Support secret interpolation in streamable HTTP extension URLs#7782
Support secret interpolation in streamable HTTP extension URLs#7782
Conversation
Allow users to store secret values (API keys, tokens) in the system keyring
and interpolate them into streamable HTTP extension URLs and headers using
${VAR} or $VAR syntax. The UI now shows the Environment Variables section
for HTTP extensions so users can add and manage secrets, which are stored
securely in the keyring (not in plaintext config). Secrets are resolved
at runtime using the existing merge_environments and substitute_env_vars
infrastructure.
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 398a27cea4
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
jh-block
force-pushed
the
jhugo/secret-url-interpolation
branch
2 times, most recently
from
73c0ef6 to
158d92f
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 73c0ef6be7
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
jh-block
force-pushed
the
jhugo/secret-url-interpolation
branch
from
158d92f to
b6ff96e
Compare
Two improvements to the extension variable substitution system: 1. Fix substitute_env_vars to scan the original input (not post-substitution output) for $VAR patterns, preventing recursive expansion when a substituted value happens to contain $OTHER_VAR syntax. 2. Resolve extension configs (fetching secrets from keyring) before comparing against stored configs in add_extension, so that secret rotation is detected even when env_keys and URI remain unchanged. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
jh-block
force-pushed
the
jhugo/secret-url-interpolation
branch
from
b6ff96e to
c3b10fe
Compare
|
not sure we should support two ways for substitutions - or do we do that already elsewhere? |
|
do you mean ${VAR} vs $VAR? It's just consistent with what the shell does I guess. We're already doing it for env var substitution into headers (which was pre-existing, this just does it in the URL as well) |
|
eh, if we use both patterns already for the other thing I guess that ship has sailed |
* main: (270 commits) test(acp): align provider and server test parity (#7822) fix(acp): register MCP extensions when resuming a session (#7806) fix(goose): load .gitignore in prompt_manager for hint file filtering (#7795) fix: remap max_completion_tokens to max_tokens for OpenAI-compatible providers (#7765) fix(openai): preserve Responses API tool call/output linkage (#7759) chore(deps): bump @hono/node-server from 1.19.9 to 1.19.11 in /evals/open-model-gym/mcp-harness (#7687) fix: return ContextLengthExceeded when prompt exceeds effective KV cache size (#7815) feat: MCP Roots support (#7790) fix(google): use `includeThoughts/part.thought` for thinking handling (#7593) refactor: simplify tokenizer initialization — remove unnecessary Result wrapper (#7744) Fix model selector showing wrong model in tabs (#7784) Stop collecting goosed stderr after startup (#7814) fix: avoid word splitting by space for windows shell commands (#7781) (#7810) Simplify and make it not break on linux (#7813) Add preferred microphone selection (#7805) Remove dependency on posthog-rs (#7811) feat: load hints in nested subdirs (#7772) feat(acp): add read tool and delegate filesystem I/O to ACP clients (#7668) Support secret interpolation in streamable HTTP extension URLs (#7782) More logging for command injection classifier model training (#7779) ...
2 participants
Summary
Allow users to store secret values (API keys, tokens) in the system keyring and interpolate them into streamable HTTP extension URLs and headers using
${VAR}or$VARsyntax. Addresses the feature request in #4307.Changes
substitute_env_vars()to the URI (previously only applied to headers) in both the config resolution path and runtime launch pathsubstitute_env_vars()now scans the original input for$VARpatterns instead of the post-substitution output, preventing double-expansion when a secret value contains$OTHER_VARsyntaxadd_extensiondetects when a secret value has changed even ifenv_keysand URI are unchangedSecrets are stored securely in the system keyring (macOS Keychain, Linux Secret Service, Windows Credential Manager) and resolved at runtime — they never appear in plaintext in config.yaml or on disk.
Type of Change
AI Assistance
Testing
All 34 extension-related tests pass, including new tests for URI substitution (
http_env_key_uri_substitution) and recursive expansion prevention (test_substitute_env_vars_no_recursive_expansion).Related Issues
Relates to #4307