Verify Ollama API keys on an authenticated endpoint#1940
Conversation
|
Codex review: needs maintainer review before merge. Reviewed July 6, 2026, 8:30 PM ET / 00:30 UTC. Summary Reproducibility: yes. from source: current main sends the bearer token to public Review metrics: 2 noteworthy metrics.
Merge readiness Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch. Rank-up moves:
Risk before merge
Maintainer options:
Next step before merge
Maintainer decision needed
Security Review detailsBest possible solution: Use an authenticated Ollama validator whose auth scope and status semantics maintainers accept as equivalent to CodexBar API-key mode, keeping the focused tests and docs. Do we have a high-confidence way to reproduce the issue? Yes from source: current main sends the bearer token to public Is this the best way to solve the issue? Unclear. Moving validation off the public catalog is the right narrow shape, but AGENTS.md: found and applied where relevant. Codex review notes: model internal, reasoning high; reviewed against 46edb383c0ac. Label changesLabel justifications:
Evidence reviewedWhat I checked:
Likely related people:
What the crustacean ranks mean
Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics. How this review workflow works
Review history (9 earlier review cycles; latest 8 shown)
|
|
@clawsweeper re-review |
|
🦞🧹 I asked ClawSweeper to review this item again. |
23a493a to
8373dd3
Compare
|
@clawsweeper re-review |
|
🦞🧹 I asked ClawSweeper to review this item again. |
|
After-fix CLI proof from the rewritten branch (2026-07-06): This executes the real |
|
@clawsweeper re-review |
|
🦞🧹 I asked ClawSweeper to review this item again. |
|
@clawsweeper re-review |
|
🦞🧹 I asked ClawSweeper to review this item again. |
|
@clawsweeper re-review |
|
@clawsweeper re-review |
|
🦞🧹 I asked ClawSweeper to review this item again. |
The committed proof image was a 1x1 placeholder, not real evidence. Executable test output in the PR description replaces it.
f1a54dd to
1ad231d
Compare
|
@clawsweeper re-review |
|
🦞🧹 I asked ClawSweeper to review this item again. |
Summary
/api/tagscatalog as API-key verification/api/web_searchendpoint without performing a searchProof
Deterministic test run on this branch (injected HTTP transport — no network, no credentials):
The validator POSTs an empty query to
https://ollama.com/api/web_searchwith the Bearer key and only proceeds to/api/tagswhen the response indicates the key is accepted (200/400/422); a 401/403 throwsapiUnauthorizedbefore the catalog fetch.Note for the maintainer
The validator treats 400/422 from
/api/web_searchas "key accepted," on the assumption that those codes only arise from a malformed empty query after auth succeeds. If the endpoint validates the query body before the Bearer token, a 400 would be returned to any caller and the validation would be vacuous. I could not verify Ollama's auth-check ordering without a live key, so flagging it for your judgment. This is also why the bot taggedmerge-risk: compatibility.Testing
swift test --disable-sandbox --filter OllamaUsageFetcherRetryMappingTests(8 passed)swift buildclean