fix: model principal context without api keys by rpatel-scale · Pull Request #296 · scaleapi/scale-agentex

rpatel-scale · 2026-06-09T20:30:01Z

Summary

Define AgentexAuthPrincipalContext as a typed base model that omits API-key fields from the object itself.
Normalize authn responses and cached auth gateway principals through that model before they reach request state.
Serialize authz principal payloads from the typed model so API keys are not forwarded to authz.
Add tests asserting api_key/apiKey are absent as object attributes and are not retained in model extras.

uv run --project agentex ruff check agentex/src/api/schemas/principal_context.py agentex/src/adapters/authentication/adapter_agentex_authn_proxy.py agentex/src/adapters/authorization/adapter_agentex_authz_proxy.py agentex/src/api/middleware_utils.py agentex/src/api/authentication_middleware.py agentex/src/api/authentication_cache.py agentex/src/domain/services/schedule_service.py agentex/src/domain/use_cases/agent_api_keys_use_case.py agentex/src/domain/use_cases/agents_use_case.py agentex/tests/unit/api/test_principal_context.py agentex/tests/unit/api/test_authentication_cache_metrics.py
uv run --project agentex --group test pytest agentex/tests/unit/api/test_principal_context.py agentex/tests/unit/api/test_authentication_cache_metrics.py
uv run --project agentex python - <<'PY' ... runtime check confirmed hasattr(principal, "api_key") == False and model_extra == {}
git diff --check

agentex/tests/integration/api/agents/test_agents_auth_api.py was attempted but did not reach the changed code because local Docker/testcontainers setup could not connect to the Docker socket.

rpatel-scale added 3 commits June 9, 2026 16:23

fix: remove api keys from principal context

5f7e9ee

fix: model principal context without api keys

3108444

test: assert principal context omits api key attributes

206cd79

rpatel-scale closed this Jun 9, 2026