Skip to content

Remove anthropic api token from http auth#564

Open
stuartc wants to merge 2 commits into
mainfrom
worktree-remove-anthropic-token-fallback
Open

Remove anthropic api token from http auth#564
stuartc wants to merge 2 commits into
mainfrom
worktree-remove-anthropic-token-fallback

Conversation

@stuartc

@stuartc stuartc commented Jun 29, 2026

Copy link
Copy Markdown
Member

Short Description

Tightens instance auth so an inbound api_key is only ever treated as a client credential, never forwarded to Anthropic. Drops the old sk-ant- bring-your-own-key path.

Fixes #

Implementation Details

Previously an unknown sk-ant--shaped key was forwarded to the LLM as a bring-your-own key. That path is gone. An api_key now resolves one of four ways:

  • known client → swap in their stored Anthropic key
  • known client with a NULL stored key → 500 (server misconfig, reported to Sentry)
  • unknown key → 401, or 503 if the client store is unreachable (can't verify, so don't guess)
  • no api_key → global ANTHROPIC_API_KEY, else 401

Removed the forward KeyResolution tag and the shape check that went with it. Also trimmed a couple of log lines that were either routine or not actionable: the internal-token mismatch no longer reports to Sentry (it's a config/forgery signal, not a bug), and a max-staleness cache eviction no longer warns (happens whenever the DB lags). Tidied the comments in instance-auth.ts while I was in there.

AI Usage

  • Yes, I have used AI
  • No, I have not used AI

stuartc added 2 commits June 29, 2026 14:20
@stuartc
Auth: reject unknown api_keys instead of forwarding bring-your-own keys
f018af0 
An inbound api_key is now only ever a client credential, never forwarded
to the LLM:

- known client          -> swap in its stored Anthropic key
- known client, NULL key -> 500 (server misconfig, reported to Sentry)
- unknown key            -> 401 (verified unknown) / 503 (store unreachable)
- no api_key             -> global ANTHROPIC_API_KEY, else 401

Drops the sk-ant- shape check and the `forward` KeyResolution tag. Also
trims unactionable logging (internal-token mismatch and max-staleness
eviction no longer warn/report) and tidies comments in instance-auth.ts.
@stuartc
add changeset
7747d7c
@stuartc stuartc changed the title Reject unknown api_keys instead of forwarding them as bring-your-own keys Remove anthropic api token from http auth Jun 29, 2026
@stuartc stuartc requested a review from josephjclark June 29, 2026 12:44
@stuartc stuartc self-assigned this Jun 29, 2026
@stuartc stuartc added this to Core Jun 29, 2026
@github-project-automation github-project-automation Bot moved this to New Issues in Core Jun 29, 2026
@stuartc stuartc moved this from New Issues to In progress in Core Jun 29, 2026
@stuartc stuartc moved this from In progress to In review in Core Jun 29, 2026
josephjclark
josephjclark reviewed Jun 30, 2026
View reviewed changes
Comment thread .changeset/moody-coats-punch.md
@@ -0,0 +1,5 @@
---
"apollo": patch

@josephjclark josephjclark Jun 30, 2026

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

needs to be a major

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@josephjclark josephjclark josephjclark left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@stuartc stuartc

Labels

None yet

Projects

Core
Status: In review

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@stuartc @josephjclark