# TODO
## Gondolin POST Secret Substitution
Add a Gondolin host-side request rewriting path for OAuth refresh flows that place secrets in POST bodies.
Why:
- `rho agent-run --sandbox` currently mounts a readable Pi `auth.json` into the guest as a compatibility path
- this is documented in [security.md](/Users/madhavajay/dev/rho/main/docs/security.md) as a known weakness
- Pi `openai-codex` refresh currently posts the refresh token in the body to `https://auth.openai.com/oauth/token`
- Gondolin's built-in secret placeholder mechanism substitutes headers by default, not POST bodies
Observed behavior:
- the Gondolin sandbox reached `auth.openai.com`
- the run failed with `refresh_token_expired`
- so the current network allowlist is sufficient to hit the refresh endpoint, but the long-term non-readable credential path still needs body mediation
Desired follow-up:
- add a custom Gondolin `onRequest` rewrite for `auth.openai.com/oauth/token`
- support form-encoded POST body placeholder substitution for fields like `refresh_token`
- keep the real token on the host side only
- allow Pi inside the guest to use a placeholder or synthetic credential file instead of a readable real `auth.json`
Related future work:
- Pi: add a non-file credential path for `openai-codex`
- Gondolin: consider first-class request-body secret substitution support for known safe content types such as `application/x-www-form-urlencoded`