helexa/helexa
1
0
Fork 0
Code Issues 21 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5c1623a8178b2e80bdaf1bee31cac7353c1f37e8
helexa/crates/cortex-gateway
History
rob thijssen 5c1623a817
All checks were successful
CI / Format (push) Successful in 38s
Details
CI / CUDA type-check (push) Successful in 1m41s
Details
CI / Clippy (push) Successful in 2m20s
Details
CI / Test (push) Successful in 4m37s
Details
CI / Build cortex SRPM (push) Has been skipped
Details
CI / Build neuron SRPM (push) Has been skipped
Details
CI / Publish cortex to COPR (push) Has been skipped
Details
CI / Publish neuron to COPR (push) Has been skipped
Details
CI / Bump version in source (push) Has been skipped
Details
build-prerelease / Resolve version stamps + change detection (push) Successful in 32s
Details
build-prerelease / Lint (fmt + clippy) (push) Successful in 2m21s
Details
build-prerelease / Build neuron-blackwell (push) Has been skipped
Details
build-prerelease / Build neuron-ampere (push) Has been skipped
Details
build-prerelease / Build neuron-ada (push) Has been skipped
Details
build-prerelease / Package helexa-neuron-ada RPM (push) Has been skipped
Details
build-prerelease / Package helexa-neuron-ampere RPM (push) Has been skipped
Details
build-prerelease / Package helexa-neuron-blackwell RPM (push) Has been skipped
Details
build-prerelease / Build helexa-bench binary (push) Has been skipped
Details
build-prerelease / Package helexa-bench RPM (push) Has been skipped
Details
build-prerelease / Build cortex binary (push) Successful in 2m35s
Details
build-prerelease / Test (push) Successful in 4m39s
Details
build-prerelease / Package cortex RPM (push) Successful in 1m25s
Details
build-prerelease / Publish to rpm.lair.cafe (unstable) (push) Successful in 52s
Details
fix(#49): allow-anonymous mode must ignore unrecognized keys, not 401 
Regression from #49: the auth middleware rejected ANY present-but-
unresolvable bearer token with 401 invalid_api_key, even when
require_auth=false. But OpenAI-compatible clients (opencode, Open WebUI,
Agent Zero, litellm) send a placeholder bearer by default — so enabling
the build broke every existing client even though the operator never
opted into auth. Pre-#49 the bearer was never inspected at all.

Fix: in allow-anonymous mode (require_auth=false, the default) an
unrecognized key is now ignored and the request is served anonymously,
restoring pre-#49 behaviour. A bad key only 401s when require_auth=true.
A valid key is still resolved + metered in both modes.

Test renamed/split: unrecognized_key_is_ignored_when_auth_not_required
(now 200, served anonymously) + invalid_key_is_401_when_auth_required.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-17 21:40:34 +03:00
..
src
fix(#49): allow-anonymous mode must ignore unrecognized keys, not 401
2026-06-17 21:40:34 +03:00
tests
fix(#49): allow-anonymous mode must ignore unrecognized keys, not 401
2026-06-17 21:40:34 +03:00
Cargo.toml
feat(#47 phase 1a): EntitlementProvider trait + local/static provider
2026-06-17 19:00:05 +03:00