authMode is documented/defaulted as picod, but the non-warm-pool CodeInterpreter path only enables auth when the field is exactly "picod".
That means an empty authMode can skip the public key check and skip PICOD_AUTH_PUBLIC_KEY injection. The warm-pool path handles this differently: anything except "none" gets the key.
Steps:
- Create/build a CodeInterpreter object with authMode omitted/empty.
- Use the normal non-warm-pool sandbox path.
- Check generated pod env.
Expected:
Empty authMode behaves like picod, and PICOD_AUTH_PUBLIC_KEY is injected.
Actual:
The direct sandbox path treats empty authMode as not picod and does not inject the key.
Fix should probably normalize authMode in one helper and use it in both warm-pool and direct sandbox paths.
authModeis documented/defaulted aspicod, but the non-warm-pool CodeInterpreter path only enables auth when the field is exactly"picod".That means an empty authMode can skip the public key check and skip
PICOD_AUTH_PUBLIC_KEYinjection. The warm-pool path handles this differently: anything except"none"gets the key.Steps:
Expected:
Empty authMode behaves like
picod, andPICOD_AUTH_PUBLIC_KEYis injected.Actual:
The direct sandbox path treats empty authMode as not picod and does not inject the key.
Fix should probably normalize authMode in one helper and use it in both warm-pool and direct sandbox paths.