feat(plugins): Add top-level API header injection#282
Merged
dcramer merged 4 commits intogetsentry:mainfrom May 3, 2026
Merged
feat(plugins): Add top-level API header injection#282dcramer merged 4 commits intogetsentry:mainfrom
dcramer merged 4 commits intogetsentry:mainfrom
Conversation
Support providers that authenticate with fixed HTTP headers resolved from deployment env instead of OAuth or app-issued bearer tokens. This lets sandboxed tools call services like Better Stack through the existing host-managed header injection path without exposing real secrets inside the sandbox or requiring changes to the MCP credential model. Co-Authored-By: OpenAI ChatGPT <chatgpt@openai.com>
|
@carderne is attempting to deploy a commit to the Sentry Team on Vercel. A member of the Team first needs to authorize it. |
![sentry[bot]](https://avatars.githubusercontent.com/in/12637?s=60&v=4){kind=small}
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
Member
|
tbqh i think the goal of this is totally reasonable. will take a look at make sure it hits our stability reqs as sometimes the test suite here isnt capable enough still |
dcramer
added a commit
to carderne/junior
that referenced
this pull request
May 3, 2026
Reject empty static header credential maps during manifest normalization so misconfigured providers fail at load time instead of crashing when a broker issues a lease. Keep optional empty maps omitted for existing credential and MCP config paths, and avoid assuming every credential type has an auth token env name. Refs getsentryGH-282 Co-Authored-By: GPT-5 Codex <codex@openai.com>
dcramer
added a commit
to carderne/junior
that referenced
this pull request
May 3, 2026
Reject empty static header credential maps during manifest normalization so misconfigured providers fail at load time instead of crashing when a broker issues a lease. Keep optional empty maps omitted for existing credential and MCP config paths, and avoid assuming every credential type has an auth token env name. Refs getsentryGH-282 Co-Authored-By: GPT-5 Codex <codex@openai.com>
dcramer
added a commit
to carderne/junior
that referenced
this pull request
May 3, 2026
Treat api-headers as plugin-level sandbox header injection instead of a credential type. Require header env placeholders to be declared in env-vars, forbid defaults for header secrets, and keep header-only plugins eligible for turn-scoped injection. Refs getsentryGH-282 Co-Authored-By: GPT-5 Codex <codex@openai.com>
dcramer
added a commit
to carderne/junior
that referenced
this pull request
May 3, 2026
Treat api-headers as plugin-level sandbox header injection instead of a credential type. Require header env placeholders to be declared in env-vars, forbid defaults for header secrets, and keep header-only plugins eligible for turn-scoped injection. Refs getsentryGH-282 Co-Authored-By: GPT-5 Codex <codex@openai.com>
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
dcramer
added a commit
to carderne/junior
that referenced
this pull request
May 3, 2026
Treat api-headers as plugin-level sandbox header injection instead of a credential type. Require header env placeholders to be declared in env-vars, forbid defaults for header secrets, and keep header-only plugins eligible for turn-scoped injection. Refs getsentryGH-282 Co-Authored-By: GPT-5 Codex <codex@openai.com>
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
Treat api-headers as plugin-level sandbox header injection instead of a credential type. Require header env placeholders to be declared in env-vars, forbid defaults for header secrets, and keep header-only plugins eligible for turn-scoped injection. Refs getsentryGH-282 Co-Authored-By: GPT-5 Codex <codex@openai.com>
Contributor
Author
|
@dcramer great. Happy for you to implement this however you like, or equally happy to take some nudges on this PR (just mention because going by commit history it seems a relatively private project). Either way I'll look a bit closer at the code this week, since I'm using this in production now. Two notes:
api-headers:
Authorization: "Bearer $TOKEN" // DOES NOT work
Authorization: "$AUTH_HEADER" // works |
Member
|
im dropping the credentials bit here and just allow headers to be configured like this - should simplify the whole thing dont think there's any reason to require the extra step. just working through quality checks rn |
Document how token-backed credential headers interact with top-level API headers and rename the credential-header test for accuracy. Co-Authored-By: GPT-5 Codex <codex@openai.com>
Pin how plugin-level API headers merge with token-backed credential headers and update the plugin security contract wording. Co-Authored-By: GPT-5 Codex <codex@openai.com>
Member
|
Final implementation outcome after the cleanup pass: This PR no longer adds a new credential type. The final manifest shape is top-level API header injection: env-vars:
EXAMPLE_AUTH_HEADER:
api-domains:
- api.example.com
api-headers:
Authorization: ${EXAMPLE_AUTH_HEADER}
X-Api-Version: "2026-01-01"Key contract:
Security/runtime notes:
Validation done locally:
Remaining check noise is external to this patch: Vercel requires fork deploy authorization, and Warden can fail on fork PRs when required app secrets are unavailable. |
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
dcramer
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add plugin-level API header injection for providers that authenticate through host-managed HTTP headers. Header-authenticated plugins now declare
api-domainsandapi-headersat the manifest top level, keeping real header values in deployment env and out of sandbox env vars.Manifest Shape
Header-only providers no longer use a credential type. Env-backed header values use declared
${NAME}placeholders, and API header env vars cannot define defaults.Before, header auth was modeled as a credential type:
After, headers are plugin-level request metadata:
Credential Interaction
credentials.typestays limited tooauth-bearerandgithub-app. Existingcredentials.api-headersremains only as extra token-backed headers, while top-level API headers can stand alone or combine with token credentials; token credential headers win on overlap.Runtime Safety
Header transforms are attached by the capability runtime to sandbox bash executions; the model-facing bash schema remains command-only. Eval mode uses deterministic dummy header values so test brokers never read deployment secrets.