fix(agent-canvas-env-skill): inject default tools and expose secrets on delegation#362
Closed
neubig wants to merge 2 commits into
Closed
fix(agent-canvas-env-skill): inject default tools and expose secrets on delegation#362neubig wants to merge 2 commits into
neubig wants to merge 2 commits into
Conversation
…on delegation The delegation template in the agent-canvas-environment skill produced delegated conversations that could not do real work: 1. Empty tools: /api/settings returns tools: [] for the persisted profile. The UI populates the tool list at launch time, but API-created conversations get exactly the tools array sent in the payload and the server injects no defaults. The result was a delegated agent that could only call built-in actions (invoke_skill, think, finish) and could not run shell commands, edit files, or browse. Inject the default tool set (terminal, file_editor, task_tracker, canvas_ui, browser_tool_set) into agent_settings.tools. 2. Redacted LLM key: without X-Expose-Secrets: plaintext, /api/settings returns the LLM api_key as **********. Echoing that into the new conversation caused LLMAuthenticationError. Fetch settings with the plaintext header (safe for backend clients that never log the response). Added explanatory notes for both so future editors understand why these two lines are required. Co-authored-by: openhands <openhands@all-hands.dev>
Resolve the agent-canvas-environment skill conflict by keeping the encrypted settings delegation flow and regenerating the skills catalog.\n\nCo-authored-by: openhands <openhands@all-hands.dev>
Member
Author
|
Closing per Graham’s request. This comment was created by an AI agent (OpenHands) on behalf of Graham Neubig. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
The delegation template in the
agent-canvas-environmentskill produced delegated local conversations that could not reliably do real work. A delegated agent could authenticate or invoke a skill, but could end up without execution tools and/or without a usable LLM key.Root causes:
/api/settingscan return an empty persistedtoolslist. Agent Canvas UI launches fill in defaults client-side, but an API-created conversation gets exactly thetoolsarray sent inPOST /api/conversations./api/settingsresponses mask credentials as**********; forwarding that value can create a delegated conversation with an unusable key.Fix
agent_settingsfetched withX-Expose-Secrets: encryptedand sendsecrets_encrypted: true, so the server decrypts the LLM key server-side without exposing plaintext credentials in the script.agent_settings.tools:terminal,file_editor,task_tracker,browser_tool_set, andcanvas_ui.task_tool_setautomatically when sub-agents are enabled.schema_versionandmcp_configfrom forwarded settings to avoid creation-time schema/MCP connection failures.tool_module_qualnamesforcanvas_uiand document how to verify delegated tools/errors.skills/index.jsso the checked-in skills catalog matchesSKILL.md.Evidence
Commands run on this branch:
Live local delegation smoke test using the updated encrypted-settings pattern:
Local links from the smoke test environment:
Issue
Closes #365
This PR description was updated by an AI agent (OpenHands) on behalf of Graham Neubig.