Skip to content

proxy_commands

proxy_commands

Credential proxy CLI commands for terok-agent.

Wraps terok-sandbox proxy lifecycle with agent-level concerns: route generation from the YAML roster is performed before start and install so the proxy always has up-to-date provider config.

scan_leaked_credentials(mounts_base)

Return (provider, host_path) for credential files found in shared mounts.

When the credential proxy is active, real secrets should only live in the proxy's sqlite DB — not in the shared config directories that get mounted into containers. This function checks each routed provider's mount for credential files that would leak real tokens alongside phantom ones.

Files injected by :func:~terok_agent.auth._write_claude_credentials_file are recognised by their dummy accessToken marker and skipped.

Source code in src/terok_agent/proxy_commands.py 
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
def scan_leaked_credentials(mounts_base: Path) -> list[tuple[str, Path]]:
    """Return ``(provider, host_path)`` for credential files found in shared mounts.

    When the credential proxy is active, real secrets should only live in the
    proxy's sqlite DB — not in the shared config directories that get mounted
    into containers.  This function checks each routed provider's mount for
    credential files that would leak real tokens alongside phantom ones.

    Files injected by :func:`~terok_agent.auth._write_claude_credentials_file`
    are recognised by their dummy ``accessToken`` marker and skipped.
    """
    from .roster import get_roster

    roster = get_roster()
    leaked: list[tuple[str, Path]] = []
    for name, route in roster.proxy_routes.items():
        if not route.credential_file:
            continue
        auth = roster.auth_providers.get(name)
        if not auth:
            continue
        try:
            path = mounts_base / auth.host_dir_name / route.credential_file
            if (
                path.is_file()
                and path.stat().st_size > 0
                and not _is_injected_credentials_file(path)
            ):
                leaked.append((name, path))
        except (OSError, TypeError):
            continue
    return leaked