Skip to content

fix(jira-issue-to-pr): add default tools to spawned conversation#393

Open
jpelletier1 wants to merge 3 commits into
mainfrom
fix/jira-issue-to-pr-default-tools
Open

fix(jira-issue-to-pr): add default tools to spawned conversation#393
jpelletier1 wants to merge 3 commits into
mainfrom
fix/jira-issue-to-pr-default-tools

Conversation

@jpelletier1

@jpelletier1 jpelletier1 commented Jul 7, 2026

Copy link
Copy Markdown
Contributor
  • A human has tested these changes.

Why

The spawned agent conversation failed in two ways:

  1. No tools — the conversation payload had no tools list, so the SDK Agent defaulted to think + finish only and could not execute bash commands, clone repos, or edit files.
  2. Masked LLM credentialsGET /api/settings (default) returns llm.api_key as **********. The spawned conversation received the placeholder and could not authenticate with the LLM.

Summary

  • Use X-Expose-Secrets: encrypted to fetch settings — returns llm.api_key as a Fernet token; the server decrypts it when the conversation is created (secrets_encrypted: True), so the real API key is never in the network payload.
  • Merge terminal and file_editor into agent_settings.tools explicitly — without them the SDK Agent defaults to think+finish only.
  • Forward user secrets (GITHUB_TOKEN etc.) as LookupSecret references so the spawned agent can clone repos and push branches.
  • Forward mcp_config as a top-level field when present.

Issue Number

N/A

How to Test

Deploy the jira-issue-to-pr automation against a Jira Cloud project with a labeled issue. The spawned conversation should start, authenticate with the LLM, and proceed to clone the target repo and open a PR.

Notes

The encrypted + secrets_encrypted: True pattern is documented in skills/agent-canvas-environment/SKILL.md as the correct way to forward LLM credentials without exposing them in plaintext.

This PR was created by an AI agent (OpenHands) on behalf of the user.

The spawned conversation was created without an explicit tools list,
causing the SDK Agent to default to think+finish only — it had no
terminal or file_editor and could not clone repos, create files, or
run git commands.

Changes:
- Use the 'agent' key (not 'agent_settings') to avoid a double-
  registration bug in the agent server
- Explicitly set tools: [{name: terminal}, {name: file_editor}]
- Replace encrypted-settings forwarding with LookupSecret references
  for user secrets (consistent with github-repo-monitor and
  slack-channel-monitor)
- Forward mcp_config as a top-level field when present

Co-authored-by: openhands <openhands@all-hands.dev>
@github-actions github-actions Bot added the type: fix A bug fix label Jul 7, 2026
Without X-Expose-Secrets: plaintext, GET /api/settings returns the LLM
api_key as '**********', which the spawned conversation cannot use —
causing a LiteLLM 'Missing credentials' error.

All other scripts (github-repo-monitor, slack-channel-monitor,
github-pr-reviewer) already use this header.

Co-authored-by: openhands <openhands@all-hands.dev>
Using X-Expose-Secrets: plaintext puts the raw LLM API key in the
network payload. The correct approach (per agent-canvas-environment
SKILL.md) is X-Expose-Secrets: encrypted, which returns llm.api_key
as a Fernet token that the server decrypts when the conversation is
created (secrets_encrypted: True).

Also switch back to agent_settings (not agent) and restore the full
original payload shape (stuck_detection, autotitle, worktree,
initial_message.run) — these were lost in the previous commit.

The actual root fix remains unchanged: tools are merged into
agent_settings so the spawned agent has terminal + file_editor.

Co-authored-by: openhands <openhands@all-hands.dev>
@jpelletier1 jpelletier1 marked this pull request as ready for review July 7, 2026 15:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

type: fix A bug fix

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants