feat(sandbox): L7 credential injection — query parameter rewriting and Basic auth encoding #630
Description
Summary
Two specific gaps remain in the L7 credential injection system after the existing header injection pattern (used by inference.local) was established. This issue tracks adding support for:
- Query parameter rewriting — inject credentials as URL query parameters (e.g.,
?api_key=VALUE) - Basic Authorization header encoding — support raw
username:passwordcredentials that need base64 encoding before injection asAuthorization: Basic <base64>, including decode/rewrite/re-encode flows
Prior work
- feat: L7 credential injection for non-inference providers #538 (closed) — original broad proposal for L7 credential injection
- feat(sandbox): L7 credential injection for non-inference providers #541 (closed) — PR that went too far by modifying the network policy file spec
The L7 proxy already handles simple header injection (e.g., x-api-key: VALUE or Authorization: Bearer VALUE). These two cases require additional logic.
Use Case 1: Query Parameter Rewriting
APIs like the YouTube Data API authenticate via query parameters:
GET /youtube/v3/search?part=snippet&q=test&key=AIza...
The credential injector should:
- Append the credential as a percent-encoded query parameter to the request URL
- Handle URLs that already have query parameters (
&vs?) - Strip any existing instance of the parameter from the agent's request (prevent spoofing)
Use Case 2: Basic Authorization Header Encoding
Some APIs use HTTP Basic auth where the credential is username:password, base64-encoded:
Authorization: Basic dXNlcjpwYXNzd29yZA==
The credential injector should:
- Accept a raw
username:passwordcredential value - Base64-encode it and inject as
Authorization: Basic <encoded> - For rewriting scenarios: decode an existing
Authorization: Basicheader, perform credential substitution on the decoded content, then re-encode
Scope
- In scope: Changes to the credential injection/L7 relay code in
openshell-sandbox - Out of scope: Modifications to the network policy file spec or proto schema