Spaces:
Paused
Paused
fix: block shell expressions in set_env, show secrets in get_env
Browse files- scripts/conversation-loop.py +21 -6
scripts/conversation-loop.py
CHANGED
|
@@ -350,6 +350,11 @@ def action_write_file(target, path, content):
|
|
| 350 |
|
| 351 |
def action_set_env(key, value):
|
| 352 |
"""Set an environment variable on the child's Space."""
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 353 |
try:
|
| 354 |
hf_api.add_space_variable(CHILD_SPACE_ID, key, value)
|
| 355 |
return f"✓ Set env var {key}={value} on {CHILD_NAME}'s Space"
|
|
@@ -367,14 +372,24 @@ def action_set_secret(key, value):
|
|
| 367 |
|
| 368 |
|
| 369 |
def action_get_env():
|
| 370 |
-
"""List environment variables on the child's Space."""
|
| 371 |
try:
|
|
|
|
| 372 |
vars_dict = hf_api.get_space_variables(CHILD_SPACE_ID)
|
| 373 |
-
if
|
| 374 |
-
|
| 375 |
-
|
| 376 |
-
|
| 377 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 378 |
return "\n".join(lines)
|
| 379 |
except Exception as e:
|
| 380 |
return f"Error: {e}"
|
|
|
|
| 350 |
|
| 351 |
def action_set_env(key, value):
|
| 352 |
"""Set an environment variable on the child's Space."""
|
| 353 |
+
# Block shell expressions — LLM sometimes writes $(cmd) or backticks as values
|
| 354 |
+
if '$(' in value or '`' in value or value.startswith('$('):
|
| 355 |
+
return (f"⛔ BLOCKED: Value contains shell expression which won't be evaluated. "
|
| 356 |
+
f"Provide the actual value, not a shell command. "
|
| 357 |
+
f"HF_TOKEN is already set as a secret — use [ACTION: get_env] to check.")
|
| 358 |
try:
|
| 359 |
hf_api.add_space_variable(CHILD_SPACE_ID, key, value)
|
| 360 |
return f"✓ Set env var {key}={value} on {CHILD_NAME}'s Space"
|
|
|
|
| 372 |
|
| 373 |
|
| 374 |
def action_get_env():
|
| 375 |
+
"""List environment variables and secrets on the child's Space."""
|
| 376 |
try:
|
| 377 |
+
lines = [f"{CHILD_NAME}'s environment:"]
|
| 378 |
vars_dict = hf_api.get_space_variables(CHILD_SPACE_ID)
|
| 379 |
+
if vars_dict:
|
| 380 |
+
lines.append(" Variables:")
|
| 381 |
+
for k, v in vars_dict.items():
|
| 382 |
+
lines.append(f" {k} = {v.value}")
|
| 383 |
+
# Also check secrets (names only, values hidden)
|
| 384 |
+
info = hf_api.space_info(CHILD_SPACE_ID)
|
| 385 |
+
if hasattr(info, 'runtime') and info.runtime and hasattr(info.runtime, 'secrets'):
|
| 386 |
+
secrets = info.runtime.secrets
|
| 387 |
+
if secrets:
|
| 388 |
+
lines.append(" Secrets (values hidden):")
|
| 389 |
+
for s in secrets:
|
| 390 |
+
lines.append(f" {s} = ****")
|
| 391 |
+
if len(lines) == 1:
|
| 392 |
+
return f"{CHILD_NAME} has no environment variables or secrets set."
|
| 393 |
return "\n".join(lines)
|
| 394 |
except Exception as e:
|
| 395 |
return f"Error: {e}"
|