Merged
Conversation
…ning, cleanup CRITICAL: Fix broken Anthropic OAuth tool-calling by adding _convert_messages_to_anthropic() to convert OpenAI-format tool messages to Anthropic Messages API format in credentials.py. Security: - Add ol_session cookie auth to VNC HTTP/WebSocket proxies - Add localhost validation for x-mesh-internal header bypass - Sanitize mesh_tool read_agent_history and list_shared_state outputs - Add _quote_env_value() for proper .env escaping in runtime.py Cleanup: - Remove dead load_prompt_context() from workspace.py - Extract named constants in loop.py (roster TTL, max tokens, history limit) - Add _UPDATABLE_FIELDS allowlist to cron.py update_job - Add MAX_TTL clamping in subagent_tool.py - Add days parameter clamping to /history endpoint - Add monthly_usd budget to all 6 templates Tests: 1779 passed, 0 regressions, 28 skipped
PR #354 landed the same OAuth tool message conversion inline. Remove our extracted _convert_messages_to_anthropic() (now dead code) and keep origin/main's tests.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
_build_anthropic_bodywas passing OpenAI-format tool messages directly to Anthropic API. Added_convert_messages_to_anthropic()conversion layer.x-mesh-internal, sanitize mesh tool outputs, proper.envvalue quotingChanges by category
Critical bug fix
src/host/credentials.py:_convert_messages_to_anthropic()— converts OpenAI tool_calls/tool messages to Anthropic tool_use/tool_result formatSecurity hardening
src/host/server.py:ol_sessioncookie auth on VNC HTTP + WebSocket proxies, localhost validation forx-mesh-internalsrc/agent/builtins/mesh_tool.py: Sanitizeread_agent_historyreturn andlist_shared_statekeyssrc/host/runtime.py:_quote_env_value()for shell-safe.envvaluesCleanup
src/agent/workspace.py: Remove deadload_prompt_context()src/agent/loop.py: Named constants (_FLEET_ROSTER_TTL,_FALLBACK_MAX_TOKENS,_TOOL_HISTORY_LIMIT)src/host/cron.py:_UPDATABLE_FIELDSallowlistsrc/agent/builtins/subagent_tool.py:MAX_TTLclampingsrc/agent/server.py:/historydays parameter clampingsrc/templates/*.yaml: Addmonthly_usdbudget to all 6 templatesTest plan
pytest— 1779 passed, 28 skipped, 0 failed (excluding 2 pre-existing dashboard test failures)_convert_messages_to_anthropic()verify tool_calls → tool_use and consecutive tool_result merging