Summary
internal/brokercore/brokercore.go's PassthroughHeaders allowlist (Content-Type, Content-Encoding, Accept, Accept-Encoding, Accept-Language, User-Agent, Idempotency-Key, X-Request-Id) drops any other client-supplied request headers for credentialed (non-passthrough) services. This breaks provider APIs that require non-standard request headers — most notably Anthropic's anthropic-version header which is mandatory on every /v1/messages request.
Repro
agent-vault server -d
# attach api.anthropic.com via API-key auth, x-api-key header, ANTHROPIC_API_KEY credential
agent-vault run --vault default -- curl -s -X POST https://api.anthropic.com/v1/messages \
-H "anthropic-version: 2023-06-01" \
-H "content-type: application/json" \
-d '{"model":"claude-haiku-4-5","max_tokens":3,"messages":[{"role":"user","content":"hi"}]}'Returns:
{"type":"error","error":{"type":"invalid_request_error","message":"anthropic-version: header is required"}}
The cred injection works (no 401), but anthropic-version was dropped during MITM rewriting.
Confirmed via debug log + source review — PassthroughHeaders doesn't include anthropic-version, so it's stripped in the agent → upstream hop.
Suggested fix
Add a per-service config field (e.g., extra_passthrough_headers: ["anthropic-version", "openai-organization", ...]) so service operators can extend the allowlist for the provider they're brokering for. The catalog templates could pre-fill known-required headers per provider.
Workarounds tried
- Sending
Anthropic-Version (capitalized) — also dropped (same allowlist).
- Sending as
X-Anthropic-Version — dropped.
- Sending as a query param — Anthropic API doesn't accept it that way.
Currently the only workaround is fork agent-vault and edit PassthroughHeaders, which violates the no-fork stance for adopters.
Context
I'm adopting agent-vault for a credential brokering layer alongside an egress-policy proxy at SourcePad. The cred-broker is working perfectly otherwise (v0.10.0 commit 2b8e020) — this header-stripping is the one rough edge that makes Anthropic-via-vault fail.
Happy to PR if you want a reviewer's hand on it.
Summary
internal/brokercore/brokercore.go'sPassthroughHeadersallowlist (Content-Type, Content-Encoding, Accept, Accept-Encoding, Accept-Language, User-Agent, Idempotency-Key, X-Request-Id) drops any other client-supplied request headers for credentialed (non-passthrough) services. This breaks provider APIs that require non-standard request headers — most notably Anthropic'santhropic-versionheader which is mandatory on every/v1/messagesrequest.Repro
Returns:
The cred injection works (no 401), but
anthropic-versionwas dropped during MITM rewriting.Confirmed via debug log + source review —
PassthroughHeadersdoesn't includeanthropic-version, so it's stripped in the agent → upstream hop.Suggested fix
Add a per-service config field (e.g.,
extra_passthrough_headers: ["anthropic-version", "openai-organization", ...]) so service operators can extend the allowlist for the provider they're brokering for. The catalog templates could pre-fill known-required headers per provider.Workarounds tried
Anthropic-Version(capitalized) — also dropped (same allowlist).X-Anthropic-Version— dropped.Currently the only workaround is fork agent-vault and edit
PassthroughHeaders, which violates the no-fork stance for adopters.Context
I'm adopting agent-vault for a credential brokering layer alongside an egress-policy proxy at SourcePad. The cred-broker is working perfectly otherwise (v0.10.0 commit 2b8e020) — this header-stripping is the one rough edge that makes Anthropic-via-vault fail.
Happy to PR if you want a reviewer's hand on it.