2626# User context sanitization
2727# ---------------------------------------------------------------------------
2828
29+
2930def sanitize_user_context (user_id : str , user_name : str ) -> tuple [str , str ]:
3031 """Validate and sanitize user context fields to prevent injection attacks."""
3132 if user_id :
@@ -49,8 +50,8 @@ def sanitize_user_context(user_id: str, user_name: str) -> tuple[str, str]:
4950
5051# Anthropic API → Vertex AI model name mapping
5152VERTEX_MODEL_MAP : dict [str , str ] = {
53+ "claude-opus-4-6" : "claude-opus-4-6@default" ,
5254 "claude-opus-4-5" : "claude-opus-4-5@20251101" ,
53- "claude-opus-4-1" : "claude-opus-4-1@20250805" ,
5455 "claude-sonnet-4-5" : "claude-sonnet-4-5@20250929" ,
5556 "claude-haiku-4-5" : "claude-haiku-4-5@20251001" ,
5657}
@@ -70,9 +71,7 @@ async def setup_vertex_credentials(context: RunnerContext) -> dict:
7071 Raises:
7172 RuntimeError: If required environment variables are missing.
7273 """
73- service_account_path = context .get_env (
74- "GOOGLE_APPLICATION_CREDENTIALS" , ""
75- ).strip ()
74+ service_account_path = context .get_env ("GOOGLE_APPLICATION_CREDENTIALS" , "" ).strip ()
7675 project_id = context .get_env ("ANTHROPIC_VERTEX_PROJECT_ID" , "" ).strip ()
7776 region = context .get_env ("CLOUD_ML_REGION" , "" ).strip ()
7877
@@ -85,9 +84,7 @@ async def setup_vertex_credentials(context: RunnerContext) -> dict:
8584 "ANTHROPIC_VERTEX_PROJECT_ID must be set when CLAUDE_CODE_USE_VERTEX=1"
8685 )
8786 if not region :
88- raise RuntimeError (
89- "CLOUD_ML_REGION must be set when CLAUDE_CODE_USE_VERTEX=1"
90- )
87+ raise RuntimeError ("CLOUD_ML_REGION must be set when CLAUDE_CODE_USE_VERTEX=1" )
9188
9289 if not Path (service_account_path ).exists ():
9390 raise RuntimeError (
@@ -106,6 +103,7 @@ async def setup_vertex_credentials(context: RunnerContext) -> dict:
106103# Backend credential fetching
107104# ---------------------------------------------------------------------------
108105
106+
109107async def _fetch_credential (context : RunnerContext , credential_type : str ) -> dict :
110108 """Fetch credentials from backend API at runtime.
111109
@@ -117,9 +115,7 @@ async def _fetch_credential(context: RunnerContext, credential_type: str) -> dic
117115 Dictionary with credential data or empty dict if unavailable.
118116 """
119117 base = os .getenv ("BACKEND_API_URL" , "" ).rstrip ("/" )
120- project = os .getenv ("PROJECT_NAME" ) or os .getenv (
121- "AGENTIC_SESSION_NAMESPACE" , ""
122- )
118+ project = os .getenv ("PROJECT_NAME" ) or os .getenv ("AGENTIC_SESSION_NAMESPACE" , "" )
123119 project = project .strip ()
124120 session_id = context .session_id
125121
@@ -157,14 +153,10 @@ def _do_req():
157153
158154 try :
159155 data = _json .loads (resp_text )
160- logger .info (
161- f"Successfully fetched { credential_type } credentials from backend"
162- )
156+ logger .info (f"Successfully fetched { credential_type } credentials from backend" )
163157 return data
164158 except Exception as e :
165- logger .error (
166- f"Failed to parse { credential_type } credential response: { e } "
167- )
159+ logger .error (f"Failed to parse { credential_type } credential response: { e } " )
168160 return {}
169161
170162
@@ -204,8 +196,7 @@ async def fetch_jira_credentials(context: RunnerContext) -> dict:
204196 data = await _fetch_credential (context , "jira" )
205197 if data .get ("apiToken" ):
206198 logger .info (
207- f"Using Jira credentials from backend "
208- f"(url: { data .get ('url' , 'unknown' )} )"
199+ f"Using Jira credentials from backend (url: { data .get ('url' , 'unknown' )} )"
209200 )
210201 return data
211202
@@ -252,9 +243,7 @@ async def fetch_token_for_url(context: RunnerContext, url: str) -> str:
252243 return token
253244
254245 except Exception as e :
255- logger .warning (
256- f"Failed to parse URL { url } : { e } , falling back to GitHub token"
257- )
246+ logger .warning (f"Failed to parse URL { url } : { e } , falling back to GitHub token" )
258247 return os .getenv ("GITHUB_TOKEN" ) or await fetch_github_token (context )
259248
260249
@@ -298,9 +287,7 @@ async def populate_runtime_credentials(context: RunnerContext) -> None:
298287 user_email = google_creds .get ("email" , "" )
299288 if user_email and user_email != _PLACEHOLDER_EMAIL :
300289 os .environ ["USER_GOOGLE_EMAIL" ] = user_email
301- logger .info (
302- f"✓ Set USER_GOOGLE_EMAIL to { user_email } for workspace-mcp"
303- )
290+ logger .info (f"✓ Set USER_GOOGLE_EMAIL to { user_email } for workspace-mcp" )
304291
305292 # Jira credentials
306293 jira_creds = await fetch_jira_credentials (context )
@@ -377,20 +364,15 @@ async def configure_git_identity(user_name: str, user_email: str) -> None:
377364async def fetch_github_token_legacy (context : RunnerContext ) -> str :
378365 """Legacy method — kept for backward compatibility."""
379366 base = os .getenv ("BACKEND_API_URL" , "" ).rstrip ("/" )
380- project = os .getenv ("PROJECT_NAME" ) or os .getenv (
381- "AGENTIC_SESSION_NAMESPACE" , ""
382- )
367+ project = os .getenv ("PROJECT_NAME" ) or os .getenv ("AGENTIC_SESSION_NAMESPACE" , "" )
383368 project = project .strip ()
384369 session_id = context .session_id
385370
386371 if not base or not project or not session_id :
387372 logger .warning ("Cannot fetch GitHub token: missing environment variables" )
388373 return ""
389374
390- url = (
391- f"{ base } /projects/{ project } /agentic-sessions/"
392- f"{ session_id } /github/token"
393- )
375+ url = f"{ base } /projects/{ project } /agentic-sessions/{ session_id } /github/token"
394376 logger .info (f"Fetching GitHub token from legacy endpoint: { url } " )
395377
396378 req = _urllib_request .Request (
0 commit comments