Consolidate effective sandbox settings#163
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 578e6e3117
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| configManaged: [] as string[], | ||
| }, | ||
| skills: sanitized.skillsConfig?.skills || [], | ||
| mcpServers: sanitized.mcpServers || {}, |
There was a problem hiding this comment.
This response now includes mcpServers from effective sandbox settings, which can contain inherited entries whose sensitive fields were redacted to __LOBU_REDACTED__. During PATCH /config, restoreRedactedSentinels restores against local settings only, so inherited secret values have no source to restore from and the redaction token is persisted if the user saves any MCP change (for example, adding/removing one server). That silently breaks inherited MCP credentials for sandbox agents.
Useful? React with 👍 / 👎.
| installedProviders: undefined, | ||
| authProfiles: undefined, | ||
| model: undefined, | ||
| modelSelection: undefined, | ||
| providerModelPreferences: undefined, |
There was a problem hiding this comment.
The new model reset path removes installedProviders and related model fields from local sandbox settings. Promotion still uses local settings as the source, and buildPromotedSettingsFromSource converts missing installedProviders to an empty array, so a normal reset-then-promote flow can erase the base agent’s provider configuration. This makes reset behavior destructive beyond the sandbox scope.
Useful? React with 👍 / 👎.
Picks up owletto-side menu-bar fixes:
- User-confirmed adoption of external Lobu on :8787 (was: silently
minting local-init creds against a process we didn't spawn).
- Authless-mode UX: hide identity row + sign-out + agent SF Symbols.
- Selected-agent chip in popover header.
- Section rename Watchers → Goals.
- Pre-existing decode bug fix (Watcher.id ← watcher_id) and the
device-row UUID resolution for goal pinning.
No lobu-side code changes — submodule pointer move only.
Picks up owletto-side menu-bar fixes:
- User-confirmed adoption of external Lobu on :8787 (was: silently
minting local-init creds against a process we didn't spawn).
- Authless-mode UX: hide identity row + sign-out + agent SF Symbols.
- Selected-agent chip in popover header.
- Section rename Watchers → Goals.
- Pre-existing decode bug fix (Watcher.id ← watcher_id) and the
device-row UUID resolution for goal pinning.
No lobu-side code changes — submodule pointer move only.
1 participant
Description
Brief description of the changes in this PR.
Type of Change
Testing
bun testand all tests passbun run formatandbun run lintmake dev)Checklist
Related Issues
Closes #(issue number)
Additional Notes
Any additional information or context about the PR.