feat(agents): config repos, global secrets, sandbox reliability

- Add per-agent config repo (URL + branch) for .claude/ overlay
- Add global secrets (agent_secrets table) with AES-256-GCM encryption
  - Secrets defined at settings level, not per-project
  - Routes at /settings/secrets with SettingsRead/Write permissions
  - Migration renames project_secrets → agent_secrets, drops project_id
- Add secrets management UI in Agent Sandbox Settings page
- Sandbox image rebuild now always builds locally (skip Docker Hub pull)
- Add /opt/claude-backup in Dockerfile for named-volume resilience
- Post-start exec restores Claude CLI if masked by stale named volume
- Use full path /home/temps/.local/bin/claude in exec commands
- Stream rebuild progress via SSE to frontend
- Log container ID and image name in agent run logs
- Add global config repo setting in platform settings

Author: dviejokfs

Cargo.lock

@@ -244,6 +244,7 @@ regex = "1.11"
 # ============================================================================
 flate2 = "1.0"
 tar = "0.4.45"
+walkdir = "2"
 zip = "2.2"
 zstd = "0.13"
 

Cargo.toml

@@ -37,6 +37,7 @@ bollard = { workspace = true }
 bytes = { workspace = true }
 http-body-util = { workspace = true }
 tar = "0.4"
+walkdir = { workspace = true }
 pulldown-cmark = "0.12"
 libc = { workspace = true }
 rand = { workspace = true }

crates/temps-agents/Cargo.toml

@@ -74,6 +74,9 @@ pub enum AgentError {
 
     #[error("Sandbox provider '{provider}' unavailable: {reason}")]
     SandboxProviderUnavailable { provider: String, reason: String },
+
+    #[error("Secret '{name}' not found")]
+    SecretNotFound { name: String },
 }
 
 impl From<sea_orm::DbErr> for AgentError {

crates/temps-agents/src/error.rs

@@ -90,6 +90,9 @@ impl From<AgentError> for Problem {
                     .with_title("Sandbox Provider Unavailable")
                     .with_detail(error.to_string())
             }
+            AgentError::SecretNotFound { .. } => problemdetails::new(StatusCode::NOT_FOUND)
+                .with_title("Secret Not Found")
+                .with_detail(error.to_string()),
         }
     }
 }
@@ -202,6 +205,10 @@ pub struct AgentConfigResponse {
     pub deliverable: String,
     /// None = use global sandbox setting, true = force on, false = force off
     pub sandbox_enabled: Option<bool>,
+    /// Private config repo containing .claude/ directory (skills, MCP, plugins).
+    pub config_repo_url: Option<String>,
+    /// Branch of the config repo to use.
+    pub config_repo_branch: Option<String>,
     pub created_at: String,
     pub updated_at: String,
 }
@@ -228,6 +235,8 @@ impl From<project_agents::Model> for AgentConfigResponse {
             branch_prefix: model.branch_prefix,
             deliverable: model.deliverable,
             sandbox_enabled: model.sandbox_enabled,
+            config_repo_url: model.config_repo_url,
+            config_repo_branch: model.config_repo_branch,
             created_at: model.created_at.to_rfc3339(),
             updated_at: model.updated_at.to_rfc3339(),
         }

crates/temps-agents/src/handlers/config.rs

@@ -2,6 +2,7 @@ pub mod autofixer;
 pub mod config;
 pub mod preview_gateway;
 pub mod runs;
+pub mod secrets;
 pub mod trigger;
 
 use axum::Router;
@@ -11,6 +12,7 @@ use crate::services::autofixer::AutofixerService;
 use crate::services::config_service::AgentConfigService;
 use crate::services::executor::AgentExecutor;
 use crate::services::run_service::AgentRunService;
+use crate::services::secret_service::SecretService;
 
 pub struct AppState {
     pub db: Arc<sea_orm::DatabaseConnection>,
@@ -20,6 +22,7 @@ pub struct AppState {
     pub executor: Arc<AgentExecutor>,
     pub audit_service: Arc<dyn temps_core::AuditLogger>,
     pub autofixer_service: Arc<AutofixerService>,
+    pub secret_service: Arc<SecretService>,
     /// Docker client used by the preview gateway supervisor handlers.
     pub docker: Arc<bollard::Docker>,
     /// Platform settings service used by the preview gateway handlers to
@@ -33,5 +36,6 @@ pub fn configure_routes() -> Router<Arc<AppState>> {
         .merge(config::routes())
         .merge(preview_gateway::routes())
         .merge(runs::routes())
+        .merge(secrets::routes())
         .merge(trigger::routes())
 }

crates/temps-agents/src/handlers/mod.rs

@@ -0,0 +1,270 @@
+use axum::{
+    extract::{Path, State},
+    http::StatusCode,
+    response::IntoResponse,
+    routing::get,
+    Extension, Json, Router,
+};
+use serde::{Deserialize, Serialize};
+use std::sync::Arc;
+use utoipa::ToSchema;
+
+use temps_auth::{permission_guard, RequireAuth};
+use temps_core::audit::{AuditContext, AuditOperation};
+use temps_core::problemdetails::Problem;
+use temps_core::RequestMetadata;
+
+use crate::handlers::AppState;
+use crate::services::secret_service::SecretType;
+
+// ── Request / Response DTOs ──────────────────────────────────────────────────
+
+#[derive(Debug, Deserialize, ToSchema)]
+pub struct UpsertSecretRequest {
+    pub name: String,
+    /// "env" (environment variable) or "file" (written to mount_path)
+    #[serde(default = "default_env")]
+    pub secret_type: String,
+    pub value: String,
+    /// Required for "file" type secrets — absolute path inside the sandbox
+    pub mount_path: Option<String>,
+    pub description: Option<String>,
+}
+
+fn default_env() -> String {
+    "env".to_string()
+}
+
+#[derive(Debug, Serialize, ToSchema)]
+pub struct SecretResponse {
+    pub id: i32,
+    pub name: String,
+    pub secret_type: String,
+    /// Always masked in responses
+    pub value: String,
+    pub mount_path: Option<String>,
+    pub description: Option<String>,
+    pub created_at: String,
+    pub updated_at: String,
+}
+
+impl From<temps_entities::agent_secrets::Model> for SecretResponse {
+    fn from(model: temps_entities::agent_secrets::Model) -> Self {
+        Self {
+            id: model.id,
+            name: model.name,
+            secret_type: model.secret_type,
+            value: "***".to_string(),
+            mount_path: model.mount_path,
+            description: model.description,
+            created_at: model.created_at.to_rfc3339(),
+            updated_at: model.updated_at.to_rfc3339(),
+        }
+    }
+}
+
+#[derive(Debug, Serialize, ToSchema)]
+pub struct ListSecretsResponse {
+    pub items: Vec<SecretResponse>,
+    pub total: usize,
+}
+
+// ── Audit structs ────────────────────────────────────────────────────────────
+
+#[derive(Debug, Clone, Serialize)]
+struct SecretUpsertedAudit {
+    context: AuditContext,
+    secret_name: String,
+}
+
+#[derive(Debug, Clone, Serialize)]
+struct SecretDeletedAudit {
+    context: AuditContext,
+    secret_name: String,
+}
+
+impl AuditOperation for SecretUpsertedAudit {
+    fn operation_type(&self) -> String {
+        "SECRET_UPSERTED".to_string()
+    }
+    fn user_id(&self) -> i32 {
+        self.context.user_id
+    }
+    fn ip_address(&self) -> Option<String> {
+        self.context.ip_address.clone()
+    }
+    fn user_agent(&self) -> &str {
+        &self.context.user_agent
+    }
+    fn serialize(&self) -> temps_core::anyhow::Result<String> {
+        serde_json::to_string(self)
+            .map_err(|e| temps_core::anyhow::anyhow!("Failed to serialize audit: {}", e))
+    }
+}
+
+impl AuditOperation for SecretDeletedAudit {
+    fn operation_type(&self) -> String {
+        "SECRET_DELETED".to_string()
+    }
+    fn user_id(&self) -> i32 {
+        self.context.user_id
+    }
+    fn ip_address(&self) -> Option<String> {
+        self.context.ip_address.clone()
+    }
+    fn user_agent(&self) -> &str {
+        &self.context.user_agent
+    }
+    fn serialize(&self) -> temps_core::anyhow::Result<String> {
+        serde_json::to_string(self)
+            .map_err(|e| temps_core::anyhow::anyhow!("Failed to serialize audit: {}", e))
+    }
+}
+
+// ── Routes ───────────────────────────────────────────────────────────────────
+
+pub fn routes() -> Router<Arc<AppState>> {
+    Router::new()
+        .route("/settings/secrets", get(list_secrets).post(upsert_secret))
+        .route(
+            "/settings/secrets/{name}",
+            axum::routing::delete(delete_secret),
+        )
+}
+
+// ── Handlers ─────────────────────────────────────────────────────────────────
+
+#[utoipa::path(
+    tag = "Secrets",
+    get,
+    path = "/settings/secrets",
+    responses(
+        (status = 200, description = "List of global agent secrets", body = ListSecretsResponse),
+        (status = 401, description = "Unauthorized"),
+        (status = 403, description = "Insufficient permissions"),
+    ),
+    security(("bearer_auth" = []))
+)]
+async fn list_secrets(
+    RequireAuth(auth): RequireAuth,
+    State(app_state): State<Arc<AppState>>,
+) -> Result<impl IntoResponse, Problem> {
+    permission_guard!(auth, SettingsRead);
+
+    let secrets = app_state
+        .secret_service
+        .list_secrets()
+        .await
+        .map_err(Problem::from)?;
+
+    let total = secrets.len();
+    Ok(Json(ListSecretsResponse {
+        items: secrets.into_iter().map(SecretResponse::from).collect(),
+        total,
+    }))
+}
+
+#[utoipa::path(
+    tag = "Secrets",
+    post,
+    path = "/settings/secrets",
+    request_body = UpsertSecretRequest,
+    responses(
+        (status = 201, description = "Secret created/updated", body = SecretResponse),
+        (status = 400, description = "Validation error"),
+        (status = 401, description = "Unauthorized"),
+        (status = 403, description = "Insufficient permissions"),
+    ),
+    security(("bearer_auth" = []))
+)]
+async fn upsert_secret(
+    RequireAuth(auth): RequireAuth,
+    State(app_state): State<Arc<AppState>>,
+    Extension(metadata): Extension<RequestMetadata>,
+    Json(request): Json<UpsertSecretRequest>,
+) -> Result<impl IntoResponse, Problem> {
+    permission_guard!(auth, SettingsWrite);
+
+    let secret_type = match request.secret_type.as_str() {
+        "file" => SecretType::File,
+        _ => SecretType::Env,
+    };
+
+    let secret = app_state
+        .secret_service
+        .upsert_secret(
+            &request.name,
+            secret_type,
+            &request.value,
+            request.mount_path.as_deref(),
+            request.description.as_deref(),
+        )
+        .await
+        .map_err(Problem::from)?;
+
+    let audit = SecretUpsertedAudit {
+        context: AuditContext {
+            user_id: auth.user_id(),
+            ip_address: Some(metadata.ip_address.clone()),
+            user_agent: metadata.user_agent.clone(),
+        },
+        secret_name: secret.name.clone(),
+    };
+    if let Err(e) = app_state.audit_service.create_audit_log(&audit).await {
+        tracing::error!(
+            "Failed to create audit log for secret upsert (name {}): {}",
+            secret.name,
+            e
+        );
+    }
+
+    Ok((StatusCode::CREATED, Json(SecretResponse::from(secret))))
+}
+
+#[utoipa::path(
+    tag = "Secrets",
+    delete,
+    path = "/settings/secrets/{name}",
+    params(
+        ("name" = String, Path, description = "Secret name"),
+    ),
+    responses(
+        (status = 204, description = "Secret deleted"),
+        (status = 404, description = "Secret not found"),
+        (status = 401, description = "Unauthorized"),
+        (status = 403, description = "Insufficient permissions"),
+    ),
+    security(("bearer_auth" = []))
+)]
+async fn delete_secret(
+    RequireAuth(auth): RequireAuth,
+    State(app_state): State<Arc<AppState>>,
+    Extension(metadata): Extension<RequestMetadata>,
+    Path(name): Path<String>,
+) -> Result<impl IntoResponse, Problem> {
+    permission_guard!(auth, SettingsWrite);
+
+    app_state
+        .secret_service
+        .delete_secret(&name)
+        .await
+        .map_err(Problem::from)?;
+
+    let audit = SecretDeletedAudit {
+        context: AuditContext {
+            user_id: auth.user_id(),
+            ip_address: Some(metadata.ip_address.clone()),
+            user_agent: metadata.user_agent.clone(),
+        },
+        secret_name: name.clone(),
+    };
+    if let Err(e) = app_state.audit_service.create_audit_log(&audit).await {
+        tracing::error!(
+            "Failed to create audit log for secret delete (name {}): {}",
+            &name,
+            e
+        );
+    }
+
+    Ok(StatusCode::NO_CONTENT)
+}