Skip to content

fix: sign OpenAPI requests with STS session token#132

Merged
cuericlee merged 1 commit into
mainfrom
fix/sts-session-token-openapi
Jul 13, 2026
Merged

fix: sign OpenAPI requests with STS session token#132
cuericlee merged 1 commit into
mainfrom
fix/sts-session-token-openapi

Conversation

@innsd

@innsd innsd commented Jul 13, 2026

Copy link
Copy Markdown
Collaborator

Summary

  • Include STS session tokens in ve_request signing via X-Security-Token.
  • Propagate resolved session tokens through CR, CodePipeline, and identity OpenAPI clients.
  • Add regression coverage for signer headers, CR/CP token propagation, identity decorators, and constructor compatibility.

Validation

  • Real agentkit launch was verified successfully after the CR/CodePipeline token propagation fix.
  • conda run -n agentkit_env_test python -m pytest -q tests/auth/test_identity_auth.py tests/utils/test_engineering_standards.py tests/toolkit/volcengine/test_provider_injection.py tests/toolkit/test_byteplus_single_region.py
  • pre-commit hooks: ruff check, ruff format, hardcoded secret detection

@cuericlee cuericlee left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@cuericlee cuericlee merged commit 9b1bbc8 into main Jul 13, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants