Skip to content

fix(init): make scaffolded agents runnable in-cluster (env secret provider + file scheduler)#177

Merged
initializ-mk merged 1 commit into
mainfrom
fix/init-always-env-secret-provider
Jun 16, 2026
Merged

fix(init): make scaffolded agents runnable in-cluster (env secret provider + file scheduler)#177
initializ-mk merged 1 commit into
mainfrom
fix/init-always-env-secret-provider

Conversation

@naveen-kurra

@naveen-kurra naveen-kurra commented Jun 16, 2026
edited
Loading

Copy link
Copy Markdown
Collaborator

Problem

Agents scaffolded by the platform (forge init --non-interactive) deploy but can't actually run. Two distinct startup failures, both rooted in the init template:

1. No secret provider → StubExecutor

forge.yaml had no secrets: block (only emitted when HasSecrets, i.e. inline secrets passed with values — the platform injects secrets later as k8s env). With no env provider, the runtime never reads the OS-injected OPENAI_API_KEY; ResolveModelConfig finds no key → StubExecutor → every task fails with agent execution not configured for framework "forge".

2. auto scheduler → KubernetesBackend → crashloop

Once #1 is fixed and a real LLM executor initializes, the scheduler starts. SchedulerConfig.Backend defaults to autoKubernetes backend in-cluster, which requires scheduler.kubernetes.service_url. The platform deploys via its own manifests (not forge package), so service_url is unset → startup error kubernetes scheduler backend: scheduler.kubernetes.service_url is required → CrashLoopBackOff.

Fix (init template)

  • Always emit the env secret provider (harmless when empty); encrypted-file stays gated on HasSecrets.
  • Default scheduler.backend: file (in-process ticker, no service_url). Opt into the K8s CronJob backend with backend: kubernetes + kubernetes.service_url.

Verified

forge init x --non-interactive -f forge -m openai now scaffolds both secrets.providers: [env] and scheduler.backend: file. On a live deploy: secret loads from env ("msg":"secret loaded","provider":"env") and the agent no longer crashloops on the scheduler.

🤖 Generated with Claude Code

fix(init): always emit the env secret provider in scaffolded forge.yaml
ae0a06b 
forge init only wrote a secrets.providers block when HasSecrets was true
(i.e. inline secret env vars were passed with values). Platform scaffolds
(agent-builder) deliberately pass NO credentials to 'forge init' —
secrets are injected later as Kubernetes env vars. With no secrets block,
the runtime builds no secret provider, so it never reads env-injected
keys like OPENAI_API_KEY; ResolveModelConfig finds no key and falls back
to the StubExecutor, failing every task with 'agent execution not
configured for framework forge'.

The env provider is harmless when no matching env vars exist, so always
include it. encrypted-file is still gated on HasSecrets (inline secrets).
@initializ-mk initializ-mk merged commit 03631e3 into main Jun 16, 2026
9 checks passed
@naveen-kurra naveen-kurra changed the title fix(init): always emit env secret provider in scaffolded forge.yaml fix(init): make scaffolded agents runnable in-cluster (env secret provider + file scheduler) Jun 16, 2026
@naveen-kurra naveen-kurra mentioned this pull request Jun 16, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@naveen-kurra @initializ-mk