fix(dcode): allow local OTLP endpoint env#6533
Conversation
The DCode secret guard treated OTLP endpoint variable names as credential context unconditionally. A local collector URL therefore reached the generic name-based refusal path even when the value had no secret material. Allow only canonical HTTP local OTLP endpoint URLs for endpoint variables before the credential-name fallback runs. OTLP headers, remote URLs, userinfo, queries, fragments, and other auth/key names remain rejected. Signed-off-by: Ho Lim <subhoya@gmail.com>
📝 WalkthroughWalkthroughIntroduces a security-hardened allowlist mechanism permitting only specific local/loopback OTLP telemetry endpoint environment variables to bypass secret-scanning checks in both dcode-wrapper.sh and managed-dcode-runtime.py, restricted to canonical HTTP URLs, fixed ports, and limited paths. Tests validate accepted and rejected endpoint values. ChangesLocal OTLP endpoint allowlist
Estimated code review effort: 3 (Moderate) | ~25 minutes Sequence Diagram(s)sequenceDiagram
participant Runtime as dcode-wrapper.sh / managed-dcode-runtime.py
participant EnvVar as Environment Variable
participant Validator as OTLP Allowlist Validator
participant Scanner as Secret Scanner
Runtime->>EnvVar: read name and value
Runtime->>Validator: is_allowed_local_otlp_endpoint(name, value)
alt name matches OTLP endpoint set and value is canonical loopback URL
Validator-->>Runtime: accepted
Runtime->>Runtime: continue (skip secret checks)
else not a valid OTLP endpoint
Validator-->>Runtime: rejected
Runtime->>Scanner: apply secret/credential-shape checks
alt secret-shaped value detected
Scanner-->>Runtime: raise error, refuse to start
else no secret detected
Scanner-->>Runtime: allow variable
end
end
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
There was a problem hiding this comment.
🧹 Nitpick comments (1)
test/langchain-deepagents-code-direct-module-patch.test.ts (1)
369-380: 🔒 Security & Privacy | 🔵 Trivial | ⚡ Quick winAssert the rejected value isn't leaked in stderr.
The rejection assertion only checks that
CUSTOM_API_KEYappears in stderr, but doesn't verify the value itself is absent — the same hardening applied to the sibling OTLP-reject tests intest/langchain-deepagents-code-image-credentials.test.ts(e.g.expect(result.stderr).not.toContain(value)).Suggested addition
expect(rejected.status).not.toBe(0); expect(rejected.stderr).toContain("runtime environment variable CUSTOM_API_KEY"); + expect(rejected.stderr).not.toContain("http://host.openshell.internal:4318"); });🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@test/langchain-deepagents-code-direct-module-patch.test.ts` around lines 369 - 380, The rejection test only verifies that CUSTOM_API_KEY is mentioned in stderr, but it should also confirm the secret value is not leaked. Update the deepagents_code rejection assertion in this test to mirror the hardening used in the sibling OTLP-reject tests by checking the stderr does not contain the actual CUSTOM_API_KEY value passed to spawnSync, using the rejected result and its stderr output.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Nitpick comments:
In `@test/langchain-deepagents-code-direct-module-patch.test.ts`:
- Around line 369-380: The rejection test only verifies that CUSTOM_API_KEY is
mentioned in stderr, but it should also confirm the secret value is not leaked.
Update the deepagents_code rejection assertion in this test to mirror the
hardening used in the sibling OTLP-reject tests by checking the stderr does not
contain the actual CUSTOM_API_KEY value passed to spawnSync, using the rejected
result and its stderr output.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: ac6801a1-97e4-4d6a-9509-6ce012a3251a
📒 Files selected for processing (4)
agents/langchain-deepagents-code/dcode-wrapper.shagents/langchain-deepagents-code/managed-dcode-runtime.pytest/langchain-deepagents-code-direct-module-patch.test.tstest/langchain-deepagents-code-image-credentials.test.ts
|
Closing as superseded by merged #6538, which already resolved #6466 with the canonical exact-host OTLP validator and broader adversarial/non-leak coverage. This branch now conflicts in all four changed files, and its only unique behavior is a wider localhost/host.docker.internal/host.containers.internal allowlist that does not match the managed collector network policy. The contribution is GitHub Verified and DCO-compliant, but there is no safe unique change to salvage. |
Summary
OTEL_EXPORTER_OTLP_ENDPOINTandOTEL_EXPORTER_OTLP_TRACES_ENDPOINTin the DCode runtime env guard.Root Cause
The DCode secret guard treated OTLP endpoint env var names as credential context unconditionally, so
http://host.openshell.internal:4318reached the generic name-based refusal path even though the value contained no secret material.Validation
bash -n agents/langchain-deepagents-code/dcode-wrapper.shpython3 -m py_compile agents/langchain-deepagents-code/managed-dcode-runtime.pyNEMOCLAW_TEST_TIMEOUT=60000 npx vitest run --project integration test/langchain-deepagents-code-image-credentials.test.ts test/langchain-deepagents-code-direct-module-patch.test.tsnpm run build:cliNEMOCLAW_TEST_TIMEOUT=60000 npm run check:diffDCO
5bd589e1237ac7572be06b8ed86c87b103985bc0includesSigned-off-by: Ho Lim <subhoya@gmail.com>.Summary by CodeRabbit
Bug Fixes
Tests