (comment
   (get-mcp-tools-from-prompt [{:container {:image "mcp/stripe:latest"
+                                           :secrets {:stripe.api_key "API_KEY"}
                                            :command ["--tools=all"
-                                                     "--api-key=sk_asd"]}}])
-  (get-mcp-tools-from-prompt [{:container {:image "mcp/stripe:latest"
-                                           :command ["--tools=all"
-                                                     "--api-key={{ stripe.api_key }}"]}}])
+                                                     "--api-key=$API_KEY"]}}])
   (get-mcp-tools-from-prompt [{:container {:image "mcp/brave-search:latest"
                                            :workdir "/app"
-                                           :environment {"BRAVE_API_KEY" "{{ brave.api_key }}"}}}])
+                                           :secrets {:brave.api_key "BRAVE_API_KEY"} }}])
   (get-mcp-tools-from-prompt [{:container {:image "mcp/slack:latest"
                                            :workdir "/app"
-                                           :environment {"SLACK_BOT_TOKEN" "{{ slack.bot_token }}"
-                                                         "SLACK_TEAM_ID" "{{ slack.team_id }}"}}}])
+                                           :secrets {:slack.bot_token "SLACK_BOT_TOKEN"
+                                                     :slack.team_id "SLACK_TEAM_ID"}}}])
   (get-mcp-tools-from-prompt [{:container {:image "mcp/redis:latest"}}]))
 
 (comment