Post-auth shared config patching for the credential proxy.
Applies shared_config_patch from the YAML roster after authentication.
Writes proxy URLs (not secrets) to provider config files so that agents
route API traffic through the credential proxy.
write_proxy_config(provider_name)
Apply shared_config_patch from the YAML roster after auth.
Patches a TOML or YAML config file in the provider's shared config dir
to redirect API traffic through the credential proxy. The patch spec
is declared in the agent YAML — no provider-specific code needed.
Source code in src/terok_agent/proxy_config.py
| def write_proxy_config(provider_name: str) -> None:
"""Apply ``shared_config_patch`` from the YAML roster after auth.
Patches a TOML or YAML config file in the provider's shared config dir
to redirect API traffic through the credential proxy. The patch spec
is declared in the agent YAML — no provider-specific code needed.
"""
from .roster import get_roster
roster = get_roster()
route = roster.proxy_routes.get(provider_name)
if not route or not route.shared_config_patch:
return
auth_info = roster.auth_providers.get(provider_name)
if not auth_info:
return
from terok_sandbox import SandboxConfig, get_proxy_port
from .paths import mounts_dir
cfg = SandboxConfig()
port = get_proxy_port(cfg)
proxy_url = f"http://host.containers.internal:{port}"
patch = route.shared_config_patch
shared_dir = mounts_dir() / auth_info.host_dir_name
config_path = shared_dir / patch["file"]
shared_dir.mkdir(parents=True, exist_ok=True)
if "yaml_set" in patch:
_apply_yaml_patch(config_path, patch, proxy_url)
elif "toml_table" in patch:
_apply_toml_patch(config_path, patch, proxy_url)
print(f"Proxy config written to {config_path}")
|