You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This commit was created on GitHub.com and signed with GitHub’s verified signature.
Added
feat(provider): vendor-agnostic Anthropic-SDK backend override (PR #208) — spec.claude.provider with base_url + auth_token_env points a sac
agent's Claude-SDK session at any Anthropic-SDK-compatible endpoint
(DeepSeek first). Host-side runtimes/_apptainer_provider.py emits ANTHROPIC_BASE_URL + SAC_ANTHROPIC_API_KEY + CLAUDE_CONFIG_DIR
at start; auth resolution via scitex_config cascade
(shell-export > $HOME/.env > default → fail-loud ProviderEnvError). claude-* model alias check is relaxed under a
provider override; provider + spec.claude.account are mutually
exclusive. New: config/_provider_types.ProviderSpec, runtimes/_apptainer_provider.py, runtimes/_apptainer_auth.py,
ADR-0011, examples/agents/deepseek-agent/spec.yaml. 73 targeted
tests; full pytest matrix green.
chore(audit): exempt sac from §6 MCP-Python parity (PR #209) —
adds [tool.scitex_dev] mcp_parity_exempt = true to pyproject for
the audit-cli §6 check. sac's MCP tools mirror CLI subcommands, not
top-level Python APIs (4 orphan tools: agent_spawn, list_python_apis, quota_watch, subagent_get_state). Closes the
only develop-shared audit-conformance violation; tests/develop/test_audit.py::test_audit_all_clean now green on
develop.
Added
feat(account): credential auto-sync substrate (sac accounts sync-live / watch-live) — keep the per-account store fresh the
moment the operator runs claude /login, with zero manual sac accounts save. sync-live reads the live ~/.claude/.credentials.json
the active email from ~/.claude.json, derives the store-name
(email slugified, e.g. ywatanabe@scitex.ai → ywatanabe-scitex-ai),
and atomically snapshots the live cred in when the matching store is
absent / older / expired (idempotent no-op otherwise). watch-live
is the always-on daemon: watches the live credential (inotify via inotifywait when available, else a poll loop) and runs the engine on
every change, logging each sync to stderr or ~/.scitex/agent-container/runtime/logs/creds-watch.log. New _account/creds_sync.py (engine) + _account/creds_watch.py
(watcher).
feat(account): sac accounts list credential-freshness column —
every stored account now shows VALID (+Xh) / EXPIRED (-Xh) / ABSENT read OFFLINE from the snapshot's expiresAt, so rotted
stores are visible at a glance. The --json output gains freshness
and freshness_hours fields. New _account/creds_sync.account_freshness.
Fixed
fix(account): pinned-account credential resolution now fails loud
— when spec.claude.account names a store that is ABSENT or its
credential is EXPIRED, sac agents start now aborts with PinnedAccountError carrying the exact remedy (claude /login to
that account + sac accounts sync-live). Previously it silently fell
back to the host live file (a different account) or launched with a
stale token — handing the agent the wrong identity. A pinned agent
must never silently fall back. (runtimes/_apptainer_creds.py)
