fix: use proxy for unrendered injected block secrets #9496
Conversation
Learn moreAll Green is an AI agent that automatically: ✅ Addresses code review comments ✅ Fixes failing CI checks ✅ Resolves merge conflicts |
1 similar comment
Learn moreAll Green is an AI agent that automatically: ✅ Addresses code review comments ✅ Fixes failing CI checks ✅ Resolves merge conflicts |
|
✅ Review Complete Code Review Summary |
There was a problem hiding this comment.
1 issue found across 4 files
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them.
<file name="extensions/cli/src/CLIPlatformClient.test.ts">
<violation number="1" location="extensions/cli/src/CLIPlatformClient.test.ts:79">
P2: Test assumes env var is absent but does not clear real env, so real developer/CI env values can make the test fail flakily.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
There was a problem hiding this comment.
1 issue found across 2 files (changes from recent commits).
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them.
<file name="extensions/cli/src/CLIPlatformClient.test.ts">
<violation number="1" location="extensions/cli/src/CLIPlatformClient.test.ts:344">
P2: Test is environment-dependent: does not clear OPENAI_API_KEY before asserting API fallback, so it fails when the variable exists in the runner environment.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
| const resolvedBlock = parseMarkdownRuleOrConfigYaml( | ||
| const blockConfigYamlWithFQSNs = renderTemplateData( | ||
| blockConfigYamlWithSecrets, | ||
| { |
There was a problem hiding this comment.
This includes block in FQSN e.g. secrets./anthropic/claude/ANTHROPIC_API_KEY rather than secrets.///ANTHROPIC_API_KEY which is needed for checking models add on eligibility
| .map((r, i) => (r === undefined ? i : -1)) | ||
| .filter((i) => i !== -1); | ||
|
|
||
| if (unresolvedIndices.length > 0) { |
There was a problem hiding this comment.
This diff looks big but it's just reordering to check process.env for secrets and then not filter out secrets with values so that useProxyForUnrenderedSecrets can work
|
🎉 This PR is included in version 1.38.0 🎉 The release is available on: Your semantic-release bot 📦🚀 |
|
🎉 This PR is included in version 1.37.0 🎉 The release is available on: Your semantic-release bot 📦🚀 |
Description
CLI was filtering secrets out in a way that prevented the proxy being used for unrendered secrets
Also updated config unrolling to use
extractFQSNMapfor injected blocks, which is more semanticContinue Tasks
Powered by Continue
Summary by cubic
Fixes CLI secret resolution so unrendered injected block secrets use the proxy instead of being filtered out. Also updates block injection to generate proper FQSNs, ensuring secrets are correctly namespaced for proxy resolution.
Written for commit 6b3c0be. Summary will update on new commits.