feat(server): API key authentication for collector (#130)#131
Merged
Conversation
- server keygen: prints a new ast_-prefixed key (secrets.token_hex) - server --auth-key KEY: enforces Authorization: Bearer on all endpoints - AGENT_STRACE_AUTH_KEY env var: auto-injected into all outbound collector requests (send_event_to_endpoint, send_session_meta_to_endpoint) - No auth = current behaviour unchanged - No new dependencies - 32 tests in tests/test_server_auth.py - docs/server.md: Authentication section - docs/commands.md: server flag reference updated - Version bump 0.51.1 → 0.52.0 Closes #130 Co-authored-by: Ona <no-reply@ona.com>
7 tasks
Siddhant-K-code
added a commit
that referenced
this pull request
May 31, 2026
- integrations/crewai.py: new integration patching Crew.kickoff, Agent.execute_task, and Task.execute_sync to emit session_start, llm_request/response, and tool_call/result events - integrations/langchain.py: add LangGraph StateGraph.compile patch that wraps each compiled node with decision + tool_result events; uninstrument_langchain now properly restores all three patches - integrations/__init__.py: register crewai and langgraph aliases, add instrument_crewai() export, add to _DETECTABLE/_FRAMEWORK_PROBE - pyproject.toml: add crewai optional extra and include in all-integrations Closes #131 Co-authored-by: Ona <no-reply@ona.com>
Owner
Author
|
Fixed in #153, released in v0.56.0. CrewAI: new LangGraph: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Adds API key authentication to
agent-strace server. Prerequisite for the hosted collector (#129).Closes #130
Changes
Server side
agent-strace server keygen— generates a newast_-prefixed key usingsecrets.token_hex(16)agent-strace server --auth-key KEY— enforcesAuthorization: Bearer KEYon all endpoints; requests without it get401AGENT_STRACE_AUTH_KEYenv var — alternative to--auth-keyon the server--auth-key= current unauthenticated behaviour, unchangedClient side
AGENT_STRACE_AUTH_KEYenv var — when set,send_event_to_endpointandsend_session_meta_to_endpointinjectAuthorization: Bearerautomatically into all outbound requests toAGENT_STRACE_ENDPOINT--stream-headersonwatchalready worked; no changes needed thereNo new dependencies —
secrets.token_hexis stdlib.Tests
32 tests in
tests/test_server_auth.py:generate_api_key: prefix, length, hex suffix, uniqueness_auth_headers: env var present/absent/emptycmd_server keygen: returns 0, prints valid key, unique across callssend_event_to_endpointandsend_session_meta_to_endpointfail without env key, succeed with itDocs
docs/server.md: new Authentication section with keygen,--auth-key,AGENT_STRACE_AUTH_KEY, and--stream-headersexamplesdocs/commands.md:serverflag table updated