Skip to content

fix(api): reject credential run inputs#2025

Merged
itachi-hue merged 2 commits into
mainfrom
fix/worker-credential-input-guard
Jun 26, 2026
Merged

fix(api): reject credential run inputs#2025
itachi-hue merged 2 commits into
mainfrom
fix/worker-credential-input-guard

Conversation

@itachi-hue

@itachi-hue itachi-hue commented Jun 26, 2026

Copy link
Copy Markdown
Collaborator

Summary

  • reject worker manifests that expose API keys, tokens, passwords, private keys, or auth-flavored connection fields as run inputs
  • clarify Emily worker-authoring/tool rules to use top-level connections and declared secrets instead of credential inputs
  • add regression coverage that still allows business fields like Linear team_key

Tests

  • python -m pytest apps/api/tests/test_worker_credential_input_guard.py apps/api/tests/test_673_674_675_emily_worker_authoring.py apps/api/tests/test_683_emily_agent_mode_routing.py -q

@itachi-hue @claude
fix(api): match credential-input guard on field identity, not help text
7ffdd5b 
Review fix for the credential run-input guard: the strong _CREDENTIAL_INPUT_RE
was matched against name+label+placeholder+description concatenated, so a
legitimate business input whose help text merely MENTIONS credentials/password/
api key (e.g. a 'summary' described 'include candidate credentials and skills',
or 'do not paste your password here') was wrongly rejected and could not be
saved. Restrict the strong pattern to the field identity (name+label); the
free-text placeholder/description now feed only the weaker auth-hint heuristic,
mirroring the split the connection branch already uses. Adds a regression test.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@itachi-hue

itachi-hue commented Jun 26, 2026

Copy link
Copy Markdown
Collaborator Author

Pushed a follow-up commit (7ffdd5b) to fix a false-positive: the strong _CREDENTIAL_INPUT_RE was matched against name+label+placeholder+description concatenated, so a legitimate business input whose help text merely mentions credentials/password/api key (e.g. a summary described "include candidate credentials and skills") was wrongly rejected and couldn't be saved. Now the strong pattern matches the field identity (name+label) only; placeholder/description feed just the weaker auth-hint heuristic (the same split the connection branch already uses). Added a regression test. Verified the existing reject-tests still pass (they're name/label-driven).

@itachi-hue itachi-hue merged commit afb50fb into main Jun 26, 2026
7 checks passed
@itachi-hue itachi-hue deleted the fix/worker-credential-input-guard branch June 26, 2026 03:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@federicodeponte federicodeponte Awaiting requested review from federicodeponte federicodeponte is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@itachi-hue