fix(claude_code): Inject x-api-key header in CodingAgentClient requests#119322
Open
sentry[bot] wants to merge 1 commit into
Open
fix(claude_code): Inject x-api-key header in CodingAgentClient requests#119322sentry[bot] wants to merge 1 commit into
sentry[bot] wants to merge 1 commit into
Conversation
CodingAgentClient._send_request was omitting the x-api-key header when calling Anthropic's API, causing 401 Unauthorized errors during autofix on-completion callbacks. The base CodingAgentClient class accepted api_key via constructor (passed by ClaudeCodeAgentIntegration.get_client()) but never injected it into outbound request headers. Other integration clients (Jira, Bitbucket) use finalize_request to inject auth headers — CodingAgentClient now follows the same pattern. Changes: - Accept optional api_key in CodingAgentClient.__init__ - Override finalize_request to inject x-api-key header when api_key is set - Backwards-compatible: subclasses not passing api_key (GitHub Copilot, Cursor) are unaffected since api_key defaults to None Fixes SENTRY-5PJQ
Contributor
Backend Test FailuresFailures on
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
CodingAgentClient(the base API client for coding agent integrations) was not injecting thex-api-keyauthentication header into outbound requests to Anthropic's API, causing 401 Unauthorized errors during autofix on-completion callbacks.Fixes SENTRY-5PJQ
Root Cause
The
ClaudeCodeAgentIntegration.get_client()correctly passesapi_keyfrom the integration metadata to theClaudeCodeClientconstructor. However, theCodingAgentClientbase class — which all coding agent API clients extend — had no mechanism to inject the API key into outbound request headers. The key was accepted by the constructor but never used to authenticate requests.This meant that when
call_on_completion_hookfired after an autofix run completed, the resulting API calls to Anthropic (e.g.,GET /v1/agents/{agent_id}) were sent without the requiredx-api-keyheader, causing Anthropic to return 401.Fix
Added
x-api-keyheader injection toCodingAgentClientusing thefinalize_requesthook — the same pattern used by other Sentry integration clients (Jira, Bitbucket) for injecting authentication headers:__init__: Accepts an optionalapi_keyparameter (defaults toNone), stored asself._api_keyfinalize_request: When_api_keyis set, injectsx-api-keyheader into every outgoing requestThis is backwards-compatible: subclasses that don't pass
api_key(GitHub Copilot usesAuthorization: Bearer, Cursor usesAuthorization: Bearer) are unaffected sinceapi_keydefaults toNone.Tests
Added tests verifying:
finalize_requestaddsx-api-keywhenapi_keyis providedfinalize_requestskips the header when noapi_keyis set_request→finalize_requestpipeline