@kbediako/codex-orchestrator 0.1.0

package/dist/orchestrator/src/cli/services/commandRunner.js

@@ -0,0 +1,420 @@
+import { createWriteStream } from 'node:fs';
+import { join } from 'node:path';
+import { ToolInvocationFailedError } from '../../../../packages/orchestrator/src/index.js';
+import { getCliExecRunner, getPrivacyGuard, getExecHandleService } from './execRuntime.js';
+import { logger } from '../../logger.js';
+import { relativeToRepo } from '../run/runPaths.js';
+import { appendCommandError, updateCommandStatus } from '../run/manifest.js';
+import { persistManifest } from '../run/manifestPersister.js';
+import { slugify } from '../utils/strings.js';
+import { isoTimestamp } from '../utils/time.js';
+import { EnvUtils } from '../../../../packages/shared/config/index.js';
+import { findPackageRoot } from '../utils/packageInfo.js';
+const MAX_BUFFERED_OUTPUT_BYTES = 64 * 1024;
+const EMIT_COMMAND_STREAM_MIRRORS = EnvUtils.getBoolean('CODEX_ORCHESTRATOR_EMIT_COMMAND_STREAMS', false);
+const MAX_CAPTURED_CHUNK_EVENTS = EnvUtils.getInt('CODEX_ORCHESTRATOR_EXEC_EVENT_MAX_CHUNKS', 0);
+const PACKAGE_ROOT = findPackageRoot();
+export async function runCommandStage(context, hooks = {}) {
+    const { env, paths, manifest, stage, index, events, persister, envOverrides } = context;
+    const entryIndex = index - 1;
+    const entry = updateCommandStatus(manifest, entryIndex, {
+        status: 'running',
+        started_at: isoTimestamp(),
+        exit_code: null,
+        summary: null
+    });
+    const logFile = join(paths.commandsDir, `${String(index).padStart(2, '0')}-${slugify(stage.id)}.ndjson`);
+    entry.log_path = relativeToRepo(env, logFile);
+    await persistManifest(paths, manifest, persister, { force: true });
+    events?.stageStarted({
+        stageId: stage.id,
+        stageIndex: index,
+        title: stage.title,
+        kind: 'command',
+        logPath: entry.log_path,
+        status: entry.status
+    });
+    const runnerLog = createWriteStream(paths.logPath, { flags: 'a' });
+    const commandLog = createWriteStream(logFile, { flags: 'a' });
+    const privacyLogPath = join(paths.runDir, 'privacy-decisions.ndjson');
+    const privacyLog = createWriteStream(privacyLogPath, { flags: 'a' });
+    const writeEvent = (message) => {
+        const payload = `${JSON.stringify({ ...message, timestamp: isoTimestamp(), index })}\n`;
+        runnerLog.write(payload);
+        commandLog.write(payload);
+    };
+    writeEvent({ type: 'command:start', command: stage.command });
+    const runner = getCliExecRunner();
+    let activeCorrelationId = null;
+    let stdoutBytes = 0;
+    let stderrBytes = 0;
+    let stdoutTruncated = false;
+    let stderrTruncated = false;
+    const handleEvent = (event) => {
+        if (!activeCorrelationId) {
+            activeCorrelationId = event.correlationId;
+        }
+        if (event.correlationId !== activeCorrelationId) {
+            return;
+        }
+        hooks.onEvent?.(event);
+        streamEvent(writeEvent, event, {
+            onStdout: (bytes) => {
+                stdoutBytes += bytes;
+                stdoutTruncated = stdoutTruncated || stdoutBytes > MAX_BUFFERED_OUTPUT_BYTES;
+            },
+            onStderr: (bytes) => {
+                stderrBytes += bytes;
+                stderrTruncated = stderrTruncated || stderrBytes > MAX_BUFFERED_OUTPUT_BYTES;
+            }
+        });
+        switch (event.type) {
+            case 'exec:begin':
+                events?.toolCall({
+                    stageId: stage.id,
+                    stageIndex: index,
+                    toolName: 'exec',
+                    status: 'started',
+                    message: stage.command,
+                    attempt: event.attempt
+                });
+                break;
+            case 'exec:chunk':
+                events?.log({
+                    stageId: stage.id,
+                    stageIndex: index,
+                    level: event.payload.stream === 'stderr' ? 'error' : 'info',
+                    message: event.payload.data,
+                    source: event.payload.stream
+                });
+                break;
+            case 'exec:retry':
+                events?.toolCall({
+                    stageId: stage.id,
+                    stageIndex: index,
+                    toolName: 'exec',
+                    status: 'retry',
+                    message: event.payload.errorMessage,
+                    attempt: event.attempt
+                });
+                break;
+            case 'exec:end':
+                events?.toolCall({
+                    stageId: stage.id,
+                    stageIndex: index,
+                    toolName: 'exec',
+                    status: event.payload.status,
+                    message: `exit ${event.payload.exitCode ?? 'null'}`,
+                    attempt: event.attempt
+                });
+                break;
+            default:
+                break;
+        }
+    };
+    const unsubscribe = runner.on(handleEvent);
+    try {
+        const sessionConfig = stage.session ?? {};
+        const sessionId = sessionConfig.id;
+        const wantsPersist = Boolean(sessionConfig.persist || sessionConfig.reuse);
+        const persistSession = Boolean(sessionId && wantsPersist);
+        const reuseSession = Boolean(sessionId && (sessionConfig.reuse ?? persistSession));
+        const baseEnv = {
+            ...process.env,
+            ...(envOverrides ?? {}),
+            CODEX_ORCHESTRATOR_TASK_ID: manifest.task_id,
+            CODEX_ORCHESTRATOR_RUN_ID: manifest.run_id,
+            CODEX_ORCHESTRATOR_PIPELINE_ID: manifest.pipeline_id,
+            CODEX_ORCHESTRATOR_MANIFEST_PATH: paths.manifestPath,
+            CODEX_ORCHESTRATOR_RUN_DIR: paths.runDir,
+            CODEX_ORCHESTRATOR_RUNS_DIR: env.runsRoot,
+            CODEX_ORCHESTRATOR_OUT_DIR: env.outRoot,
+            CODEX_ORCHESTRATOR_REPO_ROOT: env.repoRoot,
+            CODEX_ORCHESTRATOR_PACKAGE_ROOT: PACKAGE_ROOT
+        };
+        const execEnv = { ...baseEnv, ...stage.env };
+        const invocationId = `cli-command:${manifest.run_id}:${stage.id}:${Date.now()}`;
+        let result;
+        const eventCapture = MAX_CAPTURED_CHUNK_EVENTS > 0 ? { maxChunkEvents: MAX_CAPTURED_CHUNK_EVENTS } : undefined;
+        try {
+            result = await runner.run({
+                command: stage.command,
+                args: [],
+                cwd: stage.cwd ?? env.repoRoot,
+                env: execEnv,
+                sessionId: sessionId ?? undefined,
+                persistSession,
+                reuseSession,
+                invocationId,
+                toolId: 'cli:command',
+                description: stage.title,
+                eventCapture,
+                metadata: {
+                    stageId: stage.id,
+                    pipelineId: manifest.pipeline_id,
+                    runId: manifest.run_id,
+                    commandIndex: entry.index
+                }
+            });
+            hooks.onResult?.(result);
+            if (result.handle) {
+                recordHandle(manifest, result.handle, {
+                    stageId: stage.id,
+                    pipelineId: manifest.pipeline_id,
+                    runId: manifest.run_id
+                });
+                const appendedPrivacyRecords = updatePrivacyManifest(manifest, {
+                    env,
+                    paths,
+                    logPath: privacyLogPath
+                });
+                writePrivacyLog(privacyLog, appendedPrivacyRecords);
+            }
+        }
+        catch (error) {
+            if (error instanceof ToolInvocationFailedError) {
+                hooks.onError?.(error);
+                captureFailureHandle(manifest, stage, error);
+                const appendedPrivacyRecords = updatePrivacyManifest(manifest, {
+                    env,
+                    paths,
+                    logPath: privacyLogPath
+                });
+                writePrivacyLog(privacyLog, appendedPrivacyRecords);
+            }
+            throw error;
+        }
+        const normalizedExitCode = result.exitCode ?? (result.signal ? 128 : 0);
+        const stdoutText = result.stdout.trim();
+        const stderrText = result.stderr.trim();
+        const summary = buildSummary(stage, normalizedExitCode, stdoutText, stderrText, result.signal);
+        entry.completed_at = isoTimestamp();
+        entry.exit_code = normalizedExitCode;
+        entry.summary = summary;
+        entry.status = result.status === 'succeeded' ? 'succeeded' : stage.allowFailure ? 'skipped' : 'failed';
+        if (entry.status === 'failed') {
+            const errorDetails = {
+                exit_code: normalizedExitCode,
+                sandbox_state: result.sandboxState,
+                stderr: stderrText
+            };
+            if (result.signal) {
+                errorDetails.signal = result.signal;
+            }
+            if (stdoutTruncated) {
+                errorDetails.stdout_truncated = true;
+            }
+            if (stderrTruncated) {
+                errorDetails.stderr_truncated = true;
+            }
+            entry.error_file = await appendCommandError(env, paths, manifest, entry, 'command-failed', errorDetails);
+        }
+        await persistManifest(paths, manifest, persister, { force: true });
+        events?.stageCompleted({
+            stageId: stage.id,
+            stageIndex: index,
+            title: stage.title,
+            kind: 'command',
+            status: entry.status,
+            exitCode: entry.exit_code,
+            summary: entry.summary,
+            logPath: entry.log_path
+        });
+        return { exitCode: normalizedExitCode, summary };
+    }
+    finally {
+        unsubscribe();
+        runnerLog.end();
+        commandLog.end();
+        privacyLog.end();
+    }
+}
+function recordHandle(manifest, descriptor, context) {
+    const handles = Array.isArray(manifest.handles) ? [...manifest.handles] : [];
+    const entry = {
+        handle_id: descriptor.id,
+        correlation_id: descriptor.correlationId,
+        stage_id: context.stageId,
+        pipeline_id: context.pipelineId,
+        status: descriptor.status,
+        frame_count: descriptor.frameCount,
+        latest_sequence: descriptor.latestSequence,
+        created_at: descriptor.createdAt,
+        metadata: {
+            run_id: context.runId
+        }
+    };
+    const existingIndex = handles.findIndex((candidate) => candidate.handle_id === entry.handle_id);
+    if (existingIndex >= 0) {
+        handles[existingIndex] = entry;
+    }
+    else {
+        handles.push(entry);
+    }
+    manifest.handles = handles;
+}
+function updatePrivacyManifest(manifest, context) {
+    const metrics = getPrivacyGuard().getMetrics();
+    const existingDecisions = manifest.privacy?.decisions ?? [];
+    const newMetricsDecisions = metrics.decisions.slice(existingDecisions.length);
+    const appended = newMetricsDecisions.map((decision) => ({
+        handle_id: decision.handleId,
+        sequence: decision.sequence,
+        action: decision.action,
+        rule: decision.rule ?? null,
+        reason: decision.reason ?? null,
+        timestamp: decision.timestamp,
+        stage_id: resolveHandleStage(manifest, decision.handleId)
+    }));
+    if (!manifest.privacy) {
+        manifest.privacy = {
+            mode: metrics.mode,
+            decisions: [...appended],
+            totals: {
+                total_frames: metrics.totalFrames,
+                redacted_frames: metrics.redactedFrames,
+                blocked_frames: metrics.blockedFrames,
+                allowed_frames: metrics.allowedFrames
+            },
+            log_path: relativeToRepo(context.env, context.logPath)
+        };
+    }
+    else {
+        manifest.privacy.mode = metrics.mode;
+        manifest.privacy.totals = {
+            total_frames: metrics.totalFrames,
+            redacted_frames: metrics.redactedFrames,
+            blocked_frames: metrics.blockedFrames,
+            allowed_frames: metrics.allowedFrames
+        };
+        if (appended.length > 0) {
+            manifest.privacy.decisions.push(...appended);
+        }
+        manifest.privacy.log_path = relativeToRepo(context.env, context.logPath);
+    }
+    return appended;
+}
+function resolveHandleStage(manifest, handleId) {
+    const record = manifest.handles?.find((entry) => entry.handle_id === handleId);
+    return record?.stage_id ?? null;
+}
+function captureFailureHandle(manifest, stage, error) {
+    const metadata = error.record?.metadata?.exec;
+    const handleId = metadata?.handleId;
+    if (!handleId) {
+        return;
+    }
+    try {
+        const descriptor = getExecHandleService().getDescriptor(handleId);
+        recordHandle(manifest, descriptor, {
+            stageId: stage.id,
+            pipelineId: manifest.pipeline_id,
+            runId: manifest.run_id
+        });
+    }
+    catch (lookupError) {
+        logger.warn(`Handle descriptor missing for failed stage ${stage.id ?? '<unknown>'}: ${lookupError.message}`);
+    }
+}
+function writePrivacyLog(stream, records) {
+    if (!records || records.length === 0) {
+        return;
+    }
+    for (const record of records) {
+        stream.write(`${JSON.stringify(record)}\n`);
+    }
+}
+function streamEvent(writeEvent, event, hooks) {
+    switch (event.type) {
+        case 'exec:begin':
+            writeEvent({
+                type: 'exec:begin',
+                correlation_id: event.correlationId,
+                attempt: event.attempt,
+                command: event.payload.command,
+                args: event.payload.args,
+                cwd: event.payload.cwd,
+                session_id: event.payload.sessionId,
+                sandbox_state: event.payload.sandboxState,
+                persisted: event.payload.persisted
+            });
+            break;
+        case 'exec:chunk': {
+            writeEvent({
+                type: 'exec:chunk',
+                correlation_id: event.correlationId,
+                attempt: event.attempt,
+                stream: event.payload.stream,
+                sequence: event.payload.sequence,
+                bytes: event.payload.bytes,
+                data: event.payload.data
+            });
+            if (EMIT_COMMAND_STREAM_MIRRORS) {
+                writeEvent({
+                    type: event.payload.stream === 'stdout' ? 'command:stdout' : 'command:stderr',
+                    data: event.payload.data
+                });
+            }
+            if (event.payload.stream === 'stdout') {
+                hooks.onStdout(event.payload.bytes);
+            }
+            else {
+                hooks.onStderr(event.payload.bytes);
+            }
+            break;
+        }
+        case 'exec:retry':
+            writeEvent({
+                type: 'exec:retry',
+                correlation_id: event.correlationId,
+                attempt: event.attempt,
+                delay_ms: event.payload.delayMs,
+                sandbox_state: event.payload.sandboxState,
+                error: event.payload.errorMessage
+            });
+            break;
+        case 'exec:end':
+            writeEvent({
+                type: 'exec:end',
+                correlation_id: event.correlationId,
+                attempt: event.attempt,
+                exit_code: event.payload.exitCode,
+                signal: event.payload.signal,
+                duration_ms: event.payload.durationMs,
+                status: event.payload.status
+            });
+            writeEvent({
+                type: 'command:end',
+                exit_code: event.payload.exitCode,
+                signal: event.payload.signal,
+                duration_ms: event.payload.durationMs
+            });
+            break;
+        default:
+            break;
+    }
+}
+function buildSummary(stage, exitCode, stdout, stderr, signal) {
+    if (stage.summaryHint) {
+        return stage.summaryHint;
+    }
+    if (signal) {
+        return `Terminated with signal ${signal}${stderr ? ` — ${truncate(stderr)}` : ''}`;
+    }
+    if (exitCode !== 0) {
+        return `Exited with code ${exitCode}${stderr ? ` — ${truncate(stderr)}` : ''}`;
+    }
+    if (stdout) {
+        return truncate(stdout);
+    }
+    if (stderr) {
+        return truncate(stderr);
+    }
+    return `Command completed with code ${exitCode}`;
+}
+function truncate(value, length = 240) {
+    if (value.length <= length) {
+        return value;
+    }
+    return `${value.slice(0, length)}…`;
+}

package/dist/orchestrator/src/cli/services/controlPlaneService.js

@@ -0,0 +1,107 @@
+import process from 'node:process';
+import { buildRunRequestV2, ControlPlaneDriftReporter, ControlPlaneValidationError, ControlPlaneValidator } from '../../control-plane/index.js';
+import { relativeToRepo } from '../run/runPaths.js';
+import { appendSummary } from '../run/manifest.js';
+import { persistManifest } from '../run/manifestPersister.js';
+import { isoTimestamp } from '../utils/time.js';
+import { resolveEnforcementMode } from '../utils/enforcementMode.js';
+export class ControlPlaneService {
+    modeResolver;
+    now;
+    constructor(modeResolver = resolveControlPlaneMode, now = () => new Date()) {
+        this.modeResolver = modeResolver;
+        this.now = now;
+    }
+    async guard(options) {
+        const mode = this.modeResolver();
+        const driftReporter = new ControlPlaneDriftReporter({
+            repoRoot: options.env.repoRoot,
+            taskId: options.env.taskId
+        });
+        const validator = new ControlPlaneValidator({ mode, driftReporter, now: this.now });
+        const request = buildRunRequestV2({
+            runId: options.runId,
+            task: options.task,
+            pipeline: options.pipeline,
+            manifest: options.manifest,
+            env: options.env,
+            requestedBy: options.requestedBy,
+            now: this.now
+        });
+        try {
+            const result = await validator.validate(request);
+            this.attachControlPlaneToManifest(options.env, options.manifest, result);
+            await persistManifest(options.paths, options.manifest, options.persister, { force: true });
+            return result;
+        }
+        catch (error) {
+            if (error instanceof ControlPlaneValidationError) {
+                this.attachControlPlaneToManifest(options.env, options.manifest, error.result);
+                options.manifest.status = 'failed';
+                options.manifest.status_detail = 'control-plane-validation-failed';
+                options.manifest.completed_at = isoTimestamp();
+                appendSummary(options.manifest, `Control plane validation failed: ${error.message}`);
+                await persistManifest(options.paths, options.manifest, options.persister, { force: true });
+            }
+            throw error;
+        }
+    }
+    attachControlPlaneToManifest(env, manifest, result) {
+        const { request, outcome } = result;
+        const drift = outcome.drift
+            ? {
+                report_path: relativeToRepo(env, outcome.drift.absoluteReportPath),
+                total_samples: outcome.drift.totalSamples,
+                invalid_samples: outcome.drift.invalidSamples,
+                invalid_rate: outcome.drift.invalidRate,
+                last_sampled_at: outcome.drift.lastSampledAt,
+                mode: outcome.drift.mode
+            }
+            : undefined;
+        manifest.control_plane = {
+            schema_id: request.schema,
+            schema_version: request.version,
+            request_id: request.requestId,
+            validation: {
+                mode: outcome.mode,
+                status: outcome.status,
+                timestamp: outcome.timestamp,
+                errors: outcome.errors.map((error) => ({ ...error }))
+            },
+            drift,
+            enforcement: {
+                enabled: outcome.mode === 'enforce',
+                activated_at: outcome.mode === 'enforce' ? outcome.timestamp : null
+            }
+        };
+    }
+    applyControlPlaneToRunSummary(runSummary, result) {
+        if (!result) {
+            return;
+        }
+        const { request, outcome } = result;
+        runSummary.controlPlane = {
+            schemaId: request.schema,
+            schemaVersion: request.version,
+            requestId: request.requestId,
+            validation: {
+                mode: outcome.mode,
+                status: outcome.status,
+                timestamp: outcome.timestamp,
+                errors: outcome.errors.map((error) => ({ ...error }))
+            },
+            drift: outcome.drift
+                ? {
+                    mode: outcome.drift.mode,
+                    totalSamples: outcome.drift.totalSamples,
+                    invalidSamples: outcome.drift.invalidSamples,
+                    invalidRate: outcome.drift.invalidRate,
+                    lastSampledAt: outcome.drift.lastSampledAt
+                }
+                : undefined
+        };
+    }
+}
+export function resolveControlPlaneMode() {
+    return resolveEnforcementMode(process.env.CODEX_CONTROL_PLANE_MODE ?? null, process.env.CODEX_CONTROL_PLANE_ENFORCE ?? null);
+}

package/dist/orchestrator/src/cli/services/execRuntime.js

@@ -0,0 +1,69 @@
+import { spawn } from 'node:child_process';
+import { ExecSessionManager, UnifiedExecRunner, ToolOrchestrator } from '../../../../packages/orchestrator/src/index.js';
+import { RemoteExecHandleService } from '../../../../packages/orchestrator/src/exec/handle-service.js';
+import { PrivacyGuard } from '../../privacy/guard.js';
+import { resolveEnforcementMode } from '../utils/enforcementMode.js';
+class CliExecSessionHandle {
+    id;
+    constructor(id) {
+        this.id = id;
+    }
+    async dispose() {
+        // CLI commands currently spawn per-invocation processes so there is no persistent resource to release.
+    }
+}
+const orchestrator = new ToolOrchestrator();
+const sessionManager = new ExecSessionManager({
+    baseEnv: process.env,
+    factory: async ({ id }) => new CliExecSessionHandle(id)
+});
+const privacyGuard = new PrivacyGuard({ mode: resolvePrivacyGuardMode() });
+const handleService = new RemoteExecHandleService({ guard: privacyGuard, now: () => new Date() });
+const cliExecutor = async (request) => {
+    const child = spawn(request.command, request.args ?? [], {
+        cwd: request.cwd,
+        env: request.env,
+        shell: true,
+        stdio: ['ignore', 'pipe', 'pipe']
+    });
+    if (!child.stdout || !child.stderr) {
+        throw new Error('CLI exec commands require stdout/stderr streams.');
+    }
+    child.stdout.on('data', request.onStdout);
+    child.stderr.on('data', request.onStderr);
+    return await new Promise((resolve, reject) => {
+        const handleExit = (exitCode, signal) => {
+            cleanup();
+            resolve({ exitCode, signal });
+        };
+        const handleError = (error) => {
+            cleanup();
+            reject(error);
+        };
+        const cleanup = () => {
+            child.off('exit', handleExit);
+            child.off('error', handleError);
+        };
+        child.once('exit', handleExit);
+        child.once('error', handleError);
+    });
+};
+const runner = new UnifiedExecRunner({
+    orchestrator,
+    sessionManager,
+    executor: cliExecutor,
+    now: () => new Date(),
+    handleService
+});
+export function getCliExecRunner() {
+    return runner;
+}
+export function getExecHandleService() {
+    return handleService;
+}
+export function getPrivacyGuard() {
+    return privacyGuard;
+}
+function resolvePrivacyGuardMode() {
+    return resolveEnforcementMode(process.env.CODEX_PRIVACY_GUARD_MODE ?? null, process.env.CODEX_PRIVACY_GUARD_ENFORCE ?? null);
+}

package/dist/orchestrator/src/cli/services/pipelineResolver.js

@@ -0,0 +1,47 @@
+import process from 'node:process';
+import { loadUserConfig } from '../config/userConfig.js';
+import { resolvePipeline } from '../pipelines/index.js';
+import { loadDesignConfig, shouldActivateDesignPipeline, designPipelineId } from '../../../../packages/shared/config/index.js';
+import { logger } from '../../logger.js';
+export class PipelineResolver {
+    async loadDesignConfig(rootDir) {
+        const designConfig = await loadDesignConfig({ rootDir });
+        if (designConfig.warnings.length > 0) {
+            for (const warning of designConfig.warnings) {
+                logger.warn(`[design-config] ${warning}`);
+            }
+        }
+        return designConfig;
+    }
+    async resolve(env, options) {
+        logger.info(`PipelineResolver.resolve start for ${options.pipelineId ?? '<default>'}`);
+        const designConfig = await this.loadDesignConfig(env.repoRoot);
+        logger.info(`PipelineResolver.resolve loaded design config from ${designConfig.path}`);
+        const userConfig = await loadUserConfig(env);
+        logger.info(`PipelineResolver.resolve loaded user config`);
+        const requestedPipelineId = options.pipelineId ??
+            (shouldActivateDesignPipeline(designConfig) ? designPipelineId(designConfig) : undefined);
+        const envOverrides = this.resolveDesignEnvOverrides(designConfig, requestedPipelineId);
+        try {
+            const { pipeline, source } = resolvePipeline(env, {
+                pipelineId: requestedPipelineId,
+                config: userConfig
+            });
+            logger.info(`PipelineResolver.resolve selected pipeline ${pipeline.id}`);
+            return { pipeline, userConfig, designConfig, source, envOverrides };
+        }
+        catch (error) {
+            logger.error(`PipelineResolver.resolve failed for ${requestedPipelineId ?? '<default>'}: ${error.message}`);
+            throw error;
+        }
+    }
+    resolveDesignEnvOverrides(designConfig, pipelineId) {
+        const envOverrides = {
+            DESIGN_CONFIG_PATH: designConfig.path
+        };
+        if (pipelineId === designPipelineId(designConfig) && process.env.DESIGN_PIPELINE === undefined) {
+            envOverrides.DESIGN_PIPELINE = '1';
+        }
+        return envOverrides;
+    }
+}