diff --git a/app.yaml b/app.yaml index 1a2fbc0..2b265f3 100644 --- a/app.yaml +++ b/app.yaml @@ -14,9 +14,19 @@ env: value: databricks-claude-opus-4-6 - name: HERMES_FALLBACK_MODEL value: databricks-claude-opus-4-6 - # Set ENABLE_HERMES=false to skip Hermes Agent install. Other CLIs are unaffected. - - name: ENABLE_HERMES + # Per-CLI install toggle. Defaults reflect a "least-trusted code in the App + # container" stance: Claude Code (Anthropic) and Codex (OpenAI) ship from + # vendors with mature signing/SBOM/advisory pipelines and are enabled by + # default. Gemini, OpenCode, and Hermes are opt-in — set ENABLE_=true + # to install them. Claude Code is the primary CLI and isn't toggleable here. + - name: ENABLE_CODEX value: "true" + - name: ENABLE_OPENCODE + value: "false" + - name: ENABLE_GEMINI + value: "false" + - name: ENABLE_HERMES + value: "false" - name: CLAUDE_CODE_DISABLE_AUTO_MEMORY value: 0 - name: MAX_CONCURRENT_SESSIONS diff --git a/setup_codex.py b/setup_codex.py index 6be864f..743a09c 100644 --- a/setup_codex.py +++ b/setup_codex.py @@ -15,6 +15,11 @@ from utils import adapt_instructions_file, ensure_https, get_gateway_host, get_npm_version +# Opt-out: allow operators to disable Codex bundling without removing the file. +if os.environ.get("ENABLE_CODEX", "true").strip().lower() in ("false", "0", "no"): + print("ENABLE_CODEX=false — skipping Codex CLI setup") + raise SystemExit(0) + # Set HOME if not properly set if not os.environ.get("HOME") or os.environ["HOME"] == "/": os.environ["HOME"] = "/app/python/source_code" diff --git a/setup_gemini.py b/setup_gemini.py index ec77851..8ced395 100644 --- a/setup_gemini.py +++ b/setup_gemini.py @@ -17,6 +17,11 @@ from utils import adapt_instructions_file, ensure_https, get_gateway_host, get_npm_version +# Opt-out: allow operators to disable Gemini bundling without removing the file. +if os.environ.get("ENABLE_GEMINI", "true").strip().lower() in ("false", "0", "no"): + print("ENABLE_GEMINI=false — skipping Gemini CLI setup") + raise SystemExit(0) + # Set HOME if not properly set if not os.environ.get("HOME") or os.environ["HOME"] == "/": os.environ["HOME"] = "/app/python/source_code" diff --git a/setup_opencode.py b/setup_opencode.py index 071252a..1ab6338 100644 --- a/setup_opencode.py +++ b/setup_opencode.py @@ -13,6 +13,11 @@ from utils import ensure_https, get_gateway_host, get_npm_version +# Opt-out: allow operators to disable OpenCode bundling without removing the file. +if os.environ.get("ENABLE_OPENCODE", "true").strip().lower() in ("false", "0", "no"): + print("ENABLE_OPENCODE=false — skipping OpenCode CLI setup") + raise SystemExit(0) + # content-filter proxy local proxy — sanitizes empty content blocks before reaching Databricks # (see https://github.com/sst/opencode/issues/5028) CONTENT_FILTER_PROXY_URL = "http://127.0.0.1:4000"