feat(agent): forward any executor route generically [PRD-567]#321
Merged
Conversation
Single catch-all route /_internal/executor/*path → executor /:path verbatim (all verbs), replacing the /runs-confined proxy. Callers address runs as runs/<id>. Mirrors the agent-nodejs reference (1.81.0). - SSRF: string guard (.., %2e, backslash, NUL, leading /) plus an origin check (URI.parse, reject off-origin) that also catches control-char escapes. - Faraday follows no redirects (no FollowRedirects middleware), like the Node agent. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
forest-bot
added a commit
that referenced
this pull request
Jun 26, 2026
# [1.34.0](v1.33.1...v1.34.0) (2026-06-26) ### Features * **agent:** forward any executor route generically [PRD-567] ([#321](#321)) ([9bc904d](9bc904d))
Member
|
🎉 This PR is included in version 1.34.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Ports the generic executor passthrough to the Ruby agent, matching the agent-nodejs reference (agent-nodejs#1707, released 1.81.0).
_internal/executor/*path→ executor/:pathverbatim (all verbs). Replaces the/runs-confined proxy. Callers address runs asruns/<id>, so any executor route (mcp-oauth-credentials, future ones) is reachable with no agent change.Security
//../%2e/%2E/ backslash / NUL →NotFoundError) plus an authoritative origin check (URI.parse, reject unless scheme+host+port match the executor). A decoded control char like\t//hostmakesURI.parseraise → rejected.Tests
24/24 + rubocop clean. Run GET (caller includes
runs/), POST trigger, non-runs route verbatim (asserts no/runsprefix injected), header req/resp filtering, status/body passthrough, SSRF vectors (..,%2e, NUL, control-char\t//evil.com) →NotFoundError, unreachable/timeout/SSL → 503.fixes PRD-567
🤖 Generated with Claude Code
Note
Forward executor routes generically under
/_internal/executorinWorkflowExecutorProxy/_internal/workflow-executionsto/_internal/executorand removes the hardcoded/runsprefix injection, so paths are forwarded verbatim to the configured executor URL.reject_off_origin!to block SSRF by comparing the computed target URL's scheme, host, and port against the configured executor origin, raisingNotFoundErroron mismatch.runs/...) in the request — the proxy no longer prepends it./_internal/workflow-executionsmount point or the automatic/runsprefix will break without a corresponding caller update.🖇️ Linked Issues
Implements PRD-567.
Macroscope summarized eafae3b.