fix: preserve auth for CLI concurrency sweeps (cherry-pick to release/0.9.0)

[ajcasagrande]

Summary

• Cherry-pick of ea1ce37 from main into release/0.9.0
• Original PR: fix: preserve auth for CLI concurrency sweeps #972 — fix: preserve auth for CLI concurrency sweeps

Conflicts

None — clean cherry-pick.

[github-actions]

Try out this PR

Quick install:

pip install --upgrade --force-reinstall git+https://github.com/ai-dynamo/aiperf.git@0fed122c0c570ea63f5a101fca6a4cfe95dcf093

Recommended with virtual environment (using uv):

uv venv --python 3.12 && source .venv/bin/activate
uv pip install --upgrade --force-reinstall git+https://github.com/ai-dynamo/aiperf.git@0fed122c0c570ea63f5a101fca6a4cfe95dcf093

---

Last updated for commit: 0fed122 • Browse code

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[dynamo-ops]

The change preserves secrets only in the expanded plan, but multi-run execution writes each sweep cell with JSON redaction and only restores endpoint.api_key, so CLI sweeps that authenticate with --header Authorization/X-API-Key or URL userinfo still run with credentials in the subprocess. Fix: forward and restore endpoint.headers and endpoint.urls secrets through the same subprocess secret-injection path used for api_key.

🤖 AI Fix

Update src/aiperf/orchestrator/local_executor.py LocalSubprocessExecutor._run_benchmark_subprocess to pass run.cfg.endpoint.headers and run.cfg.endpoint.urls via private environment variables, update src/aiperf/orchestrator/subprocess_runner.py main to pop those variables and restore run.cfg.endpoint.headers and run.cfg.endpoint.urls after BenchmarkRun.model_validate, and add a regression test covering CLIConfig with headers=[("Authorization", "Bearer token")], a URL containing userinfo, and concurrency="1,2".