Skip to content

feat: Add environment variable support with CLI options and file loading#176

Merged
Mossaka merged 5 commits into
mainfrom
mossaka/issue175
Aug 20, 2025
Merged

feat: Add environment variable support with CLI options and file loading#176
Mossaka merged 5 commits into
mainfrom
mossaka/issue175

Conversation

@Mossaka

@Mossaka Mossaka commented Aug 16, 2025

Copy link
Copy Markdown
Contributor

Closes #175

@Mossaka Mossaka requested a review from Copilot August 16, 2025 05:44
@github-actions

github-actions Bot commented Aug 16, 2025

Copy link
Copy Markdown
Contributor

🔍 Security Audit Warnings

The cargo audit security scan found 1 warning(s) in dependencies:

Click to view cargo audit output 
�[0m�[0m�[1m�[32m    Fetching�[0m advisory database from `https://github.com/RustSec/advisory-db.git`
�[0m�[0m�[1m�[32m      Loaded�[0m 796 security advisories (from /home/runner/.cargo/advisory-db)
�[0m�[0m�[1m�[32m    Updating�[0m crates.io index
�[0m�[0m�[1m�[32m    Scanning�[0m Cargo.lock for vulnerabilities (529 crate dependencies)
�[0m�[0m�[1m�[33mCrate:    �[0m paste
�[0m�[0m�[1m�[33mVersion:  �[0m 1.0.15
�[0m�[0m�[1m�[33mWarning:  �[0m unmaintained
�[0m�[0m�[1m�[33mTitle:    �[0m paste - no longer maintained
�[0m�[0m�[1m�[33mDate:     �[0m 2024-10-07
�[0m�[0m�[1m�[33mID:       �[0m RUSTSEC-2024-0436
�[0m�[0m�[1m�[33mURL:      �[0m https://rustsec.org/advisories/RUSTSEC-2024-0436
�[0m�[0m�[1m�[33mDependency tree:
�[0mpaste 1.0.15
└── rmcp 0.2.1
    ├── wassette-mcp-server 0.2.0
    └── mcp-server 0.1.0
        └── wassette-mcp-server 0.2.0

�[0m�[0m�[1m�[33mwarning:�[0m 1 allowed warning found

These are warnings (not vulnerabilities) but should be reviewed for:

  • Unmaintained crates - consider finding maintained alternatives
  • Known issues - check if they affect your use case
  • Supply chain risks - evaluate dependency hygiene

The security job will continue to pass as these are warnings, not blocking security issues.

Copilot AI reviewed Aug 16, 2025
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds environment variable support to the runtime with CLI options and file loading capabilities. It allows users to set environment variables through --env flags, load them from files using --env-file, and integrates these with the existing policy-based environment system.

Key changes:

  • Added CLI options --env for individual variables and --env-file for loading from files
  • Environment variables from CLI args take precedence over file variables, which take precedence over system variables
  • Updated WASI state creation to use the provided environment variables instead of reading system environment directly

Reviewed Changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
src/main.rs Adds environment variable parsing functions and CLI argument handling
src/config.rs Extends Config struct and adds from_serve method for environment variable merging
src/env_tests.rs Comprehensive test suite for environment variable parsing functionality
crates/wassette/src/lib.rs Updates LifecycleManager to accept and store environment variables
crates/wassette/src/wasistate.rs Modifies WASI state creation to use provided environment variables
crates/wassette/src/policy_internal.rs Updates policy-related functions to pass environment variables
tests/transport_integration_test.rs Updates test setup to provide empty environment variables
CHANGELOG.md Documents the new CLI environment variable features

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
You can also share your feedback on Copilot code review for a chance to win a $100 gift card. Take the survey.

Comment thread src/main.rs
@github-actions

github-actions Bot commented Aug 16, 2025

Copy link
Copy Markdown
Contributor

🔍 Security Audit Warnings

The cargo audit security scan found 1 warning(s) in dependencies:

Click to view cargo audit output 
�[0m�[0m�[1m�[32m    Fetching�[0m advisory database from `https://github.com/RustSec/advisory-db.git`
�[0m�[0m�[1m�[32m      Loaded�[0m 796 security advisories (from /home/runner/.cargo/advisory-db)
�[0m�[0m�[1m�[32m    Updating�[0m crates.io index
�[0m�[0m�[1m�[32m    Scanning�[0m Cargo.lock for vulnerabilities (529 crate dependencies)
�[0m�[0m�[1m�[33mCrate:    �[0m paste
�[0m�[0m�[1m�[33mVersion:  �[0m 1.0.15
�[0m�[0m�[1m�[33mWarning:  �[0m unmaintained
�[0m�[0m�[1m�[33mTitle:    �[0m paste - no longer maintained
�[0m�[0m�[1m�[33mDate:     �[0m 2024-10-07
�[0m�[0m�[1m�[33mID:       �[0m RUSTSEC-2024-0436
�[0m�[0m�[1m�[33mURL:      �[0m https://rustsec.org/advisories/RUSTSEC-2024-0436
�[0m�[0m�[1m�[33mDependency tree:
�[0mpaste 1.0.15
└── rmcp 0.2.1
    ├── wassette-mcp-server 0.2.0
    └── mcp-server 0.1.0
        └── wassette-mcp-server 0.2.0

�[0m�[0m�[1m�[33mwarning:�[0m 1 allowed warning found

These are warnings (not vulnerabilities) but should be reviewed for:

  • Unmaintained crates - consider finding maintained alternatives
  • Known issues - check if they affect your use case
  • Supply chain risks - evaluate dependency hygiene

The security job will continue to pass as these are warnings, not blocking security issues.

@github-actions

github-actions Bot commented Aug 16, 2025

Copy link
Copy Markdown
Contributor

🔍 Security Audit Warnings

The cargo audit security scan found 1 warning(s) in dependencies:

Click to view cargo audit output 
�[0m�[0m�[1m�[32m    Fetching�[0m advisory database from `https://github.com/RustSec/advisory-db.git`
�[0m�[0m�[1m�[32m      Loaded�[0m 796 security advisories (from /home/runner/.cargo/advisory-db)
�[0m�[0m�[1m�[32m    Updating�[0m crates.io index
�[0m�[0m�[1m�[32m    Scanning�[0m Cargo.lock for vulnerabilities (529 crate dependencies)
�[0m�[0m�[1m�[33mCrate:    �[0m paste
�[0m�[0m�[1m�[33mVersion:  �[0m 1.0.15
�[0m�[0m�[1m�[33mWarning:  �[0m unmaintained
�[0m�[0m�[1m�[33mTitle:    �[0m paste - no longer maintained
�[0m�[0m�[1m�[33mDate:     �[0m 2024-10-07
�[0m�[0m�[1m�[33mID:       �[0m RUSTSEC-2024-0436
�[0m�[0m�[1m�[33mURL:      �[0m https://rustsec.org/advisories/RUSTSEC-2024-0436
�[0m�[0m�[1m�[33mDependency tree:
�[0mpaste 1.0.15
└── rmcp 0.2.1
    ├── wassette-mcp-server 0.2.0
    └── mcp-server 0.1.0
        └── wassette-mcp-server 0.2.0

�[0m�[0m�[1m�[33mwarning:�[0m 1 allowed warning found

These are warnings (not vulnerabilities) but should be reviewed for:

  • Unmaintained crates - consider finding maintained alternatives
  • Known issues - check if they affect your use case
  • Supply chain risks - evaluate dependency hygiene

The security job will continue to pass as these are warnings, not blocking security issues.

2 similar comments
@github-actions

github-actions Bot commented Aug 17, 2025

Copy link
Copy Markdown
Contributor

🔍 Security Audit Warnings

The cargo audit security scan found 1 warning(s) in dependencies:

Click to view cargo audit output 
�[0m�[0m�[1m�[32m    Fetching�[0m advisory database from `https://github.com/RustSec/advisory-db.git`
�[0m�[0m�[1m�[32m      Loaded�[0m 796 security advisories (from /home/runner/.cargo/advisory-db)
�[0m�[0m�[1m�[32m    Updating�[0m crates.io index
�[0m�[0m�[1m�[32m    Scanning�[0m Cargo.lock for vulnerabilities (529 crate dependencies)
�[0m�[0m�[1m�[33mCrate:    �[0m paste
�[0m�[0m�[1m�[33mVersion:  �[0m 1.0.15
�[0m�[0m�[1m�[33mWarning:  �[0m unmaintained
�[0m�[0m�[1m�[33mTitle:    �[0m paste - no longer maintained
�[0m�[0m�[1m�[33mDate:     �[0m 2024-10-07
�[0m�[0m�[1m�[33mID:       �[0m RUSTSEC-2024-0436
�[0m�[0m�[1m�[33mURL:      �[0m https://rustsec.org/advisories/RUSTSEC-2024-0436
�[0m�[0m�[1m�[33mDependency tree:
�[0mpaste 1.0.15
└── rmcp 0.2.1
    ├── wassette-mcp-server 0.2.0
    └── mcp-server 0.1.0
        └── wassette-mcp-server 0.2.0

�[0m�[0m�[1m�[33mwarning:�[0m 1 allowed warning found

These are warnings (not vulnerabilities) but should be reviewed for:

  • Unmaintained crates - consider finding maintained alternatives
  • Known issues - check if they affect your use case
  • Supply chain risks - evaluate dependency hygiene

The security job will continue to pass as these are warnings, not blocking security issues.

@github-actions

github-actions Bot commented Aug 18, 2025

Copy link
Copy Markdown
Contributor

🔍 Security Audit Warnings

The cargo audit security scan found 1 warning(s) in dependencies:

Click to view cargo audit output 
�[0m�[0m�[1m�[32m    Fetching�[0m advisory database from `https://github.com/RustSec/advisory-db.git`
�[0m�[0m�[1m�[32m      Loaded�[0m 796 security advisories (from /home/runner/.cargo/advisory-db)
�[0m�[0m�[1m�[32m    Updating�[0m crates.io index
�[0m�[0m�[1m�[32m    Scanning�[0m Cargo.lock for vulnerabilities (529 crate dependencies)
�[0m�[0m�[1m�[33mCrate:    �[0m paste
�[0m�[0m�[1m�[33mVersion:  �[0m 1.0.15
�[0m�[0m�[1m�[33mWarning:  �[0m unmaintained
�[0m�[0m�[1m�[33mTitle:    �[0m paste - no longer maintained
�[0m�[0m�[1m�[33mDate:     �[0m 2024-10-07
�[0m�[0m�[1m�[33mID:       �[0m RUSTSEC-2024-0436
�[0m�[0m�[1m�[33mURL:      �[0m https://rustsec.org/advisories/RUSTSEC-2024-0436
�[0m�[0m�[1m�[33mDependency tree:
�[0mpaste 1.0.15
└── rmcp 0.2.1
    ├── wassette-mcp-server 0.2.0
    └── mcp-server 0.1.0
        └── wassette-mcp-server 0.2.0

�[0m�[0m�[1m�[33mwarning:�[0m 1 allowed warning found

These are warnings (not vulnerabilities) but should be reviewed for:

  • Unmaintained crates - consider finding maintained alternatives
  • Known issues - check if they affect your use case
  • Supply chain risks - evaluate dependency hygiene

The security job will continue to pass as these are warnings, not blocking security issues.

Mossaka added 4 commits August 19, 2025 21:30
@Mossaka
feat: Add environment variable support with CLI options and file loading
4913ca1 
Signed-off-by: Jiaxiao Zhou <duibao55328@gmail.com>
@Mossaka
fix: add the missing header
1a26557 
Signed-off-by: Jiaxiao Zhou <duibao55328@gmail.com>
@Mossaka
remove accidentally committed files
d805b66 
Signed-off-by: Jiaxiao Zhou <duibao55328@gmail.com>
@Mossaka
clippy
f25527b 
Signed-off-by: Jiaxiao Zhou <duibao55328@gmail.com>
@Mossaka
rustfmt
a1038ac 
Signed-off-by: Jiaxiao Zhou <duibao55328@gmail.com>
@github-actions

github-actions Bot commented Aug 20, 2025

Copy link
Copy Markdown
Contributor

🔍 Security Audit Warnings

The cargo audit security scan found 1 warning(s) in dependencies:

Click to view cargo audit output 
�[0m�[0m�[1m�[32m    Fetching�[0m advisory database from `https://github.com/RustSec/advisory-db.git`
�[0m�[0m�[1m�[32m      Loaded�[0m 796 security advisories (from /home/runner/.cargo/advisory-db)
�[0m�[0m�[1m�[32m    Updating�[0m crates.io index
�[0m�[0m�[1m�[32m    Scanning�[0m Cargo.lock for vulnerabilities (529 crate dependencies)
�[0m�[0m�[1m�[33mCrate:    �[0m paste
�[0m�[0m�[1m�[33mVersion:  �[0m 1.0.15
�[0m�[0m�[1m�[33mWarning:  �[0m unmaintained
�[0m�[0m�[1m�[33mTitle:    �[0m paste - no longer maintained
�[0m�[0m�[1m�[33mDate:     �[0m 2024-10-07
�[0m�[0m�[1m�[33mID:       �[0m RUSTSEC-2024-0436
�[0m�[0m�[1m�[33mURL:      �[0m https://rustsec.org/advisories/RUSTSEC-2024-0436
�[0m�[0m�[1m�[33mDependency tree:
�[0mpaste 1.0.15
└── rmcp 0.2.1
    ├── wassette-mcp-server 0.2.0
    └── mcp-server 0.1.0
        └── wassette-mcp-server 0.2.0

�[0m�[0m�[1m�[33mwarning:�[0m 1 allowed warning found

These are warnings (not vulnerabilities) but should be reviewed for:

  • Unmaintained crates - consider finding maintained alternatives
  • Known issues - check if they affect your use case
  • Supply chain risks - evaluate dependency hygiene

The security job will continue to pass as these are warnings, not blocking security issues.

1 similar comment
@github-actions

github-actions Bot commented Aug 20, 2025

Copy link
Copy Markdown
Contributor

🔍 Security Audit Warnings

The cargo audit security scan found 1 warning(s) in dependencies:

Click to view cargo audit output 
�[0m�[0m�[1m�[32m    Fetching�[0m advisory database from `https://github.com/RustSec/advisory-db.git`
�[0m�[0m�[1m�[32m      Loaded�[0m 796 security advisories (from /home/runner/.cargo/advisory-db)
�[0m�[0m�[1m�[32m    Updating�[0m crates.io index
�[0m�[0m�[1m�[32m    Scanning�[0m Cargo.lock for vulnerabilities (529 crate dependencies)
�[0m�[0m�[1m�[33mCrate:    �[0m paste
�[0m�[0m�[1m�[33mVersion:  �[0m 1.0.15
�[0m�[0m�[1m�[33mWarning:  �[0m unmaintained
�[0m�[0m�[1m�[33mTitle:    �[0m paste - no longer maintained
�[0m�[0m�[1m�[33mDate:     �[0m 2024-10-07
�[0m�[0m�[1m�[33mID:       �[0m RUSTSEC-2024-0436
�[0m�[0m�[1m�[33mURL:      �[0m https://rustsec.org/advisories/RUSTSEC-2024-0436
�[0m�[0m�[1m�[33mDependency tree:
�[0mpaste 1.0.15
└── rmcp 0.2.1
    ├── wassette-mcp-server 0.2.0
    └── mcp-server 0.1.0
        └── wassette-mcp-server 0.2.0

�[0m�[0m�[1m�[33mwarning:�[0m 1 allowed warning found

These are warnings (not vulnerabilities) but should be reviewed for:

  • Unmaintained crates - consider finding maintained alternatives
  • Known issues - check if they affect your use case
  • Supply chain risks - evaluate dependency hygiene

The security job will continue to pass as these are warnings, not blocking security issues.

@Mossaka

Mossaka commented Aug 20, 2025

Copy link
Copy Markdown
Contributor Author

Going to merge this in

@Mossaka Mossaka merged commit 69501f0 into main Aug 20, 2025
9 checks passed
@Mossaka Mossaka deleted the mossaka/issue175 branch August 20, 2025 04:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add support for loading environment variables via --env-file

2 participants

@Mossaka