Skip to content

feat(sdk): add runtime token auth#215

Open
abhinav-galileo wants to merge 4 commits intoabhi/runtime-auth-namespace-cutoverfrom
abhi/python-sdk-runtime-auth
Open

feat(sdk): add runtime token auth#215
abhinav-galileo wants to merge 4 commits intoabhi/runtime-auth-namespace-cutoverfrom
abhi/python-sdk-runtime-auth

Conversation

@abhinav-galileo
Copy link
Copy Markdown
Collaborator

@abhinav-galileo abhinav-galileo commented May 7, 2026
edited
Loading

Summary

  • Add Python SDK runtime auth modes: auto, none, api_key, and jwt.
  • Exchange target-bound runtime tokens for target-bearing evaluation requests.
  • Cache runtime tokens per target, refresh before expiry, and retry once after a rejected runtime JWT.
  • Keep no-target, no-auth, and API-key evaluation paths unchanged.
  • Make the API-key header name configurable.

Stack

Testing

  • make prepush

@abhinav-galileo abhinav-galileo changed the title feat(sdk-python): add runtime token auth feat(sdk): add runtime token auth May 7, 2026
@codecov
Copy link
Copy Markdown

codecov Bot commented May 7, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 98.73950% with 3 lines in your changes missing coverage. Please review.

Files with missing lines Patch % Lines
sdks/python/src/agent_control/runtime_auth.py 98.41% 2 Missing ⚠️
sdks/python/src/agent_control/client.py 98.82% 1 Missing ⚠️

📢 Thoughts on this report? Let us know!

@abhinav-galileo abhinav-galileo force-pushed the abhi/python-sdk-runtime-auth branch 2 times, most recently from 4fffcf2 to 99c86cf Compare May 7, 2026 17:41
@abhinav-galileo abhinav-galileo force-pushed the abhi/runtime-auth-namespace-cutover branch from 09cb289 to 19fa65c Compare May 7, 2026 18:24
@abhinav-galileo abhinav-galileo force-pushed the abhi/python-sdk-runtime-auth branch 3 times, most recently from d52fb6b to 1485279 Compare May 8, 2026 11:22
This was referenced May 8, 2026
Open
Open
@abhinav-galileo abhinav-galileo force-pushed the abhi/runtime-auth-namespace-cutover branch from 259397b to 097b42d Compare May 8, 2026 15:28
@abhinav-galileo abhinav-galileo force-pushed the abhi/python-sdk-runtime-auth branch 2 times, most recently from 73bd51c to 3894dd0 Compare May 8, 2026 16:07
@abhinav-galileo abhinav-galileo force-pushed the abhi/runtime-auth-namespace-cutover branch from af54543 to 479ca86 Compare May 8, 2026 16:57
@abhinav-galileo
feat(sdk-python): add runtime token auth
8d040d0 
Exchange target-bound runtime tokens for evaluation requests when configured, cache them per target, and retry once after a 401.

Keep no-auth and API-key runtime flows on the existing request-auth path when token exchange is unavailable or disabled.
@abhinav-galileo
feat(sdk): make API key header name configurable
e1162ab 
Default stays X-API-Key; pass api_key_header=... or set
AGENT_CONTROL_API_KEY_HEADER to override when the upstream auth
expects a different header.
@abhinav-galileo
fix(sdk): honor API key header for observability
12297d3
@abhinav-galileo
fix(sdk): keep JWT runtime evaluation target-bound
a9796b6
@abhinav-galileo abhinav-galileo force-pushed the abhi/python-sdk-runtime-auth branch from d4b8a66 to a9796b6 Compare May 8, 2026 16:58
@abhinav-galileo abhinav-galileo marked this pull request as ready for review May 8, 2026 18:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@namrataghadi-galileo namrataghadi-galileo Awaiting requested review from namrataghadi-galileo

@lan17 lan17 Awaiting requested review from lan17

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@abhinav-galileo