Skip to content

Add missing auth() calls to file upload/download methods #42

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
OhYee merged 4 commits into from
Jan 22, 2026
Merged

Add missing auth() calls to file upload/download methods #42

OhYee merged 4 commits into from
Jan 22, 2026

Conversation

Copy link
Contributor

Copilot AI commented Jan 22, 2026
edited
Loading

The post_file() and get_file() methods (and async variants) in DataAPI were not calling auth(), causing 401 Unauthorized errors on file_system.upload() and file_system.download() operations.

Changes

  • agentrun/utils/__data_api_async_template.py: Added auth() calls to post_file_async() and get_file_async()
  • agentrun/utils/data_api.py: Regenerated via codegen, propagating auth() to all four methods (sync + async variants)

Implementation

Applied the same authentication pattern used in get_video():

url = self.with_path(path, query=query)
req_headers = self.config.get_headers()
req_headers.update(headers or {})

# Added these 3 lines
cfg = Config.with_configs(self.config, config)
url, req_headers, query = self.auth(url, req_headers, query, config=cfg)

This ensures authentication tokens (X-API-Key or Agentrun-Access-Token) are properly included in file operation requests.

Original prompt

This section details on the original issue you should resolve

<issue_title>post_file() and get_file() methods missing auth() call in DataAPI</issue_title>
<issue_description>## Description

The post_file() and get_file() methods in agentrun/utils/data_api.py do not call the auth() method to add authentication headers, resulting in 401 Unauthorized errors when using file_system.upload() or file_system.download().

Environment

  • agentrun-sdk version: 0.0.14
  • Python version: 3.12
  • OS: Windows 10

Steps to Reproduce

from agentrun.sandbox import Sandbox, TemplateType

# Create sandbox
sandbox = Sandbox.create(
    template_type=TemplateType.AIO,
    template_name="your-template-name",
)
sandbox.__enter__()

# This will fail with 401 error
result = sandbox.file_system.upload(
    local_file_path="local_file.txt",
    target_file_path="/tmp/file.txt"
)

Expected Behavior

File upload/download should work with proper authentication, similar to other API methods.

Actual Behavior

Returns 401 Unauthorized error:

{
  "code": "ERR_UNAUTHORIZED",
  "requestId": "1f34cca5-438c-4535-a885-259c041cd5f9",
  "message": "missing API key in header X-API-Key or query parameter"
}

The error indicates that neither X-API-Key header nor Agentrun-Access-Token header is being sent with the request.

Root Cause Analysis

In agentrun/utils/data_api.py:

Correct implementation (e.g., get_video() at line 1076-1107):

def get_video(self, path, save_path, query=None, headers=None, config=None):
    url = self.with_path(path, query=query)
    req_headers = self.config.get_headers()
    req_headers.update(headers or {})
    # ✅ Correctly calls auth() to add authentication token
    cfg = Config.with_configs(self.config, config)
    url, req_headers, query = self.auth(url, req_headers, query, config=cfg)
    # ... rest of the method

Buggy implementation (post_file() at line 880-935 and get_file() at line 983-1025):

def post_file(self, path, local_file_path, target_file_path, ...):
    url = self.with_path(path, query=query)
    req_headers = self.config.get_headers()
    req_headers.update(headers or {})
    # ❌ Missing auth() call - no authentication token added!
    # Directly proceeds to make request without authentication

Suggested Fix

Add the auth() call to both post_file() / post_file_async() and get_file() / get_file_async() methods:

def post_file(self, path, local_file_path, target_file_path, form_data=None, 
              query=None, headers=None, config=None):
    url = self.with_path(path, query=query)
    req_headers = self.config.get_headers()
    req_headers.update(headers or {})
    
    # Add this line (same as get_video):
    cfg = Config.with_configs(self.config, config)
    url, req_headers, query = self.auth(url, req_headers, query, config=cfg)
    
    # ... rest of the method

Workaround

Until this is fixed, users can work around by ensuring data_api.access_token is initialized before calling file operations:

# After sandbox creation, call any data_api method to trigger token initialization
sandbox.data_api.check_health()

# Now file operations should work (if the token is properly cached)
sandbox.file_system.upload(...)

Affected Methods

Method File Line Status
post_file() data_api.py 880-935 ❌ Missing auth()
post_file_async() data_api.py 821-878 ❌ Missing auth()
get_file() data_api.py 983-1025 ❌ Missing auth()
get_file_async() data_api.py 937-981 ❌ Missing auth()
get_video() data_api.py 1076-1121 ✅ Has auth()
get_video_async() data_api.py 1027-1074 ✅ Has auth()

Impact

  • Users cannot use sandbox.file_system.upload() for uploading files
  • Users cannot use sandbox.file_system.download() for downloading files
  • This affects both CodeInterpreterSandbox and AioSandbox

Discovered while developing LangChain integration with AgentRun sandbox.
</issue_description>

<agent_instructions>将 post_file get_file 移动到 data api 中,并且使用 auth 函数获取鉴权 header</agent_instructions>

Comments on the Issue (you are @copilot in this section)

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

@OhYee
Add auth() calls to post_file and get_file methods
f2e5070 
Co-authored-by: OhYee <13498329+OhYee@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix missing auth call in post_file and get_file methods Add missing auth() calls to file upload/download methods Jan 22, 2026
Copilot AI requested a review from OhYee January 22, 2026 02:02
OhYee added 2 commits January 22, 2026 14:03
@OhYee
refactor: fix synchronous method documentation and import statements
0d77025 
Updated documentation strings to correctly reflect synchronous operations
instead of asynchronous ones across multiple modules. Also updated import
statements to use the correct runtime options module.

fix: 修复同步方法文档和导入语句

更新了多个模块中的文档字符串,正确反映同步操作而不是异步操作。
同时更新了导入语句以使用正确的运行时选项模块。

Change-Id: I38a1ea35939d81b9359634ad80a833bb65278a8e
Signed-off-by: OhYee <oyohyee@oyohyee.com>
@OhYee
feat(sandbox): add CustomSandbox to module exports
4b4b97f 
Add CustomSandbox class to the sandbox module's exports to make it available
for import and use in other parts of the application.

This enables users to utilize the custom sandbox functionality that was
previously not exposed through the main module interface.

feat(sandbox): 添加 CustomSandbox 到模块导出

将 CustomSandbox 类添加到 sandbox 模块的导出中,使其可在应用程序的其他部分导入和使用。

这使用户能够利用以前未通过主模块接口公开的自定义沙箱功能。

Change-Id: Ida6b9787ae39f33e2e6902950c0d114d9508b84a
@OhYee OhYee marked this pull request as ready for review January 22, 2026 07:05
@OhYee OhYee requested a review from Sodawyx January 22, 2026 07:24
@OhYee OhYee merged commit a8c7b0e into main Jan 22, 2026
2 checks passed
@OhYee OhYee deleted the copilot/fix-authentication-in-dataapi branch January 22, 2026 09:27
@XeonYang XeonYang mentioned this pull request Jan 22, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Sodawyx Sodawyx Sodawyx approved these changes

+1 more reviewer

@OhYee OhYee OhYee approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@OhYee OhYee

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

post_file() and get_file() methods missing auth() call in DataAPI

3 participants

@OhYee @Sodawyx