@slashfi/agents-sdk 0.85.0 → 0.86.0

package/src/config-store.ts

@@ -811,11 +811,31 @@ export function createAdk(fs: FsStore, options: AdkOptions = {}): Adk {
     const entry = findRef(config.refs ?? [], name);
     const value = entry?.config?.[key];
     if (typeof value !== "string") return null;
-    if (value.startsWith(SECRET_PREFIX) && options.encryptionKey) {
-      return decryptSecret(
-        value.slice(SECRET_PREFIX.length),
-        options.encryptionKey,
-      );
+    if (value.startsWith(SECRET_PREFIX)) {
+      // Encrypted credential. Refuse to forward the ciphertext verbatim;
+      // upstreams will silently reject `secret:...` as a bearer token
+      // and the cause becomes invisible.
+      if (!options.encryptionKey) {
+        throw new AdkError({
+          code: "encryption_key_missing",
+          message: `ref.call(${name}): credential "${key}" is encrypted (secret:...) but this Adk instance was constructed without an encryptionKey.`,
+          hint: "Pass `encryptionKey` when constructing the Adk (createAdk/createAdkForUser/createAdkForTenant).",
+          details: { ref: name, field: key },
+        });
+      }
+      try {
+        return await decryptSecret(
+          value.slice(SECRET_PREFIX.length),
+          options.encryptionKey,
+        );
+      } catch (err) {
+        throw new AdkError({
+          code: "encryption_key_mismatch",
+          message: `ref.call(${name}): failed to decrypt credential "${key}". The configured encryptionKey does not match the key used to encrypt this value.`,
+          hint: "Re-encrypt the ref's credentials with the current encryptionKey, or restore the previous key.",
+          details: { ref: name, field: key, cause: (err as Error)?.message },
+        });
+      }
     }
     return value;
   }
@@ -2098,16 +2118,35 @@ export function createAdk(fs: FsStore, options: AdkOptions = {}): Adk {
       if (rawHeaders && typeof rawHeaders === "object") {
         resolvedHeaders = {};
         for (const [k, v] of Object.entries(rawHeaders)) {
-          if (
-            typeof v === "string" &&
-            v.startsWith(SECRET_PREFIX) &&
-            options.encryptionKey
-          ) {
-            resolvedHeaders[k] = await decryptSecret(
-              v.slice(SECRET_PREFIX.length),
-              options.encryptionKey,
-            );
-          } else if (typeof v === "string") {
+          if (typeof v !== "string") continue;
+          if (v.startsWith(SECRET_PREFIX)) {
+            // Encrypted header value. Refuse to forward the ciphertext
+            // verbatim — that historically leaked literal `secret:...`
+            // strings as outbound HTTP headers, which upstreams rejected
+            // with opaque 401s. Hard-fail with a clear message so the
+            // misconfiguration surfaces instead of silently breaking auth.
+            if (!options.encryptionKey) {
+              throw new AdkError({
+                code: "encryption_key_missing",
+                message: `ref.call(${name}): header "${k}" is encrypted (secret:...) but this Adk instance was constructed without an encryptionKey, so the ciphertext cannot be resolved.`,
+                hint: "Pass `encryptionKey` when constructing the Adk (createAdk/createAdkForUser/createAdkForTenant), or strip the encrypted header from the ref config.",
+                details: { ref: name, header: k },
+              });
+            }
+            try {
+              resolvedHeaders[k] = await decryptSecret(
+                v.slice(SECRET_PREFIX.length),
+                options.encryptionKey,
+              );
+            } catch (err) {
+              throw new AdkError({
+                code: "encryption_key_mismatch",
+                message: `ref.call(${name}): failed to decrypt header "${k}". The configured encryptionKey does not match the key used to encrypt this value.`,
+                hint: "Re-encrypt the ref's headers with the current encryptionKey, or restore the previous key. Decrypting an unrelated value would have leaked ciphertext as a header before this fix.",
+                details: { ref: name, header: k, cause: (err as Error)?.message },
+              });
+            }
+          } else {
             resolvedHeaders[k] = v;
           }
         }

package/src/encrypted-headers.test.ts

@@ -0,0 +1,150 @@
+import { describe, expect, test } from "bun:test";
+import type { FsStore } from "./agent-definitions/config";
+import { createAdk } from "./index";
+import { encryptSecret } from "./crypto";
+
+function memFs(initial: Record<string, unknown>): FsStore {
+  const files = new Map<string, string>([
+    ["consumer-config.json", JSON.stringify(initial)],
+  ]);
+  return {
+    async readFile(p) {
+      return files.get(p) ?? null;
+    },
+    async writeFile(p, c) {
+      files.set(p, c);
+    },
+  };
+}
+
+describe("ref.call: encrypted config.headers", () => {
+  const KEY = "test-encryption-key-1234567890";
+
+  test("forwards plaintext _headers when encryptionKey decrypts", async () => {
+    const encApi = `secret:${await encryptSecret("DD_API_KEY_REAL", KEY)}`;
+    const encApp = `secret:${await encryptSecret("DD_APP_KEY_REAL", KEY)}`;
+
+    const captured: Array<{ body: string }> = [];
+    const fetchSpy: typeof fetch = async (_url, init) => {
+      captured.push({ body: String((init as RequestInit | undefined)?.body) });
+      return new Response(
+        JSON.stringify({
+          jsonrpc: "2.0",
+          id: "1",
+          result: { content: [{ type: "text", text: JSON.stringify({ ok: true }) }] },
+        }),
+        { status: 200, headers: { "content-type": "application/json" } },
+      );
+    };
+
+    const adk = createAdk(
+      memFs({
+        registries: [{ name: "test", url: "https://example.com" }],
+        refs: [{
+          ref: "datadog",
+          scheme: "registry",
+          mode: "api",
+          sourceRegistry: { agentPath: "datadog", url: "https://example.com" },
+          config: { headers: { "DD-API-KEY": encApi, "DD-APPLICATION-KEY": encApp } },
+        }],
+      }),
+      { fetch: fetchSpy, encryptionKey: KEY },
+    );
+
+    await adk.ref.call("datadog", "some_tool", { foo: "bar" });
+
+    expect(captured.length).toBe(1);
+    const body = JSON.parse(captured[0].body);
+    const params = body.params.arguments.request.params;
+    expect(params._headers).toEqual({
+      "DD-API-KEY": "DD_API_KEY_REAL",
+      "DD-APPLICATION-KEY": "DD_APP_KEY_REAL",
+    });
+  });
+
+  test("hard-fails when secret: header present but encryptionKey is missing", async () => {
+    const encApi = `secret:${await encryptSecret("x", KEY)}`;
+
+    const fetchSpy: typeof fetch = async () =>
+      new Response("", { status: 200 });
+
+    const adk = createAdk(
+      memFs({
+        registries: [{ name: "test", url: "https://example.com" }],
+        refs: [{
+          ref: "datadog",
+          scheme: "registry",
+          mode: "api",
+          sourceRegistry: { agentPath: "datadog", url: "https://example.com" },
+          config: { headers: { "DD-API-KEY": encApi } },
+        }],
+      }),
+      { fetch: fetchSpy /* no encryptionKey */ },
+    );
+
+    await expect(
+      adk.ref.call("datadog", "some_tool", {}),
+    ).rejects.toThrow(/encryption_key_missing|encryptionKey/);
+  });
+
+  test("hard-fails when encryptionKey is present but cannot decrypt the value", async () => {
+    const encApi = `secret:${await encryptSecret("x", KEY)}`;
+
+    const fetchSpy: typeof fetch = async () =>
+      new Response("", { status: 200 });
+
+    const adk = createAdk(
+      memFs({
+        registries: [{ name: "test", url: "https://example.com" }],
+        refs: [{
+          ref: "datadog",
+          scheme: "registry",
+          mode: "api",
+          sourceRegistry: { agentPath: "datadog", url: "https://example.com" },
+          config: { headers: { "DD-API-KEY": encApi } },
+        }],
+      }),
+      { fetch: fetchSpy, encryptionKey: "a-different-wrong-key" },
+    );
+
+    await expect(
+      adk.ref.call("datadog", "some_tool", {}),
+    ).rejects.toThrow(/encryption_key_mismatch|decrypt/);
+  });
+
+  test("plaintext header values are still forwarded as-is", async () => {
+    const captured: Array<{ body: string }> = [];
+    const fetchSpy: typeof fetch = async (_url, init) => {
+      captured.push({ body: String((init as RequestInit | undefined)?.body) });
+      return new Response(
+        JSON.stringify({
+          jsonrpc: "2.0",
+          id: "1",
+          result: { content: [{ type: "text", text: JSON.stringify({ ok: true }) }] },
+        }),
+        { status: 200, headers: { "content-type": "application/json" } },
+      );
+    };
+
+    const adk = createAdk(
+      memFs({
+        registries: [{ name: "test", url: "https://example.com" }],
+        refs: [{
+          ref: "weather",
+          scheme: "registry",
+          mode: "api",
+          sourceRegistry: { agentPath: "weather", url: "https://example.com" },
+          config: { headers: { "X-API-Key": "plain-value" } },
+        }],
+      }),
+      { fetch: fetchSpy /* no encryptionKey needed for plaintext */ },
+    );
+
+    await adk.ref.call("weather", "some_tool", {});
+
+    expect(captured.length).toBe(1);
+    const body = JSON.parse(captured[0].body);
+    const params = body.params.arguments.request.params;
+    expect(params._headers).toEqual({ "X-API-Key": "plain-value" });
+  });
+});

package/src/registry-consumer.ts

@@ -1002,7 +1002,14 @@ export async function createRegistryConsumer(
         );
       }
 
-      return callTool(registry, ref.ref, tool, params);
+      // Forward resolved per-ref headers as `_headers` so the registry
+      // injects them on the outbound REST call. Without this the
+      // `auth.headers` declared by the ref are silently dropped for
+      // registry-routed (`mode: "api"`) refs.
+      const paramsWithHeaders = resolvedHeaders
+        ? { ...params, _headers: resolvedHeaders }
+        : params;
+      return callTool(registry, ref.ref, tool, paramsWithHeaders);
     },
 
     discover(registryUrl: string) {