feat(sandbox): L7 credential injection — query param rewriting and Basic auth encoding

[htekdev]

Summary

Adds two credential injection capabilities to the L7 proxy's SecretResolver, closing the remaining gaps identified in #630 (supersedes #538 and #541).

Query parameter rewriting

Resolves placeholder tokens in URL query parameter values before forwarding upstream. When the sandbox child process constructs a request like:

GET /youtube/v3/search?part=snippet&key=openshell:resolve:env:YOUTUBE_API_KEY HTTP/1.1

The proxy rewrites the request line to inject the real credential:

GET /youtube/v3/search?part=snippet&key=AIzaSy-real-key HTTP/1.1

• Handles URLs with single or multiple query parameters
• Properly percent-encodes resolved secrets per RFC 3986
• Percent-decodes parameter values before placeholder matching
• No rewriting when no placeholders are present (zero overhead)

Basic Authorization header encoding

Supports credentials stored as raw username:password that need base64 encoding for HTTP Basic auth. When the child process constructs:

Authorization: Basic <base64("admin:openshell:resolve:env:DB_PASSWORD")>

The proxy decodes the base64 token, resolves placeholders in the decoded string, and re-encodes:

Authorization: Basic <base64("admin:hunter2")>

• Decodes existing Basic auth tokens to resolve embedded placeholders
• Re-encodes after substitution
• Passes through non-placeholder Basic auth tokens unmodified

What's NOT changed

• No modifications to the network policy file spec
• No proto schema changes
• No changes to the L7 relay logic — both features operate within the existing rewrite_http_header_block flow

Testing

11 new unit tests covering:

• Query param rewriting (single param, multiple params, special characters, no-op cases)
• Basic auth encoding round-trips (placeholder in password, no-op for normal auth, full header block)
• Percent encoding/decoding correctness

Closes #630

[johntmyers]

Is there a UX change here? How would a user use these?

[htekdev]

No ux changed. I am testing this now. Essentially it's extending the reach of credentials injection into query parameters and basic authorization which won't work for credentials injection given query parameters are not headers and basic authentication is encoded base 64.

It's required for github copilot integration seeing thst some calls use user:pat token

Once I confirm it is working in a live env I will ping again

[RPirruccio]

Validated this by cherry-picking 95c7f91 onto v0.0.17 and hot-swapping the built sandbox binary into a running gateway on Ubuntu 24.04, kernel 6.17.0, Docker 29.0.4.

Credential injection works as expected. Sandbox env shows GITHUB_TOKEN=openshell:resolve:env:GITHUB_TOKEN (placeholder only), real token is absent from /proc/self/environ and env output. All 18 unit tests pass.

@htekdev hope this helps with your testing.

[htekdev]

Validated this by cherry-picking 95c7f91 onto v0.0.17 and hot-swapping the built sandbox binary into a running gateway on Ubuntu 24.04, kernel 6.17.0, Docker 29.0.4.

Credential injection works as expected. Sandbox env shows GITHUB_TOKEN=openshell:resolve:env:GITHUB_TOKEN (placeholder only), real token is absent from /proc/self/environ and env output. All 18 unit tests pass.

@htekdev hope this helps with your testing.

Yes. I am running trst and injection seems to work on the env level but I'm finding issues with the actual L7 traffic injection. Example for git they have issues but I'm see it's two separate issues one is ca cert and the other is it authenticated via basic oath flow so it won't perform replacement sent the underline content of the header is encoded.