Skip to content

fix: automated secret resolution at runtime for inputs and parameters #216

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
betterclever wants to merge 3 commits into
base: main
Choose a base branch
from
Open

fix: automated secret resolution at runtime for inputs and parameters #216

betterclever wants to merge 3 commits into from

Conversation

@betterclever
Copy link
Contributor

@betterclever betterclever commented Jan 20, 2026

This PR fixes secret resolution across the platform, addressing issues where secret IDs were being passed to components instead of their resolved values.

Key Changes

  • Worker Runtime Resolution: Implemented automatic secret resolution in `runComponentActivity`. The worker now identifies secret-type ports in both `inputOverrides` and `params` and resolves them from the Secret Store before execution.
  • Dynamic Port Support: Ensured that components with dynamic ports (like `core.logic.script`) have their ports resolved before secret resolution occurs.
  • Frontend Simplification: Updated `ParameterField.tsx` to store secret IDs and removed the legacy manual/select mode toggle, simplifying the secret selection contract.
  • Security & Observation: Verified that secret values are correctly masked as `***` in API responses and traces, while plaintext values are delivered to the component context.
  • E2E Tests: Added `e2e-tests/secret-resolution.test.ts` to verify:
    • Direct secret overrides in script nodes.
    • Secret Loader (`core.secret.fetch`) value flow to downstream components.

Fixes ENG-116
Fixes ENG-120

@betterclever
fix: resolve secret references in component inputs and parameters at …
7f1c928 
…runtime

- updated frontend secret editor to save secret.id instead of name
- removed manual mode from secret editor to simplify contract
- updated activity input to include inputOverrides and rawParams
- implemented runtime secret resolution in runComponentActivity
- ensured secret resolution only happens for ports marked as 'secret' type or editor

Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever
fix: resolve secret references in worker and update e2e tests
bedf54c 
- implement automatic secret resolution for input overrides and parameters in runComponentActivity
- ensure dynamic ports are resolved before secret resolution
- update e2e tests to verify secret flow using script echo pattern
- mask secret-type ports in node-io outputs
- remove unused _secretMode in ParameterField.tsx

Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@chatgpt-codex-connector
Copy link

chatgpt-codex-connector bot commented Jan 20, 2026

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

@betterclever
feat: Unified Selection UI and Enhanced Secret Legibility
f9ef955 
- Created a reusable LeanSelect component with search, inline clearing, and accessibility improvements.
- Refactored SecretSelect to use LeanSelect and enabled clearing by default.
- Integrated LeanSelect into ParameterField for consistent parameter editing.
- Improved WorkflowNode to resolve secret UUIDs to human-readable names.
- Enhanced manual input UI on nodes with descriptive labels and icons.
- Added validation for missing secrets.

Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@betterclever