Skip to content

feat(credential): generic credential injection for outbound HTTP requests#1282

Merged
chaliy merged 2 commits intomainfrom
claude/generic-credential-injection-gF6De
Apr 14, 2026
Merged

feat(credential): generic credential injection for outbound HTTP requests#1282
chaliy merged 2 commits intomainfrom
claude/generic-credential-injection-gF6De

Conversation

@chaliy
Copy link
Copy Markdown
Contributor

@chaliy chaliy commented Apr 14, 2026

Summary

  • Add transparent per-host credential injection so sandboxed scripts can make authenticated API calls without ever seeing the real secrets
  • Two modes: injection (headers added automatically by URL pattern) and placeholder (opaque env var replaced with real credential on the wire)
  • Built on the before_http hooks system (feat(hooks): wire tool hooks into builtin pipeline, add HTTP hooks #1255) — credential policy hook runs first, injected headers overwrite existing ones (prevents spoofing)
  • New Credential enum, BashBuilder::credential() and BashBuilder::credential_placeholder() APIs
  • Spec, rustdoc guide, and 13 integration tests + 13 unit tests

API

// Mode 1: Pure injection — script never sees credentials
.credential("https://api.github.com", Credential::bearer("ghp_xxxx"))

// Mode 2: Placeholder — opaque env var replaced on the wire
.credential_placeholder("OPENAI_API_KEY", "https://api.openai.com", Credential::bearer("sk-real"))

New files

File Purpose
specs/019-credential-injection.md Design spec with threat analysis
crates/bashkit/src/credential.rs Credential, CredentialPolicy, unit tests
crates/bashkit/docs/credential-injection.md Rustdoc guide
crates/bashkit/tests/credential_injection_tests.rs Integration tests

Test plan

  • Injection mode: bearer, custom header, multiple headers
  • Placeholder mode: env var contains placeholder, replacement in headers, not replaced for wrong host
  • Overwrite semantics: script-set Authorization header replaced by policy
  • URL scoping: no injection for non-matching URL, path-scoped credentials, multiple hosts
  • Mixed modes: injection and placeholder together
  • Debug redaction: credential values never in Debug output
  • cargo fmt --check clean
  • cargo clippy clean (only pre-existing dead_code in git/mod.rs)

chaliy added 2 commits April 14, 2026 05:09
@chaliy
feat(credential): generic credential injection for outbound HTTP requ…
3b5e853 
…ests

Add transparent per-host credential injection so sandboxed scripts can
make authenticated API calls without ever seeing the real secrets.

Two modes:
- Injection: headers added automatically based on URL pattern
- Placeholder: opaque env var replaced with real credential on the wire

Built on the before_http hooks system (#1255). Credential policy hook
runs first so subsequent hooks see injected headers. Injected headers
overwrite existing headers with the same name (prevents spoofing).

New files:
- specs/019-credential-injection.md (design spec)
- crates/bashkit/src/credential.rs (Credential, CredentialPolicy)
- crates/bashkit/docs/credential-injection.md (rustdoc guide)
- crates/bashkit/tests/credential_injection_tests.rs (13 integration tests)
@chaliy
fix(git): gate sanitize_git_output behind git feature
ff4ec88 
The function was pub(crate) but only used by client.rs (behind the git
feature gate). Without the git feature, it was dead code. Gate it with
#[cfg(any(feature = "git", test))] so tests still compile.
@chaliy chaliy force-pushed the claude/generic-credential-injection-gF6De branch from cd38eb0 to ff4ec88 Compare April 14, 2026 05:09
@chaliy chaliy merged commit 1080b99 into main Apr 14, 2026
27 checks passed
@chaliy chaliy deleted the claude/generic-credential-injection-gF6De branch April 14, 2026 12:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@chaliy