Skip to content

fix: P0/P1 review findings + credential hygiene#121

Open
tiantt wants to merge 2 commits into
fix/nfr-scan-findingsfrom
fix/review-p0p1-hygiene
Open

fix: P0/P1 review findings + credential hygiene#121
tiantt wants to merge 2 commits into
fix/nfr-scan-findingsfrom
fix/review-p0p1-hygiene

Conversation

@tiantt

@tiantt tiantt commented Jul 7, 2026

Copy link
Copy Markdown
Collaborator

Follow-up remediation from a fresh full-repo review. Stacked on top of fix/nfr-scan-findings; contains only the changes below.

P0

  • agentkit/toolkit/cli/sandbox/cli_exec.py: termios/tty were imported at module top level, so every agentkit command (even --help) crashed at import time on Windows. Now imported lazily; interactive exec/shell exits with a clear message on platforms without a POSIX terminal.

P1

  • agentkit/utils/ve_sign.py: sign X-Security-Token into the canonical headers when an STS session_token is present (mirrors agentkit/auth/_sigv4.py). Threaded through ve_request and every VeCR/VeCodePipeline call site (agentkit/toolkit/volcengine/cr.py, code_pipeline.py, services/cr_service.py). Static ak/sk callers pass no token and keep the original four-header form (byte-identical signature — pinned by a golden vector).
  • agentkit/sdk/identity/auth.py: forward the real STS session_token; stop sending the hard-coded "identity_token" placeholder (IdentityToken is now an opt-in argument).
  • agentkit/apps/agent_server_app/origin.py: disable allow_credentials when CORS origins are a wildcard — Starlette otherwise echoes any Origin back with credentials, allowing any site to make credentialed cross-origin calls. Explicit allowlists keep credentials enabled.
  • agentkit/toolkit/builders/ve_pipeline.py: honor config.build_timeout (default 3600s) instead of the hard-coded 900s cap.
  • agentkit/toolkit/cli/cli_delete.py: delete credential/delete harness gain --force and an interactive-only confirmation prompt. Non-interactive callers (CI, pipes) keep deleting without a prompt, so this is not a breaking change for automation.

Credential hygiene

  • agentkit/utils/redact.py: add secret_key, security_token, signature to the redaction field list (the repo's own config key names and presigned-URL HMACs were slipping through).
  • agentkit/toolkit/harness/deploy.py: write harness.json (stores the runtime API key in plaintext) with mode 0600.
  • agentkit/toolkit/cli/cli_deploy.py: mask the API key in deploy output (full value stays in harness.json).
  • .gitignore: ignore harness.json.

Compatibility

No public API signatures removed; all new parameters are optional with defaults preserving prior behavior. The delete confirmation is gated on an interactive TTY, so automation is unaffected.

Tests

Full suite green (938 passed). New coverage: tests/utils/test_redact.py, an STS golden-vector case in tests/utils/test_ve_sign_signing.py, CORS credential gating in tests/apps/test_agent_server_origin.py, and delete-confirmation cases in tests/toolkit/cli/test_cli_credential.py.

tiantt added 2 commits July 7, 2026 09:36
- cli_exec: lazy-import termios/tty so the CLI no longer crashes at import
  time on Windows; interactive exec/shell fails with a clear message instead.
- ve_sign: sign X-Security-Token into the canonical headers when an STS
  session_token is present (mirrors auth/_sigv4); thread the token through
  ve_request and the VeCR/VeCodePipeline call sites. Static ak/sk callers keep
  the original four-header form (byte-identical signature).
- identity.auth: forward the real STS session_token and stop sending the
  hard-coded 'identity_token' placeholder; IdentityToken is now an opt-in arg.
- agent_server origin: disable allow_credentials when CORS origins are a
  wildcard (Starlette would otherwise echo any Origin with credentials).
- ve_pipeline: honor config.build_timeout instead of the hard-coded 900s.
- cli delete credential/harness: add --force and an interactive-only
  confirmation prompt; non-interactive callers keep deleting without a prompt
  (no behavior change for CI/scripts).
- Tests: STS signing golden vector, CORS credential gating, delete
  confirmation (interactive decline + non-interactive proceed).
- redact: add secret_key, security_token and signature to the field list so
  the repo's own config key names and presigned-URL HMACs are masked; add
  regression tests (secrets masked, trace-id/git-sha/uuid preserved).
- harness deploy: write harness.json (which stores the runtime API key in
  plaintext) with mode 0600 instead of default umask.
- cli deploy: mask the API key in terminal output (full value stays in
  harness.json) and note the file must not be committed.
- gitignore: ignore harness.json.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant