security: fix SSRF, logging, path injection + resolve PR #824 build issues

[KooshaPari]

Summary

• Fix 38 CodeQL security alerts (SSRF, clear-text logging, path injection, weak hashing)
• Stub out dead internal/auth/ files (superseded by pkg/llmproxy/auth/)
• Fix build failures from PR refactor: extract kiro auth module and migrate Qwen to BaseTokenStorage #824: wrong import path in usage/metrics.go, duplicate kiro auth functions, missing BaseTokenStorage in go-kit
• Wire sticky-round-robin load balancer

Changes

• Security hardening across auth, executor, and watcher packages
• Remove ~500 LOC duplicate kiro auth functions from kiro_executor.go (already in kiro_auth.go)
• Fix QwenTokenStorage to use embedded BaseTokenStorage from go-kit
• Fix upstream import path in usage/metrics.go

Test plan

• go build ./... passes
• go vet ./... passes
• CI checks pass

🤖 Generated with Claude Code

Summary by CodeRabbit

• Removed Features

  • Anthropic (Claude), GitHub Copilot, and Google Gemini authentication support removed.

• New Features

  • Sticky round-robin routing selector.
  • Multi-provider execution with retries and streaming; API-key model alias resolution; background auth refresh and management.

• Bug Fixes / Privacy

  • Path traversal protections for files and logs; enforced HTTPS/host checks for custom service URLs.
  • AWS region validation; sensitive headers, client IDs, model identifiers, and session fields redacted in logs.

• Chores

  • Token storage and struct reshaping; import/path updates; expanded CI and CodeQL configs.

[gemini-code-assist]

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Removes Claude, Copilot, and Gemini internal auth implementations and token storages; refactors Qwen token storage into a new BaseTokenStorage; removes dynamic fingerprinting and token-refresh scaffolding from Kiro executor; adds a multi-provider conductor (selection, execution, refresh, result, HTTP/management); and introduces logging, path-containment, routing, and sanitization improvements.

Changes

Cohort / File(s)	Summary
Internal auth deletions internal/auth/claude/anthropic_auth.go, internal/auth/claude/token.go, internal/auth/copilot/..., internal/auth/gemini/...	Complete removal of Claude, Copilot, and Gemini OAuth/device-flow implementations and their token storage types, constructors, exchanges, refreshes, device-flow logic, and helpers.
Conductor (new large subsystem) sdk/cliproxy/auth/conductor_*.go	Adds full conductor: Execute/ExecuteCount/ExecuteStream, selection (pickNext/pickNextMixed), retry/cooldown, executor registration/management, HTTP credential injection, background auto-refresh, result marking, and many helper utilities for auth lifecycle and quota handling.
API-key model aliasing (new) sdk/cliproxy/auth/conductor_apikey.go	Adds API-key-based model alias resolution with runtime rebuilds, in-memory alias table, and provider-specific resolution helpers to remap requested models for API-key auths.
Conductor selection & helpers (new) sdk/cliproxy/auth/conductor_selection.go, ..._helpers.go, ..._management.go, ..._result.go, ..._execution.go, ..._http.go, ..._refresh.go	Implements provider normalization, selection algorithms, session management, persistence hooks, result state transitions, and auto-refresh scheduling/execution.
Qwen token storage refactor pkg/llmproxy/auth/qwen/qwen_token.go, pkg/llmproxy/auth/qwen/qwen_auth.go, pkg/llmproxy/auth/qwen/*_test.go	Introduces new BaseTokenStorage with Save(); QwenTokenStorage now embeds BaseTokenStorage and adds Email; constructors and SaveTokenToFile updated; tests adjusted.
Kiro executor simplification pkg/llmproxy/executor/kiro_executor.go, pkg/llmproxy/executor/kiro_transform.go, pkg/llmproxy/executor/kiro_streaming.go, pkg/llmproxy/executor/kiro_auth.go	Removes dynamic fingerprinting, PrepareRequest/HttpRequest, token refresh/persistence and related helpers; fixes import aliases and trims related wiring.
Security & path containment sdk/auth/filestore.go, pkg/llmproxy/logging/request_logger.go, pkg/llmproxy/executor/antigravity_executor.go	Adds containment checks for filestore delete path and log file path, validates Antigravity custom base_url, and trims/validates returned base_url values.
Logging sanitization & redaction pkg/llmproxy/executor/logging_helpers.go, pkg/llmproxy/registry/model_registry.go, pkg/llmproxy/thinking/apply.go, pkg/llmproxy/executor/codex_websockets_executor.go	Redacts sensitive headers and client/model identifiers in logs, sanitizes websocket log fields, and uses util.RedactAPIKey in select log messages.
Selector & routing additions sdk/cliproxy/auth/selector.go, sdk/cliproxy/service.go	Adds NewStickyRoundRobinSelector constructor and initializes Sticky Round Robin selector for routing strategy aliases ("sticky-round-robin","stickyroundrobin","srr").
Filestore & repo ignore tweaks .gitignore, sdk/auth/filestore.go	.gitignore entries anchored to repo root; filestore delete-path tightened to enforce containment within base directory.
Minor style/test adjustments multiple pkg/llmproxy/* test and handler files	Mostly moved some struct field assignments out of composite literals into subsequent statements; small error-string relaxations in tests.
Import path updates many pkg/llmproxy/auth/* files, pkg/llmproxy/usage/metrics.go	Replaced internal/config imports with pkg/llmproxy/config and updated util import path; no logic changes.
CI / workflows / CodeQL .github/workflows/*, .github/codeql/codeql-config.yml	Adds new CI jobs (pr-test-build matrix), introduces CodeQL config file and references it from workflow, and small workflow logic adjustments.
Other misc fixes pkg/llmproxy/watcher/*, pkg/llmproxy/api/server.go, pkg/llmproxy/api/handlers/management/*	Renames API-key-count locals to client counts, adds comments/annotations around SHA256 usage, and minor handler struct initialization ordering changes.

Sequence Diagram(s)

sequenceDiagram
  rect rgba(200,200,255,0.5)
  participant Client
  end
  rect rgba(200,255,200,0.5)
  participant Manager
  participant Selector
  participant Executor
  end
  rect rgba(255,200,200,0.5)
  participant ProviderAPI
  end

  Client->>Manager: Execute(request, providers, opts)
  Manager->>Selector: pickNextMixed(providers, model)
  Selector-->>Manager: selected Auth + Provider
  Manager->>Executor: PrepareHttpRequest / InjectCredentials
  Executor->>ProviderAPI: Execute/Stream/Count request
  ProviderAPI-->>Executor: response / stream chunks
  Executor-->>Manager: response or streaming result
  Manager->>Manager: MarkResult(result)
  Manager-->>Client: final response or proxied stream

Loading

Estimated code review effort

🎯 5 (Critical) | ⏱️ ~120 minutes

Possibly related PRs

• refactor: integrate phenotype-go-kit for auth DRY #822 — Directly related: touches/removes the same internal auth/token implementations (Claude/Copilot/Gemini) modified here.
• ci: sync branch feat/clean-base-1698-strip-empty-messages-rebase #517 — Directly related: prior Copilot/Claude auth work that this change reverts or deletes.
• Replay: 12 upstream features (routing, retries, schema fixes) #696 — Related: overlaps on selector (sticky-round-robin) and conductor/execution/refresh behavior.

Poem

🐰 I hopped through code with nimble feet,

Old auths cleared, new conductors meet,
Tokens tucked where bases nest,
Logs now whisper, paths are blessed,
Sticky hops keep sessions sweet. 🥕

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 72.50% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title clearly summarizes the main security improvements and build resolution work, covering SSRF, logging, path injection fixes and PR #824 build issue resolution.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch phase1-pkg-consolidation

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

This PR appears to remove an entire checked-in worktree snapshot (.worktrees/config/m/config-build/active/...) containing server code, docs, scripts, CI workflows, and examples—likely to eliminate unintended/duplicate sources that were contributing to security alerts and build failures.

Changes:

• Removed the .worktrees/config/m/config-build/active/ tree (Go sources, tests, module files, tooling, CI workflows, docs, and examples).
• Deleted legacy Amp routing/module implementation and associated tests within that snapshot.
• Removed management handlers/middleware, release tooling, and Docker/example assets from the snapshot.

Reviewed changes

Copilot reviewed 106 out of 1273 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
.worktrees/config/m/config-build/active/internal/api/modules/amp/proxy.go	Removed worktree snapshot file (Amp reverse proxy implementation).
.worktrees/config/m/config-build/active/internal/api/modules/amp/model_mapping.go	Removed worktree snapshot file (Amp model mapping).
.worktrees/config/m/config-build/active/internal/api/modules/amp/gemini_bridge_test.go	Removed worktree snapshot test file.
.worktrees/config/m/config-build/active/internal/api/modules/amp/gemini_bridge.go	Removed worktree snapshot file (Gemini bridge handler).
.worktrees/config/m/config-build/active/internal/api/modules/amp/fallback_handlers_test.go	Removed worktree snapshot test file.
.worktrees/config/m/config-build/active/internal/api/modules/amp/fallback_handlers.go	Removed worktree snapshot file (Amp fallback routing).
.worktrees/config/m/config-build/active/internal/api/modules/amp/amp_test.go	Removed worktree snapshot test file.
.worktrees/config/m/config-build/active/internal/api/middleware/response_writer_test.go	Removed worktree snapshot test file.
.worktrees/config/m/config-build/active/internal/api/middleware/request_logging_test.go	Removed worktree snapshot test file.
.worktrees/config/m/config-build/active/internal/api/middleware/request_logging.go	Removed worktree snapshot file (request logging middleware).
.worktrees/config/m/config-build/active/internal/api/handlers/management/vertex_import.go	Removed worktree snapshot file (Vertex import handler).
.worktrees/config/m/config-build/active/internal/api/handlers/management/usage.go	Removed worktree snapshot file (usage export/import handlers).
.worktrees/config/m/config-build/active/internal/api/handlers/management/quota.go	Removed worktree snapshot file (quota toggles).
.worktrees/config/m/config-build/active/internal/api/handlers/management/oauth_sessions.go	Removed worktree snapshot file (OAuth session store).
.worktrees/config/m/config-build/active/internal/api/handlers/management/oauth_callback.go	Removed worktree snapshot file (OAuth callback handler).
.worktrees/config/m/config-build/active/internal/api/handlers/management/model_definitions.go	Removed worktree snapshot file (static model definitions handler).
.worktrees/config/m/config-build/active/internal/api/handlers/management/handler.go	Removed worktree snapshot file (management handler + auth middleware).
.worktrees/config/m/config-build/active/internal/api/handlers/management/config_basic.go	Removed worktree snapshot file (management config endpoints).
.worktrees/config/m/config-build/active/internal/api/handlers/management/api_tools_test.go	Removed worktree snapshot test file.
.worktrees/config/m/config-build/active/internal/api/handlers/management/api_tools_cbor_test.go	Removed worktree snapshot test file.
.worktrees/config/m/config-build/active/internal/access/reconcile.go	Removed worktree snapshot file (access provider reconciliation).
.worktrees/config/m/config-build/active/internal/access/config_access/provider.go	Removed worktree snapshot file (config API key access provider).
.worktrees/config/m/config-build/active/go.mod	Removed nested worktree module definition.
.worktrees/config/m/config-build/active/examples/windows/cliproxyapi-plusplus-service.ps1	Removed worktree snapshot example script.
.worktrees/config/m/config-build/active/examples/translator/main.go	Removed worktree snapshot example.
.worktrees/config/m/config-build/active/examples/systemd/cliproxyapi-plusplus.service	Removed worktree snapshot systemd unit example.
.worktrees/config/m/config-build/active/examples/systemd/cliproxyapi-plusplus.env	Removed worktree snapshot env example.
.worktrees/config/m/config-build/active/examples/process-compose.yaml	Removed worktree snapshot example.
.worktrees/config/m/config-build/active/examples/process-compose.dev.yaml	Removed worktree snapshot example.
.worktrees/config/m/config-build/active/examples/launchd/com.router-for-me.cliproxyapi-plusplus.plist	Removed worktree snapshot launchd plist example.
.worktrees/config/m/config-build/active/examples/http-request/main.go	Removed worktree snapshot example.
.worktrees/config/m/config-build/active/examples/custom-provider/main.go	Removed worktree snapshot example.
.worktrees/config/m/config-build/active/docker-init.sh	Removed worktree snapshot Docker init script.
.worktrees/config/m/config-build/active/docker-compose.yml	Removed worktree snapshot Docker compose file.
.worktrees/config/m/config-build/active/docker-build.sh	Removed worktree snapshot Docker build script.
.worktrees/config/m/config-build/active/docker-build.ps1	Removed worktree snapshot Docker build script (PowerShell).
.worktrees/config/m/config-build/active/contracts/cliproxyctl-response.schema.json	Removed worktree snapshot contract/schema.
.worktrees/config/m/config-build/active/cmd/server/config_validate_test.go	Removed worktree snapshot test file.
.worktrees/config/m/config-build/active/cmd/server/config_validate.go	Removed worktree snapshot file (config validation).
.worktrees/config/m/config-build/active/cmd/server/config_path_test.go	Removed worktree snapshot test file.
.worktrees/config/m/config-build/active/cmd/server/config_path.go	Removed worktree snapshot file (config path resolution).
.worktrees/config/m/config-build/active/cmd/releasebatch/main_test.go	Removed worktree snapshot test file.
.worktrees/config/m/config-build/active/cmd/releasebatch/main.go	Removed worktree snapshot file (release batch tool).
.worktrees/config/m/config-build/active/cmd/codegen/main.go	Removed worktree snapshot file (codegen tool).
.worktrees/config/m/config-build/active/cliproxyctl/main_test.go	Removed worktree snapshot test file.
.worktrees/config/m/config-build/active/cliproxyctl/main.go	Removed worktree snapshot file (cliproxyctl CLI).
.worktrees/config/m/config-build/active/api/openapi.yaml	Removed worktree snapshot OpenAPI spec.
.worktrees/config/m/config-build/active/SECURITY.md	Removed worktree snapshot security policy doc.
.worktrees/config/m/config-build/active/README_FA.md	Removed worktree snapshot README (FA).
.worktrees/config/m/config-build/active/README_CN.md	Removed worktree snapshot README (CN).
.worktrees/config/m/config-build/active/README.md	Removed worktree snapshot README.
.worktrees/config/m/config-build/active/LICENSE	Removed worktree snapshot license file.
.worktrees/config/m/config-build/active/Dockerfile	Removed worktree snapshot Dockerfile.
.worktrees/config/m/config-build/active/CONTRIBUTING.md	Removed worktree snapshot contributing guide.
.worktrees/config/m/config-build/active/CHANGELOG.md	Removed worktree snapshot changelog.
.worktrees/config/m/config-build/active/.pre-commit-config.yaml	Removed worktree snapshot pre-commit config.
.worktrees/config/m/config-build/active/.goreleaser.yml	Removed worktree snapshot GoReleaser config.
.worktrees/config/m/config-build/active/.golangci.yml	Removed worktree snapshot golangci-lint config.
.worktrees/config/m/config-build/active/.gitignore	Removed worktree snapshot gitignore.
.worktrees/config/m/config-build/active/.github/workflows/vitepress-pages.yml	Removed worktree snapshot workflow.
.worktrees/config/m/config-build/active/.github/workflows/required-check-names-guard.yml	Removed worktree snapshot workflow.
.worktrees/config/m/config-build/active/.github/workflows/release.yaml	Removed worktree snapshot workflow.
.worktrees/config/m/config-build/active/.github/workflows/release-batch.yaml	Removed worktree snapshot workflow.
.worktrees/config/m/config-build/active/.github/workflows/pr-test-build.yml	Removed worktree snapshot workflow.
.worktrees/config/m/config-build/active/.github/workflows/pr-path-guard.yml	Removed worktree snapshot workflow.
.worktrees/config/m/config-build/active/.github/workflows/generate-sdks.yaml	Removed worktree snapshot workflow.
.worktrees/config/m/config-build/active/.github/workflows/docker-image.yml	Removed worktree snapshot workflow.
.worktrees/config/m/config-build/active/.github/workflows/codeql.yml	Removed worktree snapshot workflow.
.worktrees/config/m/config-build/active/.github/workflows/ci-rerun-flaky.yml	Removed worktree snapshot workflow.
.worktrees/config/m/config-build/active/.github/scripts/tests/fixtures/open-items-parity/pass-status-implemented.md	Removed worktree snapshot fixture.
.worktrees/config/m/config-build/active/.github/scripts/tests/fixtures/open-items-parity/pass-hash-status-done.md	Removed worktree snapshot fixture.
.worktrees/config/m/config-build/active/.github/scripts/tests/fixtures/open-items-parity/fail-status-partial.md	Removed worktree snapshot fixture.
.worktrees/config/m/config-build/active/.github/scripts/tests/fixtures/open-items-parity/fail-missing-status.md	Removed worktree snapshot fixture.
.worktrees/config/m/config-build/active/.github/scripts/tests/check-wave80-lane-f-cpb-0546-0555.sh	Removed worktree snapshot test script.
.worktrees/config/m/config-build/active/.github/scripts/tests/check-wave80-lane-e-cpb-0581-0590.sh	Removed worktree snapshot test script.
.worktrees/config/m/config-build/active/.github/scripts/tests/check-wave80-lane-d-cpb-0556-0610.sh	Removed worktree snapshot test script.
.worktrees/config/m/config-build/active/.github/scripts/tests/check-open-items-fragmented-parity-test.sh	Removed worktree snapshot test script.
.worktrees/config/m/config-build/active/.github/scripts/tests/check-lane-f2-cpb-0691-0700.sh	Removed worktree snapshot test script.
.worktrees/config/m/config-build/active/.github/scripts/release-lint.sh	Removed worktree snapshot script.
.worktrees/config/m/config-build/active/.github/scripts/check-workflow-token-permissions.sh	Removed worktree snapshot script.
.worktrees/config/m/config-build/active/.github/scripts/check-phase-doc-placeholder-tokens.sh	Removed worktree snapshot script.
.worktrees/config/m/config-build/active/.github/scripts/check-open-items-fragmented-parity.sh	Removed worktree snapshot script.
.worktrees/config/m/config-build/active/.github/scripts/check-docs-secret-samples.sh	Removed worktree snapshot script.
.worktrees/config/m/config-build/active/.github/scripts/check-distributed-critical-paths.sh	Removed worktree snapshot script.
.worktrees/config/m/config-build/active/.github/scripts/check-approved-external-endpoints.sh	Removed worktree snapshot script.
.worktrees/config/m/config-build/active/.github/required-checks.txt	Removed worktree snapshot manifest.
.worktrees/config/m/config-build/active/.github/release-required-checks.txt	Removed worktree snapshot manifest.
.worktrees/config/m/config-build/active/.github/policies/approved-external-endpoints.txt	Removed worktree snapshot policy file.
.worktrees/config/m/config-build/active/.github/dependabot.yml	Removed worktree snapshot dependabot config.
.worktrees/config/m/config-build/active/.github/ISSUE_TEMPLATE/bug_report.md	Removed worktree snapshot issue template.
.worktrees/config/m/config-build/active/.github/FUNDING.yml	Removed worktree snapshot funding config.
.worktrees/config/m/config-build/active/.env.example	Removed worktree snapshot env example.
.worktrees/config/m/config-build/active/.dockerignore	Removed worktree snapshot dockerignore.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

Actionable comments posted: 11

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (8)

sdk/cliproxy/service.go (1)

597-613: ⚠️ Potential issue | 🔴 Critical

Sticky strategy never activates due to normalization.

Line 597-603 rewrites unknown strategies to round-robin, so sticky-round-robin / stickyroundrobin / srr never reach Line 612. Result: sticky routing is not applied on reload.

Proposed fix

 		normalizeStrategy := func(strategy string) string {
 			switch strategy {
 			case "fill-first", "fill_first", "fillfirst", "ff":
 				return "fill-first"
+			case "sticky-round-robin", "stickyroundrobin", "srr":
+				return "sticky-round-robin"
 			default:
 				return "round-robin"
 			}
 		}
@@
 			switch nextStrategy {
 			case "fill-first":
 				selector = &coreauth.FillFirstSelector{}
-			case "sticky-round-robin", "stickyroundrobin", "srr":
+			case "sticky-round-robin":
 				selector = coreauth.NewStickyRoundRobinSelector(1000)
 			default:
 				selector = &coreauth.RoundRobinSelector{}
 			}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@sdk/cliproxy/service.go` around lines 597 - 613, The normalizeStrategy
function currently maps unknown strategies to "round-robin", which prevents
sticky variants from being recognized; update normalizeStrategy (used for
previousStrategy and nextStrategy) to map "sticky-round-robin",
"stickyroundrobin", and "srr" to a canonical value like "sticky-round-robin"
instead of falling through to "round-robin" so that the switch on nextStrategy
can hit the case that constructs coreauth.NewStickyRoundRobinSelector(1000);
ensure the canonical string used in normalizeStrategy exactly matches the case
label in the selector switch and leave other mappings (e.g., fill-first
variants) unchanged.

pkg/llmproxy/executor/kiro_transform.go (1)

60-80: ⚠️ Potential issue | 🔴 Critical

Validate AWS region in resolveKiroAPIRegion before constructing URLs.

The function accepts region from auth.Metadata["api_region"] and extractRegionFromProfileARN() without validation before passing to buildKiroEndpointConfigs(). This enables SSRF attacks: a malicious region like "evil.com/path#" would produce https://q.evil.com/path#.amazonaws.com/generateAssistantResponse.

The codebase already has isValidAWSRegion() in pkg/llmproxy/auth/kiro/sso_oidc.go:111 that validates region format (lowercase letters, digits, hyphens only). Apply this validation to resolveKiroAPIRegion() before returning the region value.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/llmproxy/executor/kiro_transform.go` around lines 60 - 80,
resolveKiroAPIRegion currently returns unvalidated region strings (from
auth.Metadata["api_region"] and extractRegionFromProfileARN()) which are later
used by buildKiroEndpointConfigs to construct URLs; validate the candidate
region with isValidAWSRegion (from pkg/llmproxy/auth/kiro/sso_oidc.go) inside
resolveKiroAPIRegion and only return it if the check passes, otherwise fall back
to kiroDefaultRegion—this ensures buildKiroEndpointConfigs never receives an
unvalidated region and prevents SSRF via crafted region values.

pkg/llmproxy/logging/request_logger.go (1)

309-361: ⚠️ Potential issue | 🟠 Major

Missing path containment guard in LogStreamingRequest.

The non-streaming logRequest method now validates that filePath stays within logsDir (lines 232-236), but this streaming counterpart constructs filePath the same way (line 321) without the equivalent guard. For consistent security hardening, add the same check here.

🛡️ Proposed fix

 	// Generate filename with request ID
 	filename := l.generateFilename(url, requestID)
 	filePath := filepath.Join(l.logsDir, filename)
+	// Guard: ensure the resolved log file path stays within the logs directory.
+	cleanLogsDir := filepath.Clean(l.logsDir)
+	if !strings.HasPrefix(filepath.Clean(filePath), cleanLogsDir+string(os.PathSeparator)) {
+		return nil, fmt.Errorf("log file path escapes logs directory")
+	}

 	requestHeaders := make(map[string][]string, len(headers))

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/llmproxy/logging/request_logger.go` around lines 309 - 361, In
FileRequestLogger.LogStreamingRequest ensure the constructed filePath remains
inside l.logsDir (same containment guard used in logRequest) to prevent path
traversal: after computing filename := l.generateFilename(...) and filePath :=
filepath.Join(l.logsDir, filename) resolve both to absolute paths (filepath.Abs)
or use filepath.Rel to get the relative path and if it begins with ".." (or Rel
returns an error) return an error and clean up any temp files created
(requestBodyPath/responseBodyFile) before returning; update the error message to
match the style used in logRequest and reference the symbols
FileRequestLogger.LogStreamingRequest, filename, filePath, l.logsDir,
requestBodyPath, and responseBodyFile when making the change.

pkg/llmproxy/auth/kiro/token.go (1)

162-168: 🧹 Nitpick | 🔵 Trivial

Remove unused function cleanAuthPath (lines 162-168).

This function is defined but never called anywhere in the codebase. The file consistently uses cleanTokenPath for path sanitization instead, which provides additional validation (scope parameter, empty string check). Removing cleanAuthPath eliminates dead code and reduces maintenance burden.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/llmproxy/auth/kiro/token.go` around lines 162 - 168, Remove the dead
helper function cleanAuthPath by deleting its entire definition; references in
this file already use cleanTokenPath which performs the needed sanitization and
validation (including scope parameter and empty-check), so ensure no other code
calls cleanAuthPath and run tests/typecheck to confirm removal is safe.

sdk/auth/filestore.go (1)

287-316: ⚠️ Potential issue | 🟠 Major

FileTokenStore.resolveAuthPath lacks path containment validation that exists in resolveDeletePath.

The method returns absolute paths from auth.Attributes["path"], auth.FileName, or auth.ID without validating they remain within the base directory. This allows callers to save auth files anywhere on the filesystem.

Compare with resolveDeletePath (lines 184-186), which validates path containment. GitTokenStore's resolveAuthPath already handles this correctly using ensurePathWithinDir(). Apply the same pattern to FileTokenStore to ensure all resolved paths stay within the configured base directory.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@sdk/auth/filestore.go` around lines 287 - 316, FileTokenStore.resolveAuthPath
currently returns paths from auth.Attributes["path"], auth.FileName, or auth.ID
without ensuring they are contained in the configured base directory; update it
to mirror resolveDeletePath/GitTokenStore behavior by resolving any candidate
path (from auth.Attributes["path"], auth.FileName when joined with
baseDirSnapshot(), or auth.ID) to an absolute path and then call
ensurePathWithinDir(baseDirSnapshot(), resolvedPath) to validate containment,
returning an error if validation fails; use the same error messages/flow as
resolveDeletePath when baseDirSnapshot() is empty or containment check fails.

pkg/llmproxy/auth/qwen/qwen_auth_test.go (1)

66-66: 🧹 Nitpick | 🔵 Trivial

Variable auth shadows the imported auth package.

The variable auth := NewQwenAuth(...) shadows the imported auth package from line 13. While this works because the package isn't used after this point in the function, it's confusing and error-prone. The same issue occurs on lines 96 and 132.

♻️ Proposed fix to rename the variable

-	auth := NewQwenAuth(nil, client)
-	resp, err := auth.InitiateDeviceFlow(context.Background())
+	qa := NewQwenAuth(nil, client)
+	resp, err := qa.InitiateDeviceFlow(context.Background())

Apply similar changes to lines 96 and 132.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/llmproxy/auth/qwen/qwen_auth_test.go` at line 66, The local variable
named auth shadows the imported auth package; rename the variable returned by
NewQwenAuth to a non-conflicting identifier (e.g., qwenAuth or qwenAuthClient)
wherever it's declared (the NewQwenAuth(...) calls in this test file — the three
places shown), and update all subsequent uses in those tests to the new name so
the imported auth package remains unshadowed and the tests compile.

pkg/llmproxy/auth/qwen/qwen_auth.go (1)

366-371: ⚠️ Potential issue | 🟠 Major

UpdateTokenStorage accesses fields that are now embedded in BaseTokenStorage.

After the refactoring, AccessToken, RefreshToken, LastRefresh, and Expire are fields of the embedded *auth.BaseTokenStorage, not direct fields of QwenTokenStorage. While Go's field promotion allows direct access when the embedded pointer is non-nil, this code will panic if storage.BaseTokenStorage is nil.

Additionally, this creates an inconsistency: CreateTokenStorage creates a new BaseTokenStorage object, but UpdateTokenStorage modifies fields directly. If BaseTokenStorage is nil, this will cause a nil pointer dereference.

🛡️ Proposed fix to add nil check and ensure consistency

 func (o *QwenAuth) UpdateTokenStorage(storage *QwenTokenStorage, tokenData *QwenTokenData) {
+	if storage.BaseTokenStorage == nil {
+		storage.BaseTokenStorage = &auth.BaseTokenStorage{}
+	}
 	storage.AccessToken = tokenData.AccessToken
 	storage.RefreshToken = tokenData.RefreshToken
 	storage.LastRefresh = time.Now().Format(time.RFC3339)
 	storage.ResourceURL = tokenData.ResourceURL
 	storage.Expire = tokenData.Expire
 }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/llmproxy/auth/qwen/qwen_auth.go` around lines 366 - 371, The
UpdateTokenStorage method in QwenAuth currently writes promoted fields
(AccessToken, RefreshToken, LastRefresh, Expire) directly on QwenTokenStorage
which will panic if storage.BaseTokenStorage is nil; update
QwenAuth.UpdateTokenStorage to check if storage.BaseTokenStorage == nil and
allocate &auth.BaseTokenStorage{} (or call the same initialization used in
CreateTokenStorage) before assigning, and then set the fields on
storage.BaseTokenStorage (or via the promoted names once initialized) and also
set ResourceURL on the QwenTokenStorage as currently done to keep behavior
consistent with CreateTokenStorage.

pkg/llmproxy/auth/qwen/qwen_token.go (1)

50-62: ⚠️ Potential issue | 🟠 Major

SaveTokenToFile validates authFilePath but doesn't use the validated result for saving.

The function calls cleanTokenFilePath() to validate and clean the path, but discards the returned value. It then delegates to ts.BaseTokenStorage.Save() which uses the path stored in BaseTokenStorage from initialization, not the validated authFilePath parameter. This is inconsistent with other TokenStorage implementations in the codebase (Codex, IFlow, Vertex) which all validate AND use the provided path directly. As a result, the path validation is ineffective—the file saves to whatever path BaseTokenStorage was initialized with, ignoring the authFilePath parameter passed to this method. Update the implementation to either (1) set the path on BaseTokenStorage before calling Save(), or (2) use the cleaned path directly like other implementations do.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/llmproxy/auth/qwen/qwen_token.go` around lines 50 - 62, The
SaveTokenToFile method on QwenTokenStorage validates authFilePath via
cleanTokenFilePath but ignores the returned cleaned path and thus saves using
the BaseTokenStorage's existing path; update SaveTokenToFile so it uses the
cleaned path before delegating to BaseTokenStorage.Save(): call
cleanTokenFilePath(authFilePath, "qwen token"), assign the returned cleaned path
to ts.BaseTokenStorage.Path (or the equivalent field used by BaseTokenStorage)
and set ts.BaseTokenStorage.Type = "qwen", then call ts.BaseTokenStorage.Save()
so the provided/validated path is actually used; keep the nil-check for
ts.BaseTokenStorage and propagate the cleanTokenFilePath error as currently
done.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@pkg/llmproxy/api/server.go`:
- Around line 1039-1048: Replace the direct stdout print in server.go (the
fmt.Printf that logs total, authEntries, geminiClientCount, claudeClientCount,
codexClientCount, vertexAICompatCount, openAICompatCount) with a logrus
structured log call: build a logrus entry using logrus.WithFields (include
fields total, auth_entries, gemini_keys, claude_keys, codex_keys, vertex_compat,
openai_compat) and emit at Info level (e.g., Info or Infof) with a clear message
like "server clients and configuration updated"; remove the fmt.Printf
import/use and ensure the package uses the existing logger instance (log or
logrus) consistent with the project.

In `@pkg/llmproxy/auth/kiro/sso_oidc.go`:
- Around line 108-121: The isValidAWSRegion function currently allows overly
permissive values (e.g., "foo" or "-"); replace its manual checks by calling the
existing centralized validator (or the strict AWS region regex used elsewhere)
and/or use go-playground/validator to validate the region, then update
getOIDCEndpoint usage to fall back when the validator rejects the region; locate
isValidAWSRegion and refactor it to delegate to the shared validation utility
(or the strict pattern) so behavior matches other callers and prevents building
invalid regional hosts.

In `@pkg/llmproxy/auth/qwen/qwen_auth.go`:
- Line 19: Import and use zerolog instead of logrus and fmt in this file:
replace the "github.com/sirupsen/logrus" import with "github.com/rs/zerolog/log"
(or the project’s zerolog wrapper if one exists), then update all logging calls
accordingly (e.g., change logrus usages to zerolog style like
log.Info()/log.Error() with .Msg or .Msgf) and remove any fmt.Printf in
PollForToken by replacing them with appropriate zerolog calls (lines referencing
PollForToken at the printf locations should use
log.Debug()/log.Info()/log.Error().Msgf to preserve message formatting and
levels).
- Line 16: Fix two build/runtime issues and logging: (1) Update module
dependency in go.mod so the replace points to a real path or use a published
version (e.g., github.com/KooshaPari/phenotype-go-kit@vX.Y.Z) or vendor the
module to eliminate the missing ../../template-commons/phenotype-go-kit
replacement; (2) In UpdateTokenStorage (function UpdateTokenStorage and any
callers), change direct field accesses like storage.AccessToken,
storage.RefreshToken, storage.LastRefresh, storage.Expire to reference the named
field: storage.BaseTokenStorage.AccessToken,
storage.BaseTokenStorage.RefreshToken, storage.BaseTokenStorage.LastRefresh,
storage.BaseTokenStorage.Expire; also replace all logrus and fmt.Printf usages
in this file (e.g., imports at top and prints around lines with fmt.Printf) with
the project's zerolog logger calls to satisfy logging guidelines.

In `@pkg/llmproxy/auth/qwen/qwen_token_test.go`:
- Around line 7-9: The test file qwen_token_test.go is importing
github.com/KooshaPari/phenotype-go-kit/pkg/auth which causes builds to fail
because that module path is not available; either change the import in
qwen_token_test.go to the project's local auth package path used elsewhere (the
auth package symbol referenced as auth) or add a go.mod replace entry in this
module pointing github.com/KooshaPari/phenotype-go-kit to the correct local
directory so the import resolves; update the import line referencing auth in
qwen_token_test.go (and any other tests) or add the replace in go.mod to fix the
missing module error.
- Around line 16-19: cleanTokenFilePath's returned, validated path is ignored in
QwenTokenStorage.SaveTokenToFile; update the function to capture the cleaned
path (call cleanTokenFilePath(authFilePath, "qwen token")), assign it to
ts.BaseTokenStorage.FilePath, set ts.BaseTokenStorage.Type = "qwen", then call
ts.BaseTokenStorage.Save(); reference SaveTokenToFile, cleanTokenFilePath,
ts.BaseTokenStorage.FilePath and Save() when making the change.

In `@pkg/llmproxy/executor/kiro_transform.go`:
- Line 15: This file imports logrus as log; replace that import with zerolog
(e.g., github.com/rs/zerolog and optionally github.com/rs/zerolog/log) and
update all usages in kiro_transform.go that reference the logrus alias (e.g.,
any calls like log.Info, log.Debug, log.Error, etc.) to the equivalent zerolog
calls (e.g., log.Info().Msg(), log.Debug().Msg(), log.Error().Err(err).Msg())
and adjust structured fields to use zerolog's With/Str/Err/Interface chain;
ensure the package alias and any error/field usages are updated consistently
across functions and tests in this file.

In `@pkg/llmproxy/executor/logging_helpers.go`:
- Around line 280-294: The sanitizeHeaders function should be updated to redact
additional common sensitive headers: add case-insensitive checks for
"x-api-key", "set-cookie", "x-auth-token", and "x-csrf-token" alongside the
existing "authorization", "cookie", and "proxy-authorization"; modify the loop
in sanitizeHeaders (which clones headers via headers.Clone()) to trim and
lowercase the key and treat these new header names the same way (set their value
to ["[redacted]"]) so logs never expose those values.

In `@pkg/llmproxy/logging/request_logger.go`:
- Around line 232-236: Add the same path containment guard used earlier to the
LogStreamingRequest function: after it constructs the local filePath (the same
way as in the other function), compute a cleaned logs directory from l.logsDir
and verify that filepath.Clean(filePath) has the cleaned logs directory +
os.PathSeparator as its prefix; if the check fails return the function's error
return (e.g., nil, fmt.Errorf(...)) so the request is rejected. This mirrors the
existing guard and uses the same symbols: LogStreamingRequest, filePath, and
l.logsDir.

In `@sdk/auth/filestore.go`:
- Around line 177-188: The path containment check currently allows candidate ==
cleanBase which lets callers target the base directory itself; update the logic
in the resolution routine (the block using candidate, cleanBase, filepath.IsAbs,
filepath.Clean and strings.HasPrefix) to treat candidate == cleanBase as invalid
too (i.e., return the same error when candidate equals cleanBase or when it is
outside cleanBase+os.PathSeparator) so the base directory cannot be returned as
a valid target.

---

Outside diff comments:
In `@pkg/llmproxy/auth/kiro/token.go`:
- Around line 162-168: Remove the dead helper function cleanAuthPath by deleting
its entire definition; references in this file already use cleanTokenPath which
performs the needed sanitization and validation (including scope parameter and
empty-check), so ensure no other code calls cleanAuthPath and run
tests/typecheck to confirm removal is safe.

In `@pkg/llmproxy/auth/qwen/qwen_auth_test.go`:
- Line 66: The local variable named auth shadows the imported auth package;
rename the variable returned by NewQwenAuth to a non-conflicting identifier
(e.g., qwenAuth or qwenAuthClient) wherever it's declared (the NewQwenAuth(...)
calls in this test file — the three places shown), and update all subsequent
uses in those tests to the new name so the imported auth package remains
unshadowed and the tests compile.

In `@pkg/llmproxy/auth/qwen/qwen_auth.go`:
- Around line 366-371: The UpdateTokenStorage method in QwenAuth currently
writes promoted fields (AccessToken, RefreshToken, LastRefresh, Expire) directly
on QwenTokenStorage which will panic if storage.BaseTokenStorage is nil; update
QwenAuth.UpdateTokenStorage to check if storage.BaseTokenStorage == nil and
allocate &auth.BaseTokenStorage{} (or call the same initialization used in
CreateTokenStorage) before assigning, and then set the fields on
storage.BaseTokenStorage (or via the promoted names once initialized) and also
set ResourceURL on the QwenTokenStorage as currently done to keep behavior
consistent with CreateTokenStorage.

In `@pkg/llmproxy/auth/qwen/qwen_token.go`:
- Around line 50-62: The SaveTokenToFile method on QwenTokenStorage validates
authFilePath via cleanTokenFilePath but ignores the returned cleaned path and
thus saves using the BaseTokenStorage's existing path; update SaveTokenToFile so
it uses the cleaned path before delegating to BaseTokenStorage.Save(): call
cleanTokenFilePath(authFilePath, "qwen token"), assign the returned cleaned path
to ts.BaseTokenStorage.Path (or the equivalent field used by BaseTokenStorage)
and set ts.BaseTokenStorage.Type = "qwen", then call ts.BaseTokenStorage.Save()
so the provided/validated path is actually used; keep the nil-check for
ts.BaseTokenStorage and propagate the cleanTokenFilePath error as currently
done.

In `@pkg/llmproxy/executor/kiro_transform.go`:
- Around line 60-80: resolveKiroAPIRegion currently returns unvalidated region
strings (from auth.Metadata["api_region"] and extractRegionFromProfileARN())
which are later used by buildKiroEndpointConfigs to construct URLs; validate the
candidate region with isValidAWSRegion (from pkg/llmproxy/auth/kiro/sso_oidc.go)
inside resolveKiroAPIRegion and only return it if the check passes, otherwise
fall back to kiroDefaultRegion—this ensures buildKiroEndpointConfigs never
receives an unvalidated region and prevents SSRF via crafted region values.

In `@pkg/llmproxy/logging/request_logger.go`:
- Around line 309-361: In FileRequestLogger.LogStreamingRequest ensure the
constructed filePath remains inside l.logsDir (same containment guard used in
logRequest) to prevent path traversal: after computing filename :=
l.generateFilename(...) and filePath := filepath.Join(l.logsDir, filename)
resolve both to absolute paths (filepath.Abs) or use filepath.Rel to get the
relative path and if it begins with ".." (or Rel returns an error) return an
error and clean up any temp files created (requestBodyPath/responseBodyFile)
before returning; update the error message to match the style used in logRequest
and reference the symbols FileRequestLogger.LogStreamingRequest, filename,
filePath, l.logsDir, requestBodyPath, and responseBodyFile when making the
change.

In `@sdk/auth/filestore.go`:
- Around line 287-316: FileTokenStore.resolveAuthPath currently returns paths
from auth.Attributes["path"], auth.FileName, or auth.ID without ensuring they
are contained in the configured base directory; update it to mirror
resolveDeletePath/GitTokenStore behavior by resolving any candidate path (from
auth.Attributes["path"], auth.FileName when joined with baseDirSnapshot(), or
auth.ID) to an absolute path and then call
ensurePathWithinDir(baseDirSnapshot(), resolvedPath) to validate containment,
returning an error if validation fails; use the same error messages/flow as
resolveDeletePath when baseDirSnapshot() is empty or containment check fails.

In `@sdk/cliproxy/service.go`:
- Around line 597-613: The normalizeStrategy function currently maps unknown
strategies to "round-robin", which prevents sticky variants from being
recognized; update normalizeStrategy (used for previousStrategy and
nextStrategy) to map "sticky-round-robin", "stickyroundrobin", and "srr" to a
canonical value like "sticky-round-robin" instead of falling through to
"round-robin" so that the switch on nextStrategy can hit the case that
constructs coreauth.NewStickyRoundRobinSelector(1000); ensure the canonical
string used in normalizeStrategy exactly matches the case label in the selector
switch and leave other mappings (e.g., fill-first variants) unchanged.

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 39489bf and 0bce4ef.

📒 Files selected for processing (30)

• internal/auth/claude/anthropic_auth.go
• internal/auth/claude/token.go
• internal/auth/copilot/copilot_auth.go
• internal/auth/copilot/token.go
• internal/auth/gemini/gemini_auth.go
• internal/auth/gemini/gemini_token.go
• pkg/llmproxy/api/server.go
• pkg/llmproxy/auth/diff/config_diff.go
• pkg/llmproxy/auth/kiro/sso_oidc.go
• pkg/llmproxy/auth/kiro/token.go
• pkg/llmproxy/auth/qwen/qwen_auth.go
• pkg/llmproxy/auth/qwen/qwen_auth_test.go
• pkg/llmproxy/auth/qwen/qwen_token.go
• pkg/llmproxy/auth/qwen/qwen_token_test.go
• pkg/llmproxy/executor/antigravity_executor.go
• pkg/llmproxy/executor/kiro_auth.go
• pkg/llmproxy/executor/kiro_executor.go
• pkg/llmproxy/executor/kiro_streaming.go
• pkg/llmproxy/executor/kiro_transform.go
• pkg/llmproxy/executor/logging_helpers.go
• pkg/llmproxy/logging/request_logger.go
• pkg/llmproxy/usage/metrics.go
• pkg/llmproxy/watcher/clients.go
• pkg/llmproxy/watcher/diff/config_diff.go
• pkg/llmproxy/watcher/diff/models_summary.go
• pkg/llmproxy/watcher/diff/openai_compat.go
• pkg/llmproxy/watcher/synthesizer/helpers.go
• sdk/auth/filestore.go
• sdk/cliproxy/auth/selector.go
• sdk/cliproxy/service.go

💤 Files with no reviewable changes (8)

• internal/auth/gemini/gemini_token.go
• internal/auth/copilot/token.go
• internal/auth/claude/anthropic_auth.go
• pkg/llmproxy/executor/kiro_auth.go
• pkg/llmproxy/executor/kiro_executor.go
• internal/auth/claude/token.go
• internal/auth/gemini/gemini_auth.go
• internal/auth/copilot/copilot_auth.go

📜 Review details

🧰 Additional context used

📓 Path-based instructions (1)

**/*.go

📄 CodeRabbit inference engine (AGENTS.md)

**/*.go: NEVER create a v2 file - refactor the original instead
NEVER create a new class if an existing one can be made generic
NEVER create custom implementations when an OSS library exists - search pkg.go.dev for existing libraries before writing code
Build generic building blocks (provider interface + registry) before application logic
Use chi for HTTP routing (NOT custom routers)
Use zerolog for logging (NOT fmt.Print)
Use viper for configuration (NOT manual env parsing)
Use go-playground/validator for validation (NOT manual if/else validation)
Use golang.org/x/time/rate for rate limiting (NOT custom limiters)
Use template strings for messages instead of hardcoded messages and config-driven logic instead of code-driven
Zero new lint suppressions without inline justification
All new code must pass: go fmt, go vet, golint
Maximum function length: 40 lines
No placeholder TODOs in committed code

Files:

• pkg/llmproxy/watcher/diff/models_summary.go
• pkg/llmproxy/api/server.go
• pkg/llmproxy/logging/request_logger.go
• pkg/llmproxy/auth/diff/config_diff.go
• pkg/llmproxy/executor/kiro_streaming.go
• sdk/auth/filestore.go
• pkg/llmproxy/watcher/diff/config_diff.go
• pkg/llmproxy/watcher/diff/openai_compat.go
• pkg/llmproxy/auth/kiro/token.go
• sdk/cliproxy/auth/selector.go
• sdk/cliproxy/service.go
• pkg/llmproxy/auth/qwen/qwen_auth.go
• pkg/llmproxy/auth/kiro/sso_oidc.go
• pkg/llmproxy/watcher/clients.go
• pkg/llmproxy/auth/qwen/qwen_token.go
• pkg/llmproxy/watcher/synthesizer/helpers.go
• pkg/llmproxy/auth/qwen/qwen_token_test.go
• pkg/llmproxy/usage/metrics.go
• pkg/llmproxy/executor/logging_helpers.go
• pkg/llmproxy/auth/qwen/qwen_auth_test.go
• pkg/llmproxy/executor/antigravity_executor.go
• pkg/llmproxy/executor/kiro_transform.go

🧬 Code graph analysis (7)

pkg/llmproxy/api/server.go (2)

pkg/llmproxy/config/config.go (4)

• GeminiKey (453-478)
• ClaudeKey (357-386)
• CodexKey (405-434)
• OpenAICompatibility (620-646)

sdk/config/config.go (4)

• GeminiKey (30-30)
• ClaudeKey (26-26)
• CodexKey (28-28)
• OpenAICompatibility (38-38)

pkg/llmproxy/auth/diff/config_diff.go (1)

sdk/config/config.go (1)

• AmpCode (19-19)

pkg/llmproxy/watcher/diff/config_diff.go (2)

pkg/llmproxy/config/config.go (1)

• AmpCode (259-284)

sdk/config/config.go (1)

• AmpCode (19-19)

sdk/cliproxy/service.go (1)

sdk/cliproxy/auth/selector.go (1)

• NewStickyRoundRobinSelector (44-50)

pkg/llmproxy/watcher/clients.go (2)

pkg/llmproxy/config/config.go (4)

• GeminiKey (453-478)
• ClaudeKey (357-386)
• CodexKey (405-434)
• OpenAICompatibility (620-646)

sdk/config/config.go (4)

• GeminiKey (30-30)
• ClaudeKey (26-26)
• CodexKey (28-28)
• OpenAICompatibility (38-38)

pkg/llmproxy/auth/qwen/qwen_auth_test.go (1)

pkg/llmproxy/auth/qwen/qwen_token.go (1)

• QwenTokenStorage (19-27)

pkg/llmproxy/executor/antigravity_executor.go (1)

sdk/cliproxy/auth/types.go (1)

• Auth (46-96)

🪛 GitHub Actions: codeql

pkg/llmproxy/auth/qwen/qwen_auth.go

[error] 16-16: During 'go build ./...': replacement directory ../../template-commons/phenotype-go-kit does not exist for module replacement github.com/KooshaPari/phenotype-go-kit@v0.0.0

🪛 GitHub Actions: pr-test-build

pkg/llmproxy/auth/qwen/qwen_auth.go

[error] 16-16: Go module replacement failed. replacement directory '../../template-commons/phenotype-go-kit' does not exist referenced in go.mod.

🪛 GitHub Check: Analyze (Go) (go)

pkg/llmproxy/auth/qwen/qwen_auth.go

[failure] 16-16:
github.com/KooshaPari/phenotype-go-kit@v0.0.0: replacement directory ../../template-commons/phenotype-go-kit does not exist

🪛 GitHub Check: build

pkg/llmproxy/auth/qwen/qwen_auth.go

[failure] 16-16:
github.com/KooshaPari/phenotype-go-kit@v0.0.0: replacement directory ../../template-commons/phenotype-go-kit does not exist

🔇 Additional comments (21)

pkg/llmproxy/executor/kiro_streaming.go (1)

22-23: Import alias cleanup looks correct.

The renamed aliases are consistent with current type usage in this file and do not introduce behavioral changes.

pkg/llmproxy/watcher/synthesizer/helpers.go (1)

33-35: Inline CodeQL suppression is properly justified.

Good change: the comments clearly document that SHA-256 is used for deterministic ID generation (not password hashing), and the suppression is scoped to that line with rationale.

pkg/llmproxy/usage/metrics.go (1)

7-7: Import path correction looks right for the pkg consolidation.

Line 7 updates the util import to the consolidated module path and aligns with the PR’s build-fix objective.

pkg/llmproxy/watcher/diff/models_summary.go (1)

116-117: Good inline rationale for the suppression.

The added explanation makes the SHA-256 usage intent explicit and keeps the CodeQL suppression auditable.

As per coding guidelines, "Zero new lint suppressions without inline justification".

sdk/cliproxy/auth/selector.go (1)

43-50: Constructor initialization is solid.

NewStickyRoundRobinSelector correctly pre-initializes internal maps and captures maxKeys, so the selector is immediately safe to use.

pkg/llmproxy/executor/antigravity_executor.go (2)

1686-1695: LGTM! Solid SSRF mitigation via domain suffix validation.

The validation correctly prevents SSRF by:

1. Requiring HTTPS scheme (prevents downgrade attacks)
2. Requiring hostname to end with .googleapis.com (Google-controlled domain)

Edge cases are handled correctly:

• IP addresses → rejected (no suffix match)
• Lookalike domains (googleapis.com.attacker.com) → rejected (wrong suffix)
• URL with userinfo (user@googleapis.com) → parsed.Hostname() correctly extracts the host

---

1697-1723: LGTM! Proper validation flow with helpful warning logs.

The updated function correctly:

• Validates both Attributes and Metadata sources
• Logs warnings for rejected URLs (aids debugging without exposing secrets)
• Continues searching fallback sources when validation fails

pkg/llmproxy/auth/kiro/sso_oidc.go (1)

124-127: Good defense-in-depth fallback in endpoint construction.

Defaulting to defaultIDCRegion when the region is empty/invalid is a solid hardening step against malformed region input in URL construction.

pkg/llmproxy/executor/kiro_transform.go (2)

13-13: LGTM on import alias fix.

The import alias correction from clipproxyauth (presumably a typo) to cliproxyauth aligns with the package path and maintains consistency.

---

419-426: LGTM on fingerprint implementation.

Using SHA256 for model fingerprinting is appropriate. This is an identifier/hash for logging/correlation purposes, not a security-sensitive operation, so full cryptographic strength isn't required but SHA256 is a reasonable choice regardless.

pkg/llmproxy/auth/kiro/token.go (1)

146-147: LGTM - CodeQL suppression is accurate.

The comment correctly justifies the suppression: component is derived from filepath.Rel and split by os.PathSeparator, guaranteeing it's a single path segment without separators or .. sequences. The prior pathWithinBase check at line 131 already guards against path escape.

pkg/llmproxy/executor/logging_helpers.go (1)

85-85: LGTM - Headers are now sanitized before logging.

This change ensures sensitive credentials in request headers are redacted before being written to logs, addressing the clear-text logging security concern.

pkg/llmproxy/watcher/diff/config_diff.go (1)

236-239: Clear variable rename; behavior preserved.

The oldUpstreamEntryCount / newUpstreamEntryCount naming is more accurate for UpstreamAPIKeys entries and keeps the emitted change summary consistent.

pkg/llmproxy/watcher/diff/openai_compat.go (1)

181-183: Good inline justification for fingerprint hashing suppression.

The added comments clearly scope SHA-256 usage to config fingerprinting (not credential hashing), which makes the suppression rationale explicit.

pkg/llmproxy/auth/diff/config_diff.go (1)

233-236: Accurate terminology update for upstream key entries.

This rename improves readability and aligns the diff message with what is actually counted (entries, not key material).

pkg/llmproxy/watcher/clients.go (1)

58-60: Count-variable rename is consistent end-to-end.

The updated *ClientCount naming is applied consistently through aggregation, logging arguments, and function returns without changing behavior.

Also applies to: 103-119, 246-270

pkg/llmproxy/auth/qwen/qwen_auth.go (1)

351-363: LGTM on the BaseTokenStorage embedding pattern.

The CreateTokenStorage method correctly initializes the embedded BaseTokenStorage with the token fields, keeping ResourceURL as a separate field on QwenTokenStorage. This aligns with the shared token storage model from the go-kit library.

pkg/llmproxy/auth/qwen/qwen_token.go (2)

64-77: Good path traversal protection in cleanTokenFilePath.

The function properly:

• Trims whitespace and normalizes path separators
• Rejects empty, ., .., and paths starting with ../
• Resolves to absolute path for additional safety

However, the cleaned path is not returned for use - only used for validation. Consider whether the caller should use the cleaned absolute path.

---

19-27: LGTM on the QwenTokenStorage struct definition.

The struct correctly embeds *auth.BaseTokenStorage for shared token management and adds Qwen-specific fields (ResourceURL and Email).

pkg/llmproxy/auth/qwen/qwen_auth_test.go (1)

154-165: LGTM on the traversal path rejection test.

The test correctly initializes QwenTokenStorage with the new embedded BaseTokenStorage pattern and verifies that path traversal attempts are rejected.

pkg/llmproxy/auth/qwen/qwen_token_test.go (1)

29-37: LGTM on the traversal path rejection test.

The test properly verifies that SaveTokenToFile rejects paths with directory traversal patterns like ../.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

# First, verify the file exists and examine the code at the specified lines
head -1050 pkg/llmproxy/api/server.go | tail -20

Repository: KooshaPari/cliproxyapi-plusplus

Length of output: 764

---

🏁 Script executed:

# Check what logging imports are used in this file
rg -n "^\s*import|^import" pkg/llmproxy/api/server.go -A 30 | head -50

Repository: KooshaPari/cliproxyapi-plusplus

Length of output: 1527

---

🏁 Script executed:

# Search for how logging is used in this file and the project
rg -n "log\." pkg/llmproxy/api/server.go | head -20

Repository: KooshaPari/cliproxyapi-plusplus

Length of output: 1363

---

🏁 Script executed:

# Check if zerolog is used elsewhere in the project
rg "zerolog" --type=go -l | head -10

Repository: KooshaPari/cliproxyapi-plusplus

Length of output: 57

---

🏁 Script executed:

# Look for the logger initialization pattern in this package
rg -n "var log|:= log\.|Logger" pkg/llmproxy/api/server.go | head -20

Repository: KooshaPari/cliproxyapi-plusplus

Length of output: 1484

---

🏁 Script executed:

# Find the log variable declaration in server.go
rg -n "^var log|^const log|\blog\s*:=|func.*log\s+\*" pkg/llmproxy/api/server.go

Repository: KooshaPari/cliproxyapi-plusplus

Length of output: 57

---

🏁 Script executed:

# Check the logging package to understand what logger it provides
cat pkg/llmproxy/logging/*.go 2>/dev/null | head -100

Repository: KooshaPari/cliproxyapi-plusplus

Length of output: 2928

---

🏁 Script executed:

# Search for log package-level initialization or common patterns
rg -n "log\s*=" pkg/llmproxy/api/server.go | head -10

Repository: KooshaPari/cliproxyapi-plusplus

Length of output: 57

---

🏁 Script executed:

# Find where log comes from - check if it's imported or initialized
rg -n "log\s+" pkg/llmproxy/api/server.go | head -5

Repository: KooshaPari/cliproxyapi-plusplus

Length of output: 235

---

🏁 Script executed:

# Check if the logging package exports a log variable or if logrus is imported in server.go
rg "logrus|\"log\"" pkg/llmproxy/api/server.go

Repository: KooshaPari/cliproxyapi-plusplus

Length of output: 108

---

🏁 Script executed:

# Look at the beginning of server.go to see package-level declarations
head -50 pkg/llmproxy/api/server.go

Repository: KooshaPari/cliproxyapi-plusplus

Length of output: 2550

---

🏁 Script executed:

# Search for init function or package-level log initialization
rg -A5 "^func init|^var \(" pkg/llmproxy/api/server.go | head -30

Repository: KooshaPari/cliproxyapi-plusplus

Length of output: 57

---

🏁 Script executed:

# Check the util package to see if log is exported there
rg -n "^var log|^func.*Log" pkg/llmproxy/util/*.go | head -20

Repository: KooshaPari/cliproxyapi-plusplus

Length of output: 290

---

Replace fmt.Printf with logrus structured logging.

This block prints directly to stdout. Route it through the project's logrus logger to keep runtime logs consistent with configured sinks and levels.

♻️ Proposed fix

-	fmt.Printf("server clients and configuration updated: %d clients (%d auth entries + %d Gemini API keys + %d Claude API keys + %d Codex keys + %d Vertex-compat + %d OpenAI-compat)\n",
+	log.Infof("server clients and configuration updated: %d clients (%d auth entries + %d Gemini API keys + %d Claude API keys + %d Codex keys + %d Vertex-compat + %d OpenAI-compat)",
 		total,
 		authEntries,
 		geminiClientCount,
 		claudeClientCount,
 		codexClientCount,
 		vertexAICompatCount,
 		openAICompatCount,
 	)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/llmproxy/api/server.go` around lines 1039 - 1048, Replace the direct
stdout print in server.go (the fmt.Printf that logs total, authEntries,
geminiClientCount, claudeClientCount, codexClientCount, vertexAICompatCount,
openAICompatCount) with a logrus structured log call: build a logrus entry using
logrus.WithFields (include fields total, auth_entries, gemini_keys, claude_keys,
codex_keys, vertex_compat, openai_compat) and emit at Info level (e.g., Info or
Infof) with a clear message like "server clients and configuration updated";
remove the fmt.Printf import/use and ensure the package uses the existing logger
instance (log or logrus) consistent with the project.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Region validation is too permissive and diverges from existing stricter checks.

isValidAWSRegion accepts values like foo or -, so getOIDCEndpoint may build invalid regional hosts instead of falling back. Reuse the existing strict region pattern (or centralized validator) to keep behavior consistent and predictable.

Suggested fix

 func isValidAWSRegion(region string) bool {
-	if region == "" {
-		return false
-	}
-	for _, c := range region {
-		if !((c >= 'a' && c <= 'z') || (c >= '0' && c <= '9') || c == '-') {
-			return false
-		}
-	}
-	return true
+	region = strings.TrimSpace(region)
+	return awsRegionPattern.MatchString(region)
 }

As per coding guidelines, "Use go-playground/validator for validation (NOT manual if/else validation)".

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	// isValidAWSRegion returns true if region contains only lowercase letters, digits,
	// and hyphens — the only characters that appear in real AWS region names.
	// This prevents SSRF via a crafted region string embedding path/query characters.
	func isValidAWSRegion(region string) bool {
	if region == "" {
	return false
	}
	for _, c := range region {
	if !((c >= 'a' && c <= 'z') || (c >= '0' && c <= '9') || c == '-') {
	return false
	}
	}
	return true
	}
	// isValidAWSRegion returns true if region contains only lowercase letters, digits,
	// and hyphens — the only characters that appear in real AWS region names.
	// This prevents SSRF via a crafted region string embedding path/query characters.
	func isValidAWSRegion(region string) bool {
	region = strings.TrimSpace(region)
	return awsRegionPattern.MatchString(region)
	}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/llmproxy/auth/kiro/sso_oidc.go` around lines 108 - 121, The
isValidAWSRegion function currently allows overly permissive values (e.g., "foo"
or "-"); replace its manual checks by calling the existing centralized validator
(or the strict AWS region regex used elsewhere) and/or use
go-playground/validator to validate the region, then update getOIDCEndpoint
usage to fall back when the validator rejects the region; locate
isValidAWSRegion and refactor it to delegate to the shared validation utility
(or the strict pattern) so behavior matches other callers and prevents building
invalid regional hosts.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Same build failure applies here.

This file imports github.com/KooshaPari/phenotype-go-kit/pkg/auth which will fail due to the missing module replacement directory, as flagged in qwen_auth.go.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

cat go.mod | grep -i phenotype

Repository: KooshaPari/cliproxyapi-plusplus

Length of output: 211

---

🏁 Script executed:

ls -la ../../template-commons/phenotype-go-kit 2>&1 || echo "Directory not found"

Repository: KooshaPari/cliproxyapi-plusplus

Length of output: 181

---

🏁 Script executed:

head -50 pkg/llmproxy/auth/qwen/qwen_auth.go

Repository: KooshaPari/cliproxyapi-plusplus

Length of output: 2043

---

🏁 Script executed:

rg "UpdateTokenStorage|BaseTokenStorage|AccessToken|RefreshToken" pkg/llmproxy/auth/qwen/qwen_auth.go -A 3 -B 1

Repository: KooshaPari/cliproxyapi-plusplus

Length of output: 2783

---

🏁 Script executed:

rg "logrus|fmt\.Printf|fmt\.Print" pkg/llmproxy/auth/qwen/qwen_auth.go -n

Repository: KooshaPari/cliproxyapi-plusplus

Length of output: 462

---

🏁 Script executed:

rg "type QwenTokenStorage struct" pkg/llmproxy/auth/qwen/qwen_auth.go -A 10

Repository: KooshaPari/cliproxyapi-plusplus

Length of output: 57

---

🏁 Script executed:

rg "QwenTokenStorage" pkg/llmproxy/auth/qwen/qwen_auth.go -B 2 -A 8

Repository: KooshaPari/cliproxyapi-plusplus

Length of output: 935

---

Critical: Build failure due to missing module replacement and field access error in UpdateTokenStorage.

Two critical issues block this code:

1. Build failure: go.mod contains replace github.com/KooshaPari/phenotype-go-kit => ../../template-commons/phenotype-go-kit, but the directory does not exist. Either publish the module to a registry and use a proper version, use a Git-based module path (e.g., github.com/KooshaPari/phenotype-go-kit@v0.1.0), or vendor the dependency.

2. Field access error in UpdateTokenStorage (lines 366–371): BaseTokenStorage is a named field (not embedded), but the code accesses storage.AccessToken, storage.RefreshToken, storage.LastRefresh, and storage.Expire directly. These should be accessed as storage.BaseTokenStorage.AccessToken, etc. This will cause compile or runtime errors.

Additionally, the code uses logrus (line 19) and fmt.Printf (lines 251, 259, 274, 283) for logging, but the coding guidelines require zerolog.

🧰 Tools

🪛 GitHub Actions: codeql

[error] 16-16: During 'go build ./...': replacement directory ../../template-commons/phenotype-go-kit does not exist for module replacement github.com/KooshaPari/phenotype-go-kit@v0.0.0

🪛 GitHub Actions: pr-test-build

[error] 16-16: Go module replacement failed. replacement directory '../../template-commons/phenotype-go-kit' does not exist referenced in go.mod.

🪛 GitHub Check: Analyze (Go) (go)

[failure] 16-16:
github.com/KooshaPari/phenotype-go-kit@v0.0.0: replacement directory ../../template-commons/phenotype-go-kit does not exist

🪛 GitHub Check: build

[failure] 16-16:
github.com/KooshaPari/phenotype-go-kit@v0.0.0: replacement directory ../../template-commons/phenotype-go-kit does not exist

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/llmproxy/auth/qwen/qwen_auth.go` at line 16, Fix two build/runtime issues
and logging: (1) Update module dependency in go.mod so the replace points to a
real path or use a published version (e.g.,
github.com/KooshaPari/phenotype-go-kit@vX.Y.Z) or vendor the module to eliminate
the missing ../../template-commons/phenotype-go-kit replacement; (2) In
UpdateTokenStorage (function UpdateTokenStorage and any callers), change direct
field accesses like storage.AccessToken, storage.RefreshToken,
storage.LastRefresh, storage.Expire to reference the named field:
storage.BaseTokenStorage.AccessToken, storage.BaseTokenStorage.RefreshToken,
storage.BaseTokenStorage.LastRefresh, storage.BaseTokenStorage.Expire; also
replace all logrus and fmt.Printf usages in this file (e.g., imports at top and
prints around lines with fmt.Printf) with the project's zerolog logger calls to
satisfy logging guidelines.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Use zerolog instead of logrus.

The coding guidelines specify using zerolog for logging, but this file imports logrus. This also applies to the fmt.Printf calls in PollForToken (lines 251, 259, 274, 283).

As per coding guidelines: "Use zerolog for logging (NOT fmt.Print)".

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/llmproxy/auth/qwen/qwen_auth.go` at line 19, Import and use zerolog
instead of logrus and fmt in this file: replace the "github.com/sirupsen/logrus"
import with "github.com/rs/zerolog/log" (or the project’s zerolog wrapper if one
exists), then update all logging calls accordingly (e.g., change logrus usages
to zerolog style like log.Info()/log.Error() with .Msg or .Msgf) and remove any
fmt.Printf in PollForToken by replacing them with appropriate zerolog calls
(lines referencing PollForToken at the printf locations should use
log.Debug()/log.Info()/log.Error().Msgf to preserve message formatting and
levels).

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Consider migrating from logrus to zerolog.

The codebase guidelines specify using zerolog for logging. This file uses logrus, which appears to be pre-existing. Consider migrating to zerolog in a follow-up PR for consistency.

As per coding guidelines: "Use zerolog for logging (NOT fmt.Print)".

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/llmproxy/executor/kiro_transform.go` at line 15, This file imports logrus
as log; replace that import with zerolog (e.g., github.com/rs/zerolog and
optionally github.com/rs/zerolog/log) and update all usages in kiro_transform.go
that reference the logrus alias (e.g., any calls like log.Info, log.Debug,
log.Error, etc.) to the equivalent zerolog calls (e.g., log.Info().Msg(),
log.Debug().Msg(), log.Error().Err(err).Msg()) and adjust structured fields to
use zerolog's With/Str/Err/Interface chain; ensure the package alias and any
error/field usages are updated consistently across functions and tests in this
file.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Good security improvement - consider expanding the sensitive header list.

The sanitizeHeaders function correctly redacts credentials before logging. The implementation properly clones headers to avoid mutation and uses case-insensitive comparison.

Consider also redacting these commonly sensitive headers:

• X-Api-Key
• Set-Cookie
• X-Auth-Token
• X-Csrf-Token

,

🛡️ Optional: expand sensitive header list

 func sanitizeHeaders(headers http.Header) http.Header {
 	if len(headers) == 0 {
 		return headers
 	}
 	sanitized := headers.Clone()
 	for key := range sanitized {
 		keyLower := strings.ToLower(strings.TrimSpace(key))
-		if keyLower == "authorization" || keyLower == "cookie" || keyLower == "proxy-authorization" {
+		switch keyLower {
+		case "authorization", "cookie", "proxy-authorization", "set-cookie", "x-api-key", "x-auth-token":
 			sanitized[key] = []string{"[redacted]"}
 		}
 	}
 	return sanitized
 }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	// sanitizeHeaders returns a copy of the headers map with sensitive values redacted
	// to prevent credentials such as Authorization tokens from appearing in logs.
	func sanitizeHeaders(headers http.Header) http.Header {
	if len(headers) == 0 {
	return headers
	}
	sanitized := headers.Clone()
	for key := range sanitized {
	keyLower := strings.ToLower(strings.TrimSpace(key))
	if keyLower == "authorization" || keyLower == "cookie" || keyLower == "proxy-authorization" {
	sanitized[key] = []string{"[redacted]"}
	}
	}
	return sanitized
	}
	// sanitizeHeaders returns a copy of the headers map with sensitive values redacted
	// to prevent credentials such as Authorization tokens from appearing in logs.
	func sanitizeHeaders(headers http.Header) http.Header {
	if len(headers) == 0 {
	return headers
	}
	sanitized := headers.Clone()
	for key := range sanitized {
	keyLower := strings.ToLower(strings.TrimSpace(key))
	switch keyLower {
	case "authorization", "cookie", "proxy-authorization", "set-cookie", "x-api-key", "x-auth-token":
	sanitized[key] = []string{"[redacted]"}
	}
	}
	return sanitized
	}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/llmproxy/executor/logging_helpers.go` around lines 280 - 294, The
sanitizeHeaders function should be updated to redact additional common sensitive
headers: add case-insensitive checks for "x-api-key", "set-cookie",
"x-auth-token", and "x-csrf-token" alongside the existing "authorization",
"cookie", and "proxy-authorization"; modify the loop in sanitizeHeaders (which
clones headers via headers.Clone()) to trim and lowercase the key and treat
these new header names the same way (set their value to ["[redacted]"]) so logs
never expose those values.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Good path containment guard, but LogStreamingRequest is missing the same protection.

This guard correctly prevents log file paths from escaping the configured logs directory. However, LogStreamingRequest at line 321 constructs filePath identically but lacks this containment check, creating an inconsistent security posture.

,

🛡️ Add the same guard to LogStreamingRequest

Apply the same check after line 321:

// Guard: ensure the resolved log file path stays within the logs directory.
cleanLogsDir := filepath.Clean(l.logsDir)
if !strings.HasPrefix(filepath.Clean(filePath), cleanLogsDir+string(os.PathSeparator)) {
    return nil, fmt.Errorf("log file path escapes logs directory")
}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/llmproxy/logging/request_logger.go` around lines 232 - 236, Add the same
path containment guard used earlier to the LogStreamingRequest function: after
it constructs the local filePath (the same way as in the other function),
compute a cleaned logs directory from l.logsDir and verify that
filepath.Clean(filePath) has the cleaned logs directory + os.PathSeparator as
its prefix; if the check fails return the function's error return (e.g., nil,
fmt.Errorf(...)) so the request is rejected. This mirrors the existing guard and
uses the same symbols: LogStreamingRequest, filePath, and l.logsDir.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Path containment check has an edge case: allows deleting the base directory itself.

The condition candidate != cleanBase permits candidate == cleanBase, which would allow deletion of the configured base directory when id resolves to it. While os.Remove won't delete a non-empty directory, this edge case may be unintended.

🛡️ Proposed fix to disallow deleting the base directory

 	// Validate that the resolved path is contained within the configured base directory.
 	cleanBase := filepath.Clean(dir)
-	if candidate != cleanBase && !strings.HasPrefix(candidate, cleanBase+string(os.PathSeparator)) {
+	if !strings.HasPrefix(candidate, cleanBase+string(os.PathSeparator)) {
 		return "", fmt.Errorf("auth filestore: auth identifier escapes base directory")
 	}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@sdk/auth/filestore.go` around lines 177 - 188, The path containment check
currently allows candidate == cleanBase which lets callers target the base
directory itself; update the logic in the resolution routine (the block using
candidate, cleanBase, filepath.IsAbs, filepath.Clean and strings.HasPrefix) to
treat candidate == cleanBase as invalid too (i.e., return the same error when
candidate equals cleanBase or when it is outside cleanBase+os.PathSeparator) so
the base directory cannot be returned as a valid target.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

pkg/llmproxy/auth/qwen/qwen_token.go (1)

72-84: ⚠️ Potential issue | 🔴 Critical

Validated path is not used when saving token data.

cleanTokenFilePath() is called, but its output is discarded. Save() then uses BaseTokenStorage.FilePath, which may be empty or stale, causing failed writes or writing to an unintended path.

Proposed fix

 func (ts *QwenTokenStorage) SaveTokenToFile(authFilePath string) error {
 	misc.LogSavingCredentials(authFilePath)
 	if ts.BaseTokenStorage == nil {
 		return fmt.Errorf("qwen token: base token storage is nil")
 	}
 
-	if _, err := cleanTokenFilePath(authFilePath, "qwen token"); err != nil {
+	cleanPath, err := cleanTokenFilePath(authFilePath, "qwen token")
+	if err != nil {
 		return err
 	}
+	ts.BaseTokenStorage.FilePath = cleanPath
 
 	ts.BaseTokenStorage.Type = "qwen"
 	return ts.BaseTokenStorage.Save()
 }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/llmproxy/auth/qwen/qwen_token.go` around lines 72 - 84, In
SaveTokenToFile, the cleaned path returned by cleanTokenFilePath is ignored
causing Save() to use a stale/empty BaseTokenStorage.FilePath; capture the
cleaned path (from cleanTokenFilePath(authFilePath, "qwen token")), assign it to
ts.BaseTokenStorage.FilePath, ensure ts.BaseTokenStorage.Type = "qwen" remains
set, and then call ts.BaseTokenStorage.Save(); preserve the existing error
handling for the cleanTokenFilePath call and the nil BaseTokenStorage check.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@pkg/llmproxy/auth/qwen/qwen_token.go`:
- Around line 41-47: The token file is created with os.Create which uses default
permissions; change the creation in the Save/Write function that uses b.FilePath
(the block starting with f, err := os.Create(b.FilePath)) to use os.OpenFile
with flags os.O_CREATE|os.O_WRONLY|os.O_TRUNC and explicit file mode 0600 so the
token is owner-read/write only, keep the existing error handling and defer
f.Close(), and then proceed to json.NewEncoder(f).Encode(b) as before.

---

Duplicate comments:
In `@pkg/llmproxy/auth/qwen/qwen_token.go`:
- Around line 72-84: In SaveTokenToFile, the cleaned path returned by
cleanTokenFilePath is ignored causing Save() to use a stale/empty
BaseTokenStorage.FilePath; capture the cleaned path (from
cleanTokenFilePath(authFilePath, "qwen token")), assign it to
ts.BaseTokenStorage.FilePath, ensure ts.BaseTokenStorage.Type = "qwen" remains
set, and then call ts.BaseTokenStorage.Save(); preserve the existing error
handling for the cleanTokenFilePath call and the nil BaseTokenStorage check.

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0bce4ef and 24102a5.

📒 Files selected for processing (9)

• pkg/llmproxy/auth/qwen/qwen_auth.go
• pkg/llmproxy/auth/qwen/qwen_auth_test.go
• pkg/llmproxy/auth/qwen/qwen_token.go
• pkg/llmproxy/auth/qwen/qwen_token_test.go
• pkg/llmproxy/executor/kiro_auth.go
• pkg/llmproxy/executor/kiro_executor.go
• pkg/llmproxy/executor/kiro_streaming.go
• pkg/llmproxy/executor/kiro_transform.go
• pkg/llmproxy/usage/metrics.go

💤 Files with no reviewable changes (2)

• pkg/llmproxy/executor/kiro_auth.go
• pkg/llmproxy/executor/kiro_executor.go

📜 Review details

🧰 Additional context used

📓 Path-based instructions (1)

**/*.go

📄 CodeRabbit inference engine (AGENTS.md)

**/*.go: NEVER create a v2 file - refactor the original instead
NEVER create a new class if an existing one can be made generic
NEVER create custom implementations when an OSS library exists - search pkg.go.dev for existing libraries before writing code
Build generic building blocks (provider interface + registry) before application logic
Use chi for HTTP routing (NOT custom routers)
Use zerolog for logging (NOT fmt.Print)
Use viper for configuration (NOT manual env parsing)
Use go-playground/validator for validation (NOT manual if/else validation)
Use golang.org/x/time/rate for rate limiting (NOT custom limiters)
Use template strings for messages instead of hardcoded messages and config-driven logic instead of code-driven
Zero new lint suppressions without inline justification
All new code must pass: go fmt, go vet, golint
Maximum function length: 40 lines
No placeholder TODOs in committed code

Files:

• pkg/llmproxy/executor/kiro_transform.go
• pkg/llmproxy/auth/qwen/qwen_auth.go
• pkg/llmproxy/auth/qwen/qwen_token.go
• pkg/llmproxy/auth/qwen/qwen_token_test.go
• pkg/llmproxy/executor/kiro_streaming.go
• pkg/llmproxy/usage/metrics.go
• pkg/llmproxy/auth/qwen/qwen_auth_test.go

🧠 Learnings (2)

📚 Learning: 2026-02-25T10:11:41.448Z

Learnt from: CR
Repo: KooshaPari/cliproxyapi-plusplus PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-25T10:11:41.448Z
Learning: Applies to **/*.go : Use zerolog for logging (NOT fmt.Print)

Applied to files:

• pkg/llmproxy/executor/kiro_transform.go
• pkg/llmproxy/auth/qwen/qwen_auth.go

📚 Learning: 2026-02-25T10:11:41.448Z

Learnt from: CR
Repo: KooshaPari/cliproxyapi-plusplus PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-25T10:11:41.448Z
Learning: Applies to **/*.go : Build generic building blocks (provider interface + registry) before application logic

Applied to files:

• pkg/llmproxy/auth/qwen/qwen_token_test.go
• pkg/llmproxy/auth/qwen/qwen_auth_test.go

🧬 Code graph analysis (3)

pkg/llmproxy/auth/qwen/qwen_auth.go (1)

pkg/llmproxy/auth/qwen/qwen_token.go (1)

• BaseTokenStorage (17-25)

pkg/llmproxy/auth/qwen/qwen_token_test.go (1)

pkg/llmproxy/auth/qwen/qwen_token.go (1)

• BaseTokenStorage (17-25)

pkg/llmproxy/auth/qwen/qwen_auth_test.go (1)

pkg/llmproxy/auth/qwen/qwen_token.go (2)

• QwenTokenStorage (54-62)
• BaseTokenStorage (17-25)

🔇 Additional comments (6)

pkg/llmproxy/executor/kiro_streaming.go (1)

22-23: Import alias correction looks good.

The updated aliases are consistent with type usage across the file and appear build-safe.

pkg/llmproxy/usage/metrics.go (1)

7-7: Import path update looks correct.

This aligns with the PR’s stated build fix and keeps util usage consistent in this file.

pkg/llmproxy/executor/kiro_transform.go (1)

13-13: Import alias fix is clean and consistent.

Line 13 correctly aligns the auth package alias with the type usage (cliproxyauth.Auth) throughout this file.

pkg/llmproxy/auth/qwen/qwen_auth.go (1)

352-359: Good update to initialize nested token fields explicitly.

This construction matches the new embedded BaseTokenStorage model and keeps token metadata population consistent.

pkg/llmproxy/auth/qwen/qwen_auth_test.go (1)

156-156: Fixture update is aligned with the new storage embedding.

Using BaseTokenStorage in test setup correctly reflects the refactored QwenTokenStorage shape.

pkg/llmproxy/auth/qwen/qwen_token_test.go (1)

16-17: Test setup migration looks correct.

The updated fixtures correctly initialize nested BaseTokenStorage for both save and traversal-path tests.

Also applies to: 32-32

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Persist token files with explicit owner-only permissions.

os.Create uses default mode semantics. For auth tokens, enforce restrictive mode (0600) at creation.

Proposed hardening

-	f, err := os.Create(b.FilePath)
+	f, err := os.OpenFile(b.FilePath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0o600)
 	if err != nil {
 		return fmt.Errorf("failed to create token file: %w", err)
 	}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	f, err := os.Create(b.FilePath)
	if err != nil {
	return fmt.Errorf("failed to create token file: %w", err)
	}
	defer f.Close()
	if err := json.NewEncoder(f).Encode(b); err != nil {
	return fmt.Errorf("failed to write token to file: %w", err)
	f, err := os.OpenFile(b.FilePath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0o600)
	if err != nil {
	return fmt.Errorf("failed to create token file: %w", err)
	}
	defer f.Close()
	if err := json.NewEncoder(f).Encode(b); err != nil {
	return fmt.Errorf("failed to write token to file: %w", err)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/llmproxy/auth/qwen/qwen_token.go` around lines 41 - 47, The token file is
created with os.Create which uses default permissions; change the creation in
the Save/Write function that uses b.FilePath (the block starting with f, err :=
os.Create(b.FilePath)) to use os.OpenFile with flags
os.O_CREATE|os.O_WRONLY|os.O_TRUNC and explicit file mode 0600 so the token is
owner-read/write only, keep the existing error handling and defer f.Close(), and
then proceed to json.NewEncoder(f).Encode(b) as before.

[coderabbitai]

Actionable comments posted: 28

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

pkg/llmproxy/watcher/clients.go (1)

24-121: 🛠️ Refactor suggestion | 🟠 Major

Refactor reloadClients to meet function-length limit.

reloadClients is significantly over the 40-line cap, which makes this hot path harder to reason about and maintain. Please split it into focused helpers (e.g., auth filtering, count aggregation, hash cache rebuild, callback/refresh orchestration).

As per coding guidelines, "Maximum function length: 40 lines".

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/llmproxy/watcher/clients.go` around lines 24 - 121, The reloadClients
function is too long; extract coherent sub-tasks into small helpers to meet the
40-line limit. Specifically: move the OAuth exclusion logic into a helper like
applyOAuthExclusions(w *Watcher, affectedOAuthProviders []string) that
references matchProvider and w.currentAuths; move API key client
building/counting into buildAndLogAPIKeyCounts(cfg) that calls
BuildAPIKeyClients and returns the individual counts and total; move auth
directory rescan and hash/content cache population into rebuildAuthHashCache(w
*Watcher, cfg *Config) which uses util.ResolveAuthDir, w.normalizeAuthPath, and
updates w.lastAuthHashes and w.lastAuthContents; move file-client loading
decision into loadOrCountFileClients(w *Watcher, cfg *Config, rescanAuth bool)
that calls loadFileClients; and move orchestration (invoking reloadCallback,
refreshAuthState) into finalizeReload(w *Watcher, cfg *Config, counts...) that
calls w.reloadCallback and w.refreshAuthState. Replace the body of reloadClients
with a short orchestrator calling these helpers and logging totals.

pkg/llmproxy/executor/codex_websockets_executor.go (1)

1309-1311: 🧹 Nitpick | 🔵 Trivial

Consider renaming sanitizeCodexWebsocketLogField to reflect its behavior.

The function name suggests sanitization, but it performs complete redaction. If the intent is full redaction, consider naming it redactCodexWebsocketLogField. If the intent is sanitization while preserving some utility, implement partial masking as suggested above.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/llmproxy/executor/codex_websockets_executor.go` around lines 1309 - 1311,
The function sanitizeCodexWebsocketLogField currently fully redacts the input by
calling util.RedactAPIKey but its name implies generic sanitization; rename the
function to redactCodexWebsocketLogField to reflect actual behavior, update all
usages/imports/tests to the new name, and keep the implementation calling
util.RedactAPIKey(strings.TrimSpace(raw)); alternatively, if you prefer partial
masking instead, modify redactCodexWebsocketLogField to implement the chosen
masking logic (preserving util.RedactAPIKey only if needed) and update callers
accordingly.

♻️ Duplicate comments (2)

pkg/llmproxy/auth/qwen/qwen_token.go (2)

78-83: ⚠️ Potential issue | 🔴 Critical

Use the sanitized path; it is currently ignored.

cleanTokenFilePath() returns a validated path, but Line 78 discards it. As a result, BaseTokenStorage.Save() can fail with file path is empty (or write to a stale previous path). Assign the cleaned path to ts.BaseTokenStorage.FilePath before saving.

Proposed fix

 func (ts *QwenTokenStorage) SaveTokenToFile(authFilePath string) error {
 	misc.LogSavingCredentials(authFilePath)
 	if ts.BaseTokenStorage == nil {
 		return fmt.Errorf("qwen token: base token storage is nil")
 	}
 
-	if _, err := cleanTokenFilePath(authFilePath, "qwen token"); err != nil {
+	cleanPath, err := cleanTokenFilePath(authFilePath, "qwen token")
+	if err != nil {
 		return err
 	}
 
+	ts.BaseTokenStorage.FilePath = cleanPath
 	ts.BaseTokenStorage.Type = "qwen"
 	return ts.BaseTokenStorage.Save()
 }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/llmproxy/auth/qwen/qwen_token.go` around lines 78 - 83,
cleanTokenFilePath(authFilePath, "qwen token") returns the sanitized path but
the returned value is ignored; update the token storage before saving by
assigning the cleaned path to ts.BaseTokenStorage.FilePath, set
ts.BaseTokenStorage.Type = "qwen" if not already, then call
ts.BaseTokenStorage.Save() so Save() uses the validated path (refer to
cleanTokenFilePath, ts.BaseTokenStorage.FilePath, and BaseTokenStorage.Save).

---

41-47: ⚠️ Potential issue | 🟠 Major

Persist token files with explicit owner-only permissions.

Line 41 uses os.Create, which relies on process umask. For token material, create with explicit 0600 permissions.

Proposed fix

-	f, err := os.Create(b.FilePath)
+	f, err := os.OpenFile(b.FilePath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0o600)
 	if err != nil {
 		return fmt.Errorf("failed to create token file: %w", err)
 	}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/llmproxy/auth/qwen/qwen_token.go` around lines 41 - 47, The token file is
created with os.Create which relies on umask; instead open the path b.FilePath
with os.OpenFile using flags os.O_CREATE|os.O_WRONLY|os.O_TRUNC and explicit
permission 0600 so the file is owner-read/write only, then continue to encode
with json.NewEncoder(f).Encode(b) and defer f.Close(); ensure you check and
return any errors from os.OpenFile and from Encode (same error handling
currently in the Save function that writes the token).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@pkg/llmproxy/executor/antigravity_executor.go`:
- Around line 1688-1694: The validateAntigravityBaseURL function is too
permissive: it allows any *.googleapis.com host and accepts URLs with non-empty
path, query, fragment, userinfo or port which can redirect bearer-token
requests; update validateAntigravityBaseURL to parse the URL and additionally
require parsed.User == nil, parsed.Port() == "", parsed.Path == "" (or exactly
"/"), parsed.RawQuery == "" and parsed.Fragment == "", and ensure
parsed.Hostname() endsWith ".googleapis.com" (or matches the exact allowed
Antigravity host) before returning true; apply the same stricter checks to the
other base_url validation sites in this file (the validations around the blocks
at ~1702-1705 and ~1713-1716) so all custom base_url validations enforce the
same constraints.
- Around line 1688-1694: The current validateAntigravityBaseURL function uses
manual parsing; replace it by using the go-playground/validator package:
register a custom validation (e.g., "antigravity_url") with validator.New() that
checks parsed URL has scheme "https" and that parsed.Hostname() ends with
".googleapis.com", then call v.Var(rawURL, "required,antigravity_url") (or use
the shared/global validator if one exists) and return the boolean result; keep
the function name validateAntigravityBaseURL and preserve the same true/false
semantics.

In `@pkg/llmproxy/executor/codex_websockets_executor.go`:
- Around line 1297-1307: The current redaction (sanitizeCodexWebsocketLogField)
hides session/auth IDs making correlation impossible; update
logCodexWebsocketConnected and logCodexWebsocketDisconnected to use a
reversible-or-deterministic masked form (e.g., show first 4–8 chars + "…" or a
short fixed-length hash) instead of returning "[REDACTED]"; modify
sanitizeCodexWebsocketLogField to implement this deterministic partial masking
(same input => same output) so sessionID/authID remain privacy-protected but
correlatable, and leave sanitizeCodexWebsocketLogURL behavior unchanged or apply
URL-safe masking if needed.

In `@pkg/llmproxy/registry/model_registry.go`:
- Line 613: The debug logs currently use redactClientID(clientID) which fully
replaces client IDs with "[REDACTED]" and prevents tracing — change to a partial
masking strategy: implement a new helper (e.g., redactClientIDPartial or update
redactClientID) that preserves a small suffix/prefix of clientID (e.g., first 4
and last 4 chars) and masks the middle, and use that helper in the log.Debugf
calls that print client IDs (the lines logging "Marked model %s as quota
exceeded for client %s", the "Suspended client ..." log, and the other
occurrences that currently call redactClientID) so logs show an identifiable
masked client token while still hiding most of the ID.
- Around line 18-24: The redactClientID function currently returns "[REDACTED]"
which prevents correlating client events; update redactClientID to perform a
partial mask locally (do not import util) by preserving a small prefix and/or
suffix of the id (e.g., first 4 and last 4 chars) and replacing the middle with
a fixed number of mask characters or ellipsis while handling short ids (return
masked but distinguishable form when length <= 8). Keep the function name
redactClientID and ensure it never exposes the full id but yields consistent,
debuggable masked strings for logging.

In `@pkg/llmproxy/thinking/apply.go`:
- Line 124: The model name field is being run through util.RedactAPIKey (e.g.,
the "model" key), which wrongly redacts public model identifiers; replace uses
of util.RedactAPIKey for model names with either no redaction or with the same
redactLogText() approach used elsewhere (see other occurrences using
redactLogText for model) so model values remain readable in logs; update all
occurrences that set "model": util.RedactAPIKey(...) to instead set the raw
model string or use redactLogText(model) for consistency.

In `@pkg/llmproxy/watcher/clients.go`:
- Line 60: The file currently uses logrus (imported as log) for logging (e.g.,
log.Debugf("loaded %d API key clients", totalAPIKeyClients)); replace logrus
with zerolog by swapping the import to "github.com/rs/zerolog/log" and update
all log.* calls to zerolog patterns (e.g., change log.Debugf(...) to
log.Debug().Msgf(...), log.Infof to log.Info().Msgf or log.Info().Msg,
log.Errorf to log.Error().Err(err).Msgf/Msg as appropriate). Ensure references
like totalAPIKeyClients and any other arguments are preserved, remove the old
logrus import alias, and adjust any structured fields to use zerolog's
With/Str/Int methods if present.

In `@sdk/cliproxy/auth/conductor_apikey.go`:
- Around line 74-135: The rebuildAPIKeyModelAliasLocked function is too long and
mixes provider dispatch, config resolution, and table assembly; refactor by
extracting per-provider helpers (e.g., buildByAliasForAuth(cfg, auth) or
provider-specific functions like handleGeminiAPIKey(auth, cfg),
handleClaudeAPIKey(...), handleCodexAPIKey(...), handleVertexAPIKey(...), and
handleOpenAICompat(...)) that return the byAlias map or nil, and a small helper
to assign non-empty maps into the output table (use the existing
compileAPIKeyModelAliasForModels inside those helpers). Replace the big switch
in rebuildAPIKeyModelAliasLocked with calls to these helpers, keep each function
under ~40 lines, and ensure the final m.apiKeyModelAlias.Store(out) call and any
nil checks remain in rebuildAPIKeyModelAliasLocked.
- Around line 249-267: The API key comparisons currently use strings.EqualFold
which does case-insensitive matching; change these comparisons to use
case-sensitive, exact matching for API keys and use a constant-time comparison
for secret API keys (e.g., compare byte slices with subtle.ConstantTimeCompare)
where GetAPIKey() or attrKey are involved; specifically update the comparisons
in the function that iterates entries (references: variables cfgKey, attrKey,
cfgBase, attrBase and method GetAPIKey on entry) to: use exact string equality
for cfgBase/attrBase where appropriate and replace strings.EqualFold(cfgKey,
attrKey) and the final
strings.EqualFold(strings.TrimSpace((*entry).GetAPIKey()), attrKey) with a
constant-time byte comparison for API key equality while keeping base
comparisons exact/case-sensitive.

In `@sdk/cliproxy/auth/conductor_execution.go`:
- Around line 103-158: The executeMixedOnce function is too long and duplicates
control flow; extract reusable helpers to keep functions under 40 lines by
moving the per-attempt logic and error/result bookkeeping into smaller
functions. Specifically, create a helper like performAttempt(ctx, auth,
executor, provider, routeModel, req, opts) that encapsulates preparing execCtx
(using Manager.roundTripperFor and the roundTripperContextKey /
"cliproxy.roundtripper"), rewriting the model (rewriteModelForAuth,
Manager.applyOAuthModelAlias, Manager.applyAPIKeyModelAlias), invoking
executor.Execute, building the Result (Result struct, setting Error.HTTPStatus
via cliproxyexecutor.StatusError, setting RetryAfter via retryAfterFromError),
calling Manager.MarkResult, and returning (resp, errExec, result); then simplify
executeMixedOnce to call pickNextMixed, call performAttempt, handle
execCtx.Err() and isRequestInvalidError(errExec), update tried map, and manage
lastErr/loop continuation. Ensure helper names reference executeMixedOnce,
pickNextMixed, Manager.roundTripperFor, rewriteModelForAuth,
applyOAuthModelAlias, applyAPIKeyModelAlias, retryAfterFromError,
isRequestInvalidError, and Manager.MarkResult so reviewers can find and replace
the logic.
- Around line 294-296: The code currently marks a stream as successful whenever
failed == false, which can wrongly record success if streamCtx was canceled
mid-stream; update the conditional around MarkResult in conductor_execution.go
so it also checks that streamCtx.Err() is nil (or not
context.Canceled/DeadlineExceeded) before calling m.MarkResult(streamCtx,
Result{...}); locate the block with the failed variable and MarkResult and
change the guard from if !failed { ... } to also ensure the context has not been
canceled or timed out (e.g., if !failed && streamCtx.Err() == nil) so canceled
streams are not marked successful.

In `@sdk/cliproxy/auth/conductor_helpers.go`:
- Around line 61-116: The closestCooldownWait method in Manager is too long and
mixes concerns (provider normalization, retry-resolution, and blocked-state
evaluation); split it into smaller helper functions: 1) extract provider
normalization into a normalizeProviders(providers []string) map[string]struct{}
used at the top of closestCooldownWait; 2) move per-auth retry resolution into a
resolveEffectiveRetry(auth) int that uses m.requestRetry and
auth.RequestRetryOverride(); and 3) move the blocked-state check into a
isBlockedAndNext(auth, model, now) (returning (blocked bool, next time.Time,
reason blockReasonType)) which internally calls isAuthBlockedForModel. Update
closestCooldownWait to call these helpers and preserve existing behavior with
the same variables (m.auths iteration, found/minWait logic) so the function
falls under the 40-line limit.
- Around line 425-428: The current early-return when auth.Metadata == nil
prevents saving valid auth records; remove the "if auth.Metadata == nil { return
nil }" guard in conductor_helpers.go so the persistence path (the save/persist
function that consumes auth objects) runs regardless of Metadata presence, and
ensure the downstream persistence logic (the existing save/persist method used
in this file) tolerates a nil Metadata rather than relying on this shortcut;
update or add a test to cover saving an auth with nil Metadata to prevent
regressions.

In `@sdk/cliproxy/auth/conductor_http.go`:
- Around line 14-24: The InjectCredentials method can panic if the receiver is
nil because it accesses m.mu and m.auths without a nil check; add an early guard
at the top of Manager.InjectCredentials that returns nil if m == nil (similar to
other methods in the file), then proceed to acquire the read lock and use
m.auths and m.executors (references: Manager, InjectCredentials, m.mu, m.auths,
m.executors, executorKeyFromAuth) to avoid panics on nil receiver.

In `@sdk/cliproxy/auth/conductor_management.go`:
- Around line 62-64: The Register and Update handlers currently ignore errors
from m.persist and proceed to call hooks and return success; change them to
check the error returned by m.persist(ctx, auth) and if non-nil, return that
error (or wrap it with context) instead of calling m.hook.OnAuthRegistered /
m.hook.OnAuthUpdated or returning auth.Clone(); ensure you perform the persist
call, handle its error, and only on success call the hook (using auth.Clone())
and return the cloned auth; update both Register and Update code paths where
m.persist is currently assigned to _.
- Around line 84-92: In Load, avoid calling m.store.List(ctx) while holding
m.mu; instead, inside Load grab m.mu, check for nil and copy the pointer into a
local variable (e.g., store := m.store), then unlock m.mu before performing
store.List(ctx); after the I/O completes, re-acquire the mutex only if you need
to update shared state. This removes slow store I/O from under m.mu while
preserving the nil-check and correct synchronization around shared state in the
Load method.
- Around line 19-27: RegisterExecutor uses the trimmed provider identifier as
the map key but does not lowercase it, causing mismatches with
UnregisterExecutor and lookups that use lowercase keys; update RegisterExecutor
to normalize the key by calling strings.ToLower on the trimmed identifier (e.g.,
provider := strings.ToLower(strings.TrimSpace(executor.Identifier()))) and then
use that normalized provider when reading/writing m.executors (the replaced
variable and m.executors[provider]) so stored keys match other lookups.

In `@sdk/cliproxy/auth/conductor_refresh.go`:
- Around line 64-65: The refresh logic is looking up executors using raw
provider strings (m.executorFor(a.Provider)) which can miss executors registered
under normalized keys; change the lookup to use the normalized key by calling
executorKeyFromAuth(a) (or executorKeyFromAuth(...) with the same auth object)
and then call m.executorFor(...) with that returned key; apply this same change
to the other refresh lookup sites around executorFor usage (including the
similar occurrences referenced at lines 323-325) so all refresh executor lookups
use executorKeyFromAuth before querying m.executorFor.
- Around line 87-140: The shouldRefresh function is too large and has complex
branches—split it into focused helpers: extract the policy evaluation into a new
func evaluateRefreshPolicy(a *Auth, now time.Time) bool (handles
NextRefreshAfter, Runtime RefreshEvaluator branch, provider lead logic and
preferred interval checks), move metadata parsing (authLastRefreshTimestamp,
a.ExpirationTime, authPreferredInterval, ProviderRefreshLead) into a helper
parseRefreshMetadata(a *Auth) that returns (lastRefresh time.Time, expiry
time.Time, hasExpiry bool, interval time.Duration, lead *time.Duration), and
keep shouldRefresh as a thin coordinator that calls parseRefreshMetadata and
evaluateRefreshPolicy; likewise refactor refreshAuth into small helpers
applyRefreshSuccess(a *Auth, result) and handleRefreshError(a *Auth, err) to
separate success/error paths and reduce cyclomatic complexity. Ensure new
helpers are unit-testable and referenced by Manager.shouldRefresh and
Manager.refreshAuth.
- Around line 23-29: StartAutoRefresh and StopAutoRefresh race on
m.refreshCancel; protect all reads/writes with the existing mutex (e.g., m.mu)
or add one if missing. Wrap the check-and-cancel block in StopAutoRefresh and
the assign-and-nil logic in StartAutoRefresh with m.mu.Lock()/Unlock(), and when
cancelling set m.refreshCancel = nil while holding the lock; similarly, when
setting m.refreshCancel = cancel, do it under the same lock. Ensure the
goroutine uses the local ctx variable (ctx, cancel :=
context.WithCancel(parent)) so it does not rely on unsynchronized access to
m.refreshCancel.
- Around line 18-22: The code in conductor_refresh.go currently ignores the
caller-provided interval because both branches set interval =
refreshCheckInterval; change the logic so that when the input interval is valid
(i.e., not <= 0 and not > refreshCheckInterval) you keep the provided interval,
and only set interval = refreshCheckInterval when the input is invalid; update
the branch that now redundantly sets refreshCheckInterval to instead leave
interval unchanged (or explicitly set interval = interval) and keep referring to
the interval variable and refreshCheckInterval constant to locate the change.
- Around line 11-12: Replace the logrus import with zerolog by changing the
import from "github.com/sirupsen/logrus" to "github.com/rs/zerolog/log", and
update all log.Debugf(...) usages in this file to zerolog's pattern:
log.Debug().Msgf("...", args...), e.g. replace log.Debugf("format", vars) with
log.Debug().Msgf("format", vars). Ensure you update all occurrences in
conductor_refresh.go (the reported calls at the Debugf sites) and keep other log
levels consistent if present.

In `@sdk/cliproxy/auth/conductor_result.go`:
- Around line 123-125: The persist call is happening while holding the manager
lock (m.mu) which can block other operations; fix by capturing the auth value
needed for persistence (e.g., copy or assign the auth variable) while still
under the lock, then call m.mu.Unlock() and invoke m.persist(ctx, auth) after
the lock is released (handle/log any error from m.persist accordingly). Ensure
you only access shared state under m.mu and call m.persist outside the critical
section; reference the m.persist call, the mutex m.mu, and the auth variable in
your change.
- Around line 14-140: The MarkResult method is too long and mixes concerns;
split it into focused helpers to handle success vs failure and model vs
auth-level logic, then call persistence and registry side-effects. Refactor by
extracting at least: handleSuccessResult(ctx, auth, result, now) to encapsulate
the result.Success branch (using ensureModelState, resetModelState,
clearAuthStateOnSuccess, updateAggregatedAvailability), handleFailureResult(ctx,
auth, result, now) for the failure branch (model-level: set state.Unavailable,
status, LastError, statusCodeFromResult, next-retry/backoff logic and
QuotaState; auth-level: call applyAuthFailureState), and
finalizeResultEffects(ctx, result, shouldResumeModel, shouldSuspendModel,
setModelQuota, clearModelQuota) to persist via m.persist and call
registry.GetGlobalRegistry().(ClearModelQuotaExceeded|SetModelQuotaExceeded|ResumeClientModel|SuspendClientModel)
and m.hook.OnResult; keep locking around auth lookup and minimal state mutations
but move complex branches into these new helpers to reduce MarkResult to
orchestration only.
- Around line 347-394: The function applyAuthFailureState is marking
auth.Unavailable = true before classifying the error; remove that early
assignment and only set auth.Unavailable = true for status codes that indicate
credential or upstream failures (i.e., inside the switch branches for 401, 402,
403, 404, 429 and the transient-server group 408, 500, 502, 503, 504) so
malformed-request/client-shape errors (e.g., 400) do not quarantine healthy
creds; keep auth.Status, auth.UpdatedAt, LastError and StatusMessage handling
as-is and ensure any existing logic that sets NextRetryAfter / Quota fields
remains unchanged.

In `@sdk/cliproxy/auth/conductor_selection.go`:
- Around line 62-69: The code reads selected.indexAssigned after releasing the
lock which can race; instead use the cloned snapshot authCopy.indexAssigned or
re-check under the mutex. Change the block that currently does if
!selected.indexAssigned { m.mu.Lock() ... } to rely on authCopy.indexAssigned (a
stable clone) for the pre-check or move the entire check-and-EnsureIndex
sequence under m.mu to re-read m.auths safely; apply the same fix to the similar
logic around lines handling selected/indexAssigned at the later block (the code
that references selected.indexAssigned, m.auths, EnsureIndex and
authCopy.Clone()).
- Around line 33-34: pickNext currently compares candidate.Provider to provider
with a case-sensitive direct equality; change it to use the same normalization
as executorKeyFromAuth by passing both values through executorKeyFromAuth (or
the shared normalizer) before comparing (i.e., normalize candidate.Provider and
provider in pickNext) so the provider filter honors the canonical keying
semantics used elsewhere.
- Around line 13-71: The pickNext function is too large and mixes
responsibilities; extract smaller helpers: 1) normalizeModelKey(ctx, model
string, opts cliproxyexecutor.Options) string — perform pinnedAuthIDFromMetadata
and thinking.ParseSuffix to produce modelKey; 2) buildCandidates(provider
string, modelKey string, tried map[string]struct{}) []*Auth — iterate m.auths
with the registry check (registry.GetGlobalRegistry().ClientSupportsModel) and
executor existence check to return filtered candidates; 3) chooseAuth(ctx,
provider, model string, opts cliproxyexecutor.Options, candidates []*Auth)
(*Auth, error) — call m.selector.Pick and handle nil/error; and 4)
ensureIndexOnSelection(auth *Auth) *Auth — perform the indexAssigned check and
call EnsureIndex on the canonical entry in m.auths to return a cloned auth with
index set. Then refactor pickNext to be a thin coordinator that uses executors
lookup (m.executors), calls these helpers in sequence (normalize ->
buildCandidates -> chooseAuth -> ensureIndexOnSelection) and returns the final
authCopy and executor; keep references to symbols pinnedAuthIDFromMetadata,
thinking.ParseSuffix, registry.GetGlobalRegistry, m.selector.Pick, EnsureIndex,
indexAssigned, m.auths and m.executors, and ensure the new helpers live on
Manager and reduce pickNext to <40 lines; apply same decomposition pattern to
the other selection flow (lines 74-155).

---

Outside diff comments:
In `@pkg/llmproxy/executor/codex_websockets_executor.go`:
- Around line 1309-1311: The function sanitizeCodexWebsocketLogField currently
fully redacts the input by calling util.RedactAPIKey but its name implies
generic sanitization; rename the function to redactCodexWebsocketLogField to
reflect actual behavior, update all usages/imports/tests to the new name, and
keep the implementation calling util.RedactAPIKey(strings.TrimSpace(raw));
alternatively, if you prefer partial masking instead, modify
redactCodexWebsocketLogField to implement the chosen masking logic (preserving
util.RedactAPIKey only if needed) and update callers accordingly.

In `@pkg/llmproxy/watcher/clients.go`:
- Around line 24-121: The reloadClients function is too long; extract coherent
sub-tasks into small helpers to meet the 40-line limit. Specifically: move the
OAuth exclusion logic into a helper like applyOAuthExclusions(w *Watcher,
affectedOAuthProviders []string) that references matchProvider and
w.currentAuths; move API key client building/counting into
buildAndLogAPIKeyCounts(cfg) that calls BuildAPIKeyClients and returns the
individual counts and total; move auth directory rescan and hash/content cache
population into rebuildAuthHashCache(w *Watcher, cfg *Config) which uses
util.ResolveAuthDir, w.normalizeAuthPath, and updates w.lastAuthHashes and
w.lastAuthContents; move file-client loading decision into
loadOrCountFileClients(w *Watcher, cfg *Config, rescanAuth bool) that calls
loadFileClients; and move orchestration (invoking reloadCallback,
refreshAuthState) into finalizeReload(w *Watcher, cfg *Config, counts...) that
calls w.reloadCallback and w.refreshAuthState. Replace the body of reloadClients
with a short orchestrator calling these helpers and logging totals.

---

Duplicate comments:
In `@pkg/llmproxy/auth/qwen/qwen_token.go`:
- Around line 78-83: cleanTokenFilePath(authFilePath, "qwen token") returns the
sanitized path but the returned value is ignored; update the token storage
before saving by assigning the cleaned path to ts.BaseTokenStorage.FilePath, set
ts.BaseTokenStorage.Type = "qwen" if not already, then call
ts.BaseTokenStorage.Save() so Save() uses the validated path (refer to
cleanTokenFilePath, ts.BaseTokenStorage.FilePath, and BaseTokenStorage.Save).
- Around line 41-47: The token file is created with os.Create which relies on
umask; instead open the path b.FilePath with os.OpenFile using flags
os.O_CREATE|os.O_WRONLY|os.O_TRUNC and explicit permission 0600 so the file is
owner-read/write only, then continue to encode with json.NewEncoder(f).Encode(b)
and defer f.Close(); ensure you check and return any errors from os.OpenFile and
from Encode (same error handling currently in the Save function that writes the
token).

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 24102a5 and 629a6bf.

📒 Files selected for processing (23)

• .gitignore
• pkg/llmproxy/auth/qwen/qwen_auth.go
• pkg/llmproxy/auth/qwen/qwen_auth_test.go
• pkg/llmproxy/auth/qwen/qwen_token.go
• pkg/llmproxy/auth/qwen/qwen_token_test.go
• pkg/llmproxy/executor/antigravity_executor.go
• pkg/llmproxy/executor/codex_websockets_executor.go
• pkg/llmproxy/executor/kiro_auth.go
• pkg/llmproxy/executor/kiro_executor.go
• pkg/llmproxy/executor/kiro_streaming.go
• pkg/llmproxy/executor/kiro_transform.go
• pkg/llmproxy/registry/model_registry.go
• pkg/llmproxy/thinking/apply.go
• pkg/llmproxy/usage/metrics.go
• pkg/llmproxy/watcher/clients.go
• sdk/cliproxy/auth/conductor_apikey.go
• sdk/cliproxy/auth/conductor_execution.go
• sdk/cliproxy/auth/conductor_helpers.go
• sdk/cliproxy/auth/conductor_http.go
• sdk/cliproxy/auth/conductor_management.go
• sdk/cliproxy/auth/conductor_refresh.go
• sdk/cliproxy/auth/conductor_result.go
• sdk/cliproxy/auth/conductor_selection.go

💤 Files with no reviewable changes (2)

• pkg/llmproxy/executor/kiro_auth.go
• pkg/llmproxy/executor/kiro_executor.go

📜 Review details

🧰 Additional context used

📓 Path-based instructions (1)

**/*.go

📄 CodeRabbit inference engine (AGENTS.md)

**/*.go: NEVER create a v2 file - refactor the original instead
NEVER create a new class if an existing one can be made generic
NEVER create custom implementations when an OSS library exists - search pkg.go.dev for existing libraries before writing code
Build generic building blocks (provider interface + registry) before application logic
Use chi for HTTP routing (NOT custom routers)
Use zerolog for logging (NOT fmt.Print)
Use viper for configuration (NOT manual env parsing)
Use go-playground/validator for validation (NOT manual if/else validation)
Use golang.org/x/time/rate for rate limiting (NOT custom limiters)
Use template strings for messages instead of hardcoded messages and config-driven logic instead of code-driven
Zero new lint suppressions without inline justification
All new code must pass: go fmt, go vet, golint
Maximum function length: 40 lines
No placeholder TODOs in committed code

Files:

• pkg/llmproxy/thinking/apply.go
• pkg/llmproxy/usage/metrics.go
• pkg/llmproxy/executor/kiro_streaming.go
• pkg/llmproxy/registry/model_registry.go
• pkg/llmproxy/auth/qwen/qwen_auth.go
• sdk/cliproxy/auth/conductor_result.go
• pkg/llmproxy/auth/qwen/qwen_token.go
• pkg/llmproxy/executor/antigravity_executor.go
• pkg/llmproxy/watcher/clients.go
• pkg/llmproxy/executor/codex_websockets_executor.go
• pkg/llmproxy/auth/qwen/qwen_auth_test.go
• sdk/cliproxy/auth/conductor_http.go
• sdk/cliproxy/auth/conductor_execution.go
• sdk/cliproxy/auth/conductor_refresh.go
• pkg/llmproxy/executor/kiro_transform.go
• sdk/cliproxy/auth/conductor_selection.go
• pkg/llmproxy/auth/qwen/qwen_token_test.go
• sdk/cliproxy/auth/conductor_management.go
• sdk/cliproxy/auth/conductor_apikey.go
• sdk/cliproxy/auth/conductor_helpers.go

🧠 Learnings (3)

📚 Learning: 2026-02-25T10:11:41.448Z

Learnt from: CR
Repo: KooshaPari/cliproxyapi-plusplus PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-25T10:11:41.448Z
Learning: Applies to **/*.go : Use zerolog for logging (NOT fmt.Print)

Applied to files:

• pkg/llmproxy/thinking/apply.go
• pkg/llmproxy/auth/qwen/qwen_auth.go
• pkg/llmproxy/executor/kiro_transform.go

📚 Learning: 2026-02-25T10:11:41.448Z

Learnt from: CR
Repo: KooshaPari/cliproxyapi-plusplus PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-25T10:11:41.448Z
Learning: Applies to **/*.go : Build generic building blocks (provider interface + registry) before application logic

Applied to files:

• pkg/llmproxy/thinking/apply.go
• pkg/llmproxy/auth/qwen/qwen_auth_test.go
• pkg/llmproxy/auth/qwen/qwen_token_test.go

📚 Learning: 2026-03-01T02:42:42.896Z

Learnt from: CR
Repo: KooshaPari/cliproxyapi-plusplus PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-01T02:42:42.896Z
Learning: Applies to **/*.py : Use structured logging with clear, meaningful log messages; never log sensitive information (API keys, passwords, tokens)

Applied to files:

• sdk/cliproxy/auth/conductor_helpers.go

🧬 Code graph analysis (13)

pkg/llmproxy/thinking/apply.go (1)

pkg/llmproxy/util/provider.go (1)

• RedactAPIKey (229-234)

pkg/llmproxy/auth/qwen/qwen_auth.go (1)

pkg/llmproxy/auth/qwen/qwen_token.go (1)

• BaseTokenStorage (17-25)

sdk/cliproxy/auth/conductor_result.go (2)

sdk/cliproxy/auth/errors.go (1)

• Error (4-13)

sdk/cliproxy/auth/types.go (3)

• QuotaState (99-108)
• Auth (46-96)
• ModelState (111-126)

pkg/llmproxy/executor/antigravity_executor.go (1)

pkg/llmproxy/util/provider.go (1)

• RedactAPIKey (229-234)

pkg/llmproxy/watcher/clients.go (2)

pkg/llmproxy/config/config.go (4)

• GeminiKey (453-478)
• ClaudeKey (357-386)
• CodexKey (405-434)
• OpenAICompatibility (620-646)

sdk/config/config.go (4)

• GeminiKey (30-30)
• ClaudeKey (26-26)
• CodexKey (28-28)
• OpenAICompatibility (38-38)

pkg/llmproxy/auth/qwen/qwen_auth_test.go (1)

pkg/llmproxy/auth/qwen/qwen_token.go (2)

• QwenTokenStorage (54-62)
• BaseTokenStorage (17-25)

sdk/cliproxy/auth/conductor_http.go (4)

sdk/cliproxy/executor/types.go (2)

• Request (25-34)
• Response (55-62)

sdk/cliproxy/auth/conductor.go (2)

• ProviderExecutor (15-30)
• RequestPreparer (38-40)

sdk/cliproxy/auth/types.go (1)

• Auth (46-96)

sdk/cliproxy/auth/errors.go (1)

• Error (4-13)

sdk/cliproxy/auth/conductor_execution.go (3)

sdk/cliproxy/executor/types.go (4)

• Request (25-34)
• Options (37-52)
• Response (55-62)
• StreamResult (74-79)

sdk/cliproxy/auth/errors.go (1)

• Error (4-13)

sdk/cliproxy/auth/types.go (1)

• Auth (46-96)

sdk/cliproxy/auth/conductor_refresh.go (2)

sdk/cliproxy/auth/types.go (2)

• Auth (46-96)
• ProviderRefreshLead (474-493)

sdk/cliproxy/auth/conductor.go (2)

• RefreshEvaluator (57-59)
• ProviderExecutor (15-30)

pkg/llmproxy/auth/qwen/qwen_token_test.go (1)

pkg/llmproxy/auth/qwen/qwen_token.go (1)

• BaseTokenStorage (17-25)

sdk/cliproxy/auth/conductor_management.go (2)

sdk/cliproxy/auth/conductor.go (3)

• ProviderExecutor (15-30)
• ExecutionSessionCloser (33-35)
• CloseAllExecutionSessionsID (53-53)

sdk/cliproxy/auth/types.go (1)

• Auth (46-96)

sdk/cliproxy/auth/conductor_apikey.go (3)

pkg/llmproxy/thinking/suffix.go (1)

• ParseSuffix (23-44)

sdk/access/registry.go (1)

• Provider (11-14)

sdk/cliproxy/auth/types.go (1)

• Auth (46-96)

sdk/cliproxy/auth/conductor_helpers.go (2)

sdk/cliproxy/executor/types.go (5)

• Options (37-52)
• RequestedModelMetadataKey (11-11)
• PinnedAuthMetadataKey (15-15)
• SelectedAuthMetadataKey (17-17)
• SelectedAuthCallbackMetadataKey (19-19)

pkg/llmproxy/util/provider.go (1)

• RedactAPIKey (229-234)

🔇 Additional comments (15)

.gitignore (1)

3-4: Root-anchored ignore entries look correct.

Scoping these patterns to repository root is a good tightening and avoids unintentionally ignoring nested paths.

pkg/llmproxy/usage/metrics.go (1)

7-7: Import path correction looks right.

Line 7 aligns with the module consolidation and matches the stated PR build-fix objective.

pkg/llmproxy/executor/kiro_streaming.go (1)

22-23: Alias normalization is correct and safe.

The renamed imports are consistent with usage in this file and do not change behavior.

pkg/llmproxy/executor/kiro_transform.go (1)

13-13: Import alias update is good.

Line 13 now matches the auth alias convention used across Kiro executor code.

pkg/llmproxy/watcher/clients.go (2)

58-59: Count renaming in reloadClients is consistent and behavior-preserving.

The client-count variables are propagated consistently through total aggregation and final reporting, with no observable logic drift.

Also applies to: 103-104, 115-119

---

246-249: BuildAPIKeyClients rename updates are coherent and return-contract safe.

The internal variable rename and returned tuple mapping remain aligned, and the per-provider count math is unchanged.

Also applies to: 253-257, 259-263, 269-269

pkg/llmproxy/auth/qwen/qwen_auth_test.go (1)

156-157: Good test alignment with embedded token storage.

This update correctly reflects the new QwenTokenStorage shape and keeps the traversal-path test intent intact.

pkg/llmproxy/auth/qwen/qwen_auth.go (1)

352-359: Storage composition update looks correct.

The new embedded BaseTokenStorage mapping is consistent with the refactor and preserves all required token fields.

pkg/llmproxy/auth/qwen/qwen_token_test.go (1)

16-17: Test fixtures are correctly migrated to the embedded base storage model.

These updates match the new QwenTokenStorage structure and keep test intent clear.

Also applies to: 32-32

pkg/llmproxy/executor/antigravity_executor.go (1)

381-381: No changes needed. The log statements in these lines use logrus, which is the logging standard throughout the project. Zerolog is not currently integrated into this codebase.

Likely an incorrect or invalid review comment.

sdk/cliproxy/auth/conductor_http.go (1)

34-109: Request preparation and delegation flow is clean.

Input validation, executor resolution, and preparer delegation are consistent across PrepareHttpRequest, NewHttpRequest, and HttpRequest.

sdk/cliproxy/auth/conductor_helpers.go (2)

299-305: Good redaction in auth selection logs.

Using util.RedactAPIKey(...) for both API-key and OAuth paths is a solid security improvement.

---

13-14: Reconsider logrus vs zerolog requirement for this codebase.

The file uses logrus for logging, which is the established standard throughout the repository and is listed as a direct dependency in go.mod. No zerolog is present in the codebase. Refactoring only this file to use a different logging library would create an inconsistency across 30+ existing files that use logrus.

If migrating the entire codebase to zerolog is a requirement, this should be addressed as a repository-wide refactor, not isolated to this file.

Likely an incorrect or invalid review comment.

sdk/cliproxy/auth/conductor_execution.go (1)

142-143: errors.AsType is supported in your configured Go toolchain.

Your go.mod specifies go 1.26.0, which introduced errors.AsType as a type-safe generic alternative to errors.As. The API is available and the code at lines 142, 199, 255, and 276 uses it correctly. No changes needed.

sdk/cliproxy/auth/conductor_result.go (1)

301-317: The code compiles and works correctly; no syntax error exists.

The function retryAfterFromError at lines 301–317 compiles without errors (go build succeeds, go vet finds no issues) and is actively called in three locations within the codebase. All test suites pass. The claim that new(*retryAfter) breaks compilation is incorrect.

Likely an incorrect or invalid review comment.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Custom base_url validation is still too permissive for a security boundary.

The current check allows any *.googleapis.com host and does not reject non-empty path/query/fragment/userinfo/port. That can route bearer-token requests away from intended Antigravity endpoints.

🔐 Proposed hardening

 func validateAntigravityBaseURL(rawURL string) bool {
-	parsed, err := url.Parse(rawURL)
-	if err != nil || parsed.Scheme != "https" || parsed.Host == "" {
+	parsed, err := url.ParseRequestURI(strings.TrimSpace(rawURL))
+	if err != nil || !strings.EqualFold(parsed.Scheme, "https") || parsed.Host == "" {
 		return false
 	}
-	return strings.HasSuffix(parsed.Hostname(), ".googleapis.com")
+	if parsed.User != nil || parsed.Port() != "" || parsed.RawQuery != "" || parsed.Fragment != "" {
+		return false
+	}
+	if p := strings.TrimSpace(parsed.EscapedPath()); p != "" && p != "/" {
+		return false
+	}
+	switch strings.ToLower(parsed.Hostname()) {
+	case "daily-cloudcode-pa.googleapis.com",
+		"daily-cloudcode-pa.sandbox.googleapis.com",
+		"cloudcode-pa.googleapis.com":
+		return true
+	default:
+		return false
+	}
 }

Also applies to: 1702-1705, 1713-1716

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/llmproxy/executor/antigravity_executor.go` around lines 1688 - 1694, The
validateAntigravityBaseURL function is too permissive: it allows any
*.googleapis.com host and accepts URLs with non-empty path, query, fragment,
userinfo or port which can redirect bearer-token requests; update
validateAntigravityBaseURL to parse the URL and additionally require parsed.User
== nil, parsed.Port() == "", parsed.Path == "" (or exactly "/"), parsed.RawQuery
== "" and parsed.Fragment == "", and ensure parsed.Hostname() endsWith
".googleapis.com" (or matches the exact allowed Antigravity host) before
returning true; apply the same stricter checks to the other base_url validation
sites in this file (the validations around the blocks at ~1702-1705 and
~1713-1716) so all custom base_url validations enforce the same constraints.

---

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Search for go-playground/validator usage in Go files
rg -n 'go-playground/validator|validator\.New\(|RegisterValidation\(' --type go

Repository: KooshaPari/cliproxyapi-plusplus

Length of output: 57

---

🏁 Script executed:

#!/bin/bash
# Check the specific file for validation patterns
rg -n 'func validate' pkg/llmproxy/executor/antigravity_executor.go

Repository: KooshaPari/cliproxyapi-plusplus

Length of output: 133

---

🏁 Script executed:

#!/bin/bash
# Check imports in the file to see if validator is imported
head -50 pkg/llmproxy/executor/antigravity_executor.go | rg -n 'import'

Repository: KooshaPari/cliproxyapi-plusplus

Length of output: 85

---

🏁 Script executed:

#!/bin/bash
# Get full import section of the file
sed -n '6,40p' pkg/llmproxy/executor/antigravity_executor.go

Repository: KooshaPari/cliproxyapi-plusplus

Length of output: 1068

---

🏁 Script executed:

#!/bin/bash
# Check if go.mod references validator library
grep -i validator go.mod 2>/dev/null || echo "Not found in go.mod"

Repository: KooshaPari/cliproxyapi-plusplus

Length of output: 135

---

🏁 Script executed:

#!/bin/bash
# Search for any validation function definitions and usage patterns
rg -n 'func validate|Validate' --type go -A 3 | head -50

Repository: KooshaPari/cliproxyapi-plusplus

Length of output: 3735

---

Use the go-playground/validator library for URL validation instead of manual parsing.

The validateAntigravityBaseURL function implements custom if/else validation logic; per the coding guidelines, the go-playground/validator library should be used for all validation in Go code. The validator is already available as a dependency and should be integrated here.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/llmproxy/executor/antigravity_executor.go` around lines 1688 - 1694, The
current validateAntigravityBaseURL function uses manual parsing; replace it by
using the go-playground/validator package: register a custom validation (e.g.,
"antigravity_url") with validator.New() that checks parsed URL has scheme
"https" and that parsed.Hostname() ends with ".googleapis.com", then call
v.Var(rawURL, "required,antigravity_url") (or use the shared/global validator if
one exists) and return the boolean result; keep the function name
validateAntigravityBaseURL and preserve the same true/false semantics.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Session and auth ID redaction eliminates WebSocket debugging capability.

With sanitizeCodexWebsocketLogField returning "[REDACTED]" for all non-empty strings, these logs become:

codex websockets: upstream connected session=[REDACTED] auth=[REDACTED] url=...
codex websockets: upstream disconnected session=[REDACTED] auth=[REDACTED] url=... reason=error

This makes it impossible to:

• Correlate connect/disconnect events for the same session
• Identify which auth credential is experiencing connection issues
• Debug session lifecycle problems

Consider partial masking (first 4-8 characters) or a deterministic hash to preserve correlation while protecting full identifiers.

♻️ Suggested fix: partial masking for debuggability

 func sanitizeCodexWebsocketLogField(raw string) string {
-	return util.RedactAPIKey(strings.TrimSpace(raw))
+	trimmed := strings.TrimSpace(raw)
+	if trimmed == "" {
+		return ""
+	}
+	if len(trimmed) <= 8 {
+		return "***"
+	}
+	return trimmed[:8] + "***"
 }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/llmproxy/executor/codex_websockets_executor.go` around lines 1297 - 1307,
The current redaction (sanitizeCodexWebsocketLogField) hides session/auth IDs
making correlation impossible; update logCodexWebsocketConnected and
logCodexWebsocketDisconnected to use a reversible-or-deterministic masked form
(e.g., show first 4–8 chars + "…" or a short fixed-length hash) instead of
returning "[REDACTED]"; modify sanitizeCodexWebsocketLogField to implement this
deterministic partial masking (same input => same output) so sessionID/authID
remain privacy-protected but correlatable, and leave
sanitizeCodexWebsocketLogURL behavior unchanged or apply URL-safe masking if
needed.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check if importing util in model_registry.go would cause circular imports
echo "=== model_registry.go imports ==="
head -50 pkg/llmproxy/registry/model_registry.go | grep -E 'import|^\s*"'

echo ""
echo "=== Check if util imports registry ==="
rg 'llmproxy/registry' pkg/llmproxy/util/ || echo "No imports found"

echo ""
echo "=== util.RedactAPIKey implementation ==="
fd -e go . pkg/llmproxy/util/ | head -5
rg -A 5 'func.*[Rr]eact' pkg/llmproxy/util/

Repository: KooshaPari/cliproxyapi-plusplus

Length of output: 729

---

🏁 Script executed:

#!/bin/bash
# Check where redactClientID is used in model_registry.go
echo "=== Usage of redactClientID in model_registry.go ==="
rg -n 'redactClientID' pkg/llmproxy/registry/model_registry.go

echo ""
echo "=== Check all function signatures in model_registry.go that use redactClientID ==="
rg -B 10 'redactClientID' pkg/llmproxy/registry/model_registry.go | head -80

Repository: KooshaPari/cliproxyapi-plusplus

Length of output: 2402

---

🏁 Script executed:

#!/bin/bash
# Full import section of model_registry.go
echo "=== Full import section of model_registry.go ==="
sed -n '/^import/,/^[^(]/p' pkg/llmproxy/registry/model_registry.go | head -30

Repository: KooshaPari/cliproxyapi-plusplus

Length of output: 143

---

Circular import prevents using util.RedactAPIKey; consider partial masking for debuggability instead.

The comment correctly notes a circular import issue: util/provider.go imports the registry package, so model_registry.go cannot safely import from util. This makes the separate implementation necessary, not a duplication problem. However, completely redacting all client IDs to [REDACTED] removes debugging utility—you cannot correlate which client triggered quota exceeded, suspension, or resumption events in logs.

Since these are debug-level logs, consider partial masking to preserve correlation ability:

♻️ Suggested approach: partial masking for debuggability

-// redactClientID redacts a client ID for safe logging, avoiding circular imports with util.
-func redactClientID(id string) string {
-	if id == "" {
-		return ""
-	}
-	return "[REDACTED]"
-}
+// redactClientID masks a client ID for safe logging while preserving correlation ability.
+func redactClientID(id string) string {
+	if id == "" {
-		return ""
-	}
-	if len(id) <= 4 {
+		return "***"
+	}
+	return id[:4] + "***"
+}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/llmproxy/registry/model_registry.go` around lines 18 - 24, The
redactClientID function currently returns "[REDACTED]" which prevents
correlating client events; update redactClientID to perform a partial mask
locally (do not import util) by preserving a small prefix and/or suffix of the
id (e.g., first 4 and last 4 chars) and replacing the middle with a fixed number
of mask characters or ellipsis while handling short ids (return masked but
distinguishable form when length <= 8). Keep the function name redactClientID
and ensure it never exposes the full id but yields consistent, debuggable masked
strings for logging.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Debug logs will show "[REDACTED]" for all client operations.

With full redaction, logs like:

Marked model X as quota exceeded for client [REDACTED]
Suspended client [REDACTED] for model Y

...provide no way to identify which client is affected when investigating issues. Consider the partial masking approach suggested above.

Also applies to: 656-658, 682-682

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/llmproxy/registry/model_registry.go` at line 613, The debug logs
currently use redactClientID(clientID) which fully replaces client IDs with
"[REDACTED]" and prevents tracing — change to a partial masking strategy:
implement a new helper (e.g., redactClientIDPartial or update redactClientID)
that preserves a small suffix/prefix of clientID (e.g., first 4 and last 4
chars) and masks the middle, and use that helper in the log.Debugf calls that
print client IDs (the lines logging "Marked model %s as quota exceeded for
client %s", the "Suspended client ..." log, and the other occurrences that
currently call redactClientID) so logs show an identifiable masked client token
while still hiding most of the ID.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Incorrect use of RedactAPIKey for model names.

Model names (e.g., "gpt-4", "claude-sonnet-4") are public identifiers, not secrets. Applying util.RedactAPIKey will replace all model names with "[REDACTED]", making debug logs useless for troubleshooting.

Additionally, this is inconsistent with lines 189-194 which use redactLogText() for the same model field. Either align with redactLogText() throughout or—preferably—remove redaction from model names entirely since they are not sensitive.

🔧 Suggested fix: remove redaction from model names

 		log.WithFields(log.Fields{
-			"model":    util.RedactAPIKey(baseModel),
+			"model":    baseModel,
 			"provider": providerFormat,
 		}).Debug("thinking: model does not support thinking, stripping config |")

 		log.WithFields(log.Fields{
 			"provider": providerFormat,
-			"model":    util.RedactAPIKey(modelInfo.ID),
+			"model":    modelInfo.ID,
 		}).Debug("thinking: no config found, passthrough |")

 	if validated == nil {
 		log.WithFields(log.Fields{
 			"provider": providerFormat,
-			"model":    util.RedactAPIKey(modelInfo.ID),
+			"model":    modelInfo.ID,
 		}).Warn("thinking: ValidateConfig returned nil config without error, passthrough |")

Also applies to: 163-163, 183-183

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/llmproxy/thinking/apply.go` at line 124, The model name field is being
run through util.RedactAPIKey (e.g., the "model" key), which wrongly redacts
public model identifiers; replace uses of util.RedactAPIKey for model names with
either no redaction or with the same redactLogText() approach used elsewhere
(see other occurrences using redactLogText for model) so model values remain
readable in logs; update all occurrences that set "model":
util.RedactAPIKey(...) to instead set the raw model string or use
redactLogText(model) for consistency.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Do not persist while holding m.mu.

m.persist(ctx, auth) is called under the manager lock. If storage is slow, this blocks selection/execution paths and raises contention risk.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@sdk/cliproxy/auth/conductor_result.go` around lines 123 - 125, The persist
call is happening while holding the manager lock (m.mu) which can block other
operations; fix by capturing the auth value needed for persistence (e.g., copy
or assign the auth variable) while still under the lock, then call m.mu.Unlock()
and invoke m.persist(ctx, auth) after the lock is released (handle/log any error
from m.persist accordingly). Ensure you only access shared state under m.mu and
call m.persist outside the critical section; reference the m.persist call, the
mutex m.mu, and the auth variable in your change.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Avoid marking auth unavailable for request-shape errors.

applyAuthFailureState sets auth.Unavailable = true before status classification. For non-auth client errors (e.g., malformed request), this can quarantine healthy credentials and reduce pool capacity.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@sdk/cliproxy/auth/conductor_result.go` around lines 347 - 394, The function
applyAuthFailureState is marking auth.Unavailable = true before classifying the
error; remove that early assignment and only set auth.Unavailable = true for
status codes that indicate credential or upstream failures (i.e., inside the
switch branches for 401, 402, 403, 404, 429 and the transient-server group 408,
500, 502, 503, 504) so malformed-request/client-shape errors (e.g., 400) do not
quarantine healthy creds; keep auth.Status, auth.UpdatedAt, LastError and
StatusMessage handling as-is and ensure any existing logic that sets
NextRetryAfter / Quota fields remains unchanged.

[coderabbitai]

🛠️ Refactor suggestion | 🟠 Major

Decompose selection functions into smaller units.

Both selection flows are doing normalization, filtering, model checks, selector calls, and index assignment in one block. Please split by responsibility.

As per coding guidelines Maximum function length: 40 lines.

Also applies to: 74-155

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@sdk/cliproxy/auth/conductor_selection.go` around lines 13 - 71, The pickNext
function is too large and mixes responsibilities; extract smaller helpers: 1)
normalizeModelKey(ctx, model string, opts cliproxyexecutor.Options) string —
perform pinnedAuthIDFromMetadata and thinking.ParseSuffix to produce modelKey;
2) buildCandidates(provider string, modelKey string, tried map[string]struct{})
[]*Auth — iterate m.auths with the registry check
(registry.GetGlobalRegistry().ClientSupportsModel) and executor existence check
to return filtered candidates; 3) chooseAuth(ctx, provider, model string, opts
cliproxyexecutor.Options, candidates []*Auth) (*Auth, error) — call
m.selector.Pick and handle nil/error; and 4) ensureIndexOnSelection(auth *Auth)
*Auth — perform the indexAssigned check and call EnsureIndex on the canonical
entry in m.auths to return a cloned auth with index set. Then refactor pickNext
to be a thin coordinator that uses executors lookup (m.executors), calls these
helpers in sequence (normalize -> buildCandidates -> chooseAuth ->
ensureIndexOnSelection) and returns the final authCopy and executor; keep
references to symbols pinnedAuthIDFromMetadata, thinking.ParseSuffix,
registry.GetGlobalRegistry, m.selector.Pick, EnsureIndex, indexAssigned, m.auths
and m.executors, and ensure the new helpers live on Manager and reduce pickNext
to <40 lines; apply same decomposition pattern to the other selection flow
(lines 74-155).

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Provider filter should use normalized keying.

pickNext compares candidate.Provider to provider directly. This is case-sensitive and bypasses executorKeyFromAuth semantics used elsewhere.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@sdk/cliproxy/auth/conductor_selection.go` around lines 33 - 34, pickNext
currently compares candidate.Provider to provider with a case-sensitive direct
equality; change it to use the same normalization as executorKeyFromAuth by
passing both values through executorKeyFromAuth (or the shared normalizer)
before comparing (i.e., normalize candidate.Provider and provider in pickNext)
so the provider filter honors the canonical keying semantics used elsewhere.

[coderabbitai]

Actionable comments posted: 4

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (12)

pkg/llmproxy/auth/copilot/copilot_extra_test.go (1)

157-198: 🛠️ Refactor suggestion | 🟠 Major

Split this test into subtests/helpers to satisfy function-length policy.

This function is over the 40-line cap; please break valid/expired/nil-token cases into t.Run(...) blocks (or small helpers) to keep the test within limit.

Refactor sketch

 func TestCopilotAuth_LoadAndValidateToken(t *testing.T) {
-    // setup...
-    // valid case...
-    // expired case...
-    // nil case...
+    // shared setup...
+    t.Run("valid token", func(t *testing.T) { /* ... */ })
+    t.Run("expired token", func(t *testing.T) { /* ... */ })
+    t.Run("nil storage", func(t *testing.T) { /* ... */ })
 }

As per coding guidelines, "Maximum function length: 40 lines".

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/llmproxy/auth/copilot/copilot_extra_test.go` around lines 157 - 198, The
test TestCopilotAuth_LoadAndValidateToken is too long; refactor it by splitting
the three scenarios into separate subtests (e.g., t.Run("valid", ...),
t.Run("expired", ...), t.Run("nil_storage", ...)) or small helper functions,
while keeping shared setup (httptest server, custom http.Client, auth :=
NewCopilotAuth(...)) in the parent scope or a setup helper; within each subtest
create the CopilotTokenStorage instances (using CopilotTokenStorage.AccessToken
= "valid"/"expired") and call auth.LoadAndValidateToken(ctx, storage) asserting
results appropriate for each case (valid returns ok==true & err==nil, expired
returns err containing "expired", nil storage returns error), so
TestCopilotAuth_LoadAndValidateToken stays under the 40-line limit.

pkg/llmproxy/auth/claude/utls_transport.go (1)

34-45: ⚠️ Potential issue | 🟠 Major

Potential credential leak: proxy URL may contain embedded credentials.

Proxy URLs often include credentials in the form http://user:password@proxy.example.com:8080. Logging cfg.ProxyURL directly at lines 37 and 41 could expose sensitive credentials in plaintext logs, which contradicts the PR objective of masking sensitive logs.

🔒 Proposed fix to redact credentials from proxy URL

 func newUtlsRoundTripper(cfg *pkgconfig.SDKConfig) *utlsRoundTripper {
 	var dialer proxy.Dialer = proxy.Direct
 	if cfg != nil && cfg.ProxyURL != "" {
 		proxyURL, err := url.Parse(cfg.ProxyURL)
 		if err != nil {
-			log.Errorf("failed to parse proxy URL %q: %v", cfg.ProxyURL, err)
+			log.Errorf("failed to parse proxy URL: %v", err)
 		} else {
+			// Redact credentials for logging
+			redactedURL := proxyURL.Redacted()
 			pDialer, err := proxy.FromURL(proxyURL, proxy.Direct)
 			if err != nil {
-				log.Errorf("failed to create proxy dialer for %q: %v", cfg.ProxyURL, err)
+				log.Errorf("failed to create proxy dialer for %q: %v", redactedURL, err)
 			} else {
 				dialer = pDialer
 			}
 		}
 	}

Note: url.URL.Redacted() returns the URL string with the password replaced by xxxxx, which is the idiomatic Go approach for safely logging URLs.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/llmproxy/auth/claude/utls_transport.go` around lines 34 - 45, The code
logs cfg.ProxyURL directly which can leak embedded credentials; change the error
messages to never emit the raw cfg.ProxyURL: parse the URL with url.Parse (as
you already do) and when logging use proxyURL.Redacted() (url.URL.Redacted()) in
the proxy.FromURL error path and success path; for the initial parse failure
path avoid printing cfg.ProxyURL verbatim—either log only scheme/host or a
redacted form (remove userinfo) instead of the full string. Ensure references:
url.Parse, proxyURL, proxy.FromURL, cfg.ProxyURL are updated accordingly.

pkg/llmproxy/auth/kiro/token.go (1)

162-168: ⚠️ Potential issue | 🟡 Minor

Remove unused cleanAuthPath function.

The cleanAuthPath function (lines 162-168) is defined but never called anywhere in the codebase. Remove this dead code.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/llmproxy/auth/kiro/token.go` around lines 162 - 168, Remove the dead
helper function cleanAuthPath from pkg/llmproxy/auth/kiro/token.go since it is
defined but never referenced; delete the entire cleanAuthPath function
(including its signature and body) and run tests/linters to ensure no remaining
references to cleanAuthPath exist.

pkg/llmproxy/auth/kiro/sso_oidc.go (3)

442-456: ⚠️ Potential issue | 🟠 Major

Missing region validation in RefreshTokenWithRegion.

Unlike CreateTokenWithRegion (which calls normalizeOIDCRegion) and RegisterClientWithRegion (which calls validateIDCRegion), this function uses region directly. Additionally, applyIDCRefreshHeaders at line 194 sets the Host header using the raw region value, which may differ from the fallback region used by getOIDCEndpoint. This inconsistency could cause misrouted requests or header injection.

Proposed fix

 func (c *SSOOIDCClient) RefreshTokenWithRegion(ctx context.Context, clientID, clientSecret, refreshToken, region, startURL string) (*KiroTokenData, error) {
+	validatedRegion, err := validateIDCRegion(region)
+	if err != nil {
+		return nil, err
+	}
-	endpoint := getOIDCEndpoint(region)
-	payload := buildIDCRefreshPayload(clientID, clientSecret, refreshToken)
+	endpoint := getOIDCEndpoint(validatedRegion)
+	payload := buildIDCRefreshPayload(clientID, clientSecret, refreshToken)
 
 	body, err := json.Marshal(payload)
 	if err != nil {
 		return nil, err
 	}
 
 	req, err := http.NewRequestWithContext(ctx, http.MethodPost, endpoint+"/token", strings.NewReader(string(body)))
 	if err != nil {
 		return nil, err
 	}
 
-	applyIDCRefreshHeaders(req, region)
+	applyIDCRefreshHeaders(req, validatedRegion)

And update the return statement to use the validated region:

 	return &KiroTokenData{
 		AccessToken:  result.AccessToken,
 		RefreshToken: result.RefreshToken,
 		ExpiresAt:    expiresAt.Format(time.RFC3339),
 		AuthMethod:   "idc",
 		Provider:     "AWS",
 		ClientID:     clientID,
 		ClientSecret: clientSecret,
 		StartURL:     startURL,
-		Region:       region,
+		Region:       validatedRegion,
 	}, nil

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/llmproxy/auth/kiro/sso_oidc.go` around lines 442 - 456,
RefreshTokenWithRegion currently uses the raw region value; validate/normalize
it first (call normalizeOIDCRegion or validateIDCRegion to produce a
validatedRegion), then use validatedRegion when computing endpoint via
getOIDCEndpoint and when calling applyIDCRefreshHeaders so the Host/header logic
uses the same fallback region; ensure any return values or error handling that
reference region use validatedRegion instead of the original region.

---

1037-1048: ⚠️ Potential issue | 🟡 Minor

Userinfo response may contain PII; consider redacting before logging.

The debug log at line 1037 outputs the raw userinfo response, which contains the user's email and other personally identifiable information. Even at Debug level, this could be a compliance concern (GDPR/CCPA) if logs are persisted or shipped to observability platforms.

Suggested approach

-	log.Debugf("userinfo response: %s", string(respBody))
+	log.Debugf("userinfo response received (contains PII, not logged)")

Or selectively log only non-sensitive fields after unmarshaling.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/llmproxy/auth/kiro/sso_oidc.go` around lines 1037 - 1048, The current
debug log prints the raw userinfo JSON (respBody) which may contain PII; remove
or replace the log.Debugf("userinfo response: %s", string(respBody)) call and
instead log only non-sensitive identifiers after parsing (e.g., log limited
fields from the local userInfo struct such as Sub or PreferredUsername), or
redact sensitive fields (Email, Name) before any logging; ensure the change is
applied around the json.Unmarshal usage in this function so only safe values are
logged.

---

60-62: ⚠️ Potential issue | 🟡 Minor

Remove unused duplicate regex pattern.

oidcRegionPattern is identical to awsRegionPattern and never used. The pattern only appears at its declaration (line 61); awsRegionPattern is the active validation pattern used at lines 137 and 435. Delete the unused variable to reduce maintenance burden.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/llmproxy/auth/kiro/sso_oidc.go` around lines 60 - 62, Remove the unused
duplicate regex variable oidcRegionPattern: it's identical to awsRegionPattern
and never referenced elsewhere, so delete the oidcRegionPattern declaration to
avoid dead code and maintenance overhead; ensure all validations continue to use
awsRegionPattern (the existing symbol referenced in the code) and run tests to
confirm no references remain to oidcRegionPattern.

pkg/llmproxy/watcher/clients.go (1)

24-121: 🛠️ Refactor suggestion | 🟠 Major

Break down reloadClients to satisfy max function length.

The touched function remains significantly over the 40-line limit; extract phases (provider filtering, auth-file reload/cache rebuild, callback/update logging) into private helpers.

As per coding guidelines "Maximum function length: 40 lines".

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/llmproxy/watcher/clients.go` around lines 24 - 121, The reloadClients
function is too long; extract logical phases into small private helpers to keep
reloadClients under 40 lines: 1) move the provider filtering block that
manipulates w.currentAuths and uses matchProvider into a helper named something
like filterAffectedOAuthProviders(w *Watcher, affectedOAuthProviders []string)
and call it from reloadClients; 2) move the auth-file rescan/cache rebuild (the
filepath.Walk, lastAuthHashes and lastAuthContents initialization and JSON
parse) into a helper named rebuildAuthCache(w *Watcher, cfg *Config) that
returns the authFileCount, and call it when rescanAuth is true; 3) move the
reload-callback/logging/summary trigger into a helper named
triggerReloadAndLog(w *Watcher, cfg *Config, totals...) that invokes
w.reloadCallback and logs the final info message; ensure each helper holds the
precise mutex lock/unlock logic currently in reloadClients and keep the symbols
BuildAPIKeyClients, refreshAuthState, normalizeAuthPath, lastAuthHashes,
lastAuthContents, and reloadCallback usage unchanged.

pkg/llmproxy/api/server.go (1)

912-1049: 🛠️ Refactor suggestion | 🟠 Major

Refactor UpdateClients into smaller helpers to meet size constraints.

UpdateClients is well beyond the 40-line limit and now has multiple responsibilities (log/output toggles, management route state, auth refresh, amp updates, and metrics). Please split into focused private helpers.

As per coding guidelines "Maximum function length: 40 lines".

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/llmproxy/api/server.go` around lines 912 - 1049, The UpdateClients
function is too large and does multiple responsibilities; split it into focused
private helpers (e.g., handleLoggingAndToggles, handleManagementRoutes,
applyConfigAndHandlers, updateAmpIfNeeded, countAndPrintClients) and move
related blocks into those helpers called from UpdateClients so UpdateClients
becomes a short orchestration (<40 lines). Specifically: extract the
requestLogger toggles and
logging.ConfigureLogOutput/usage.SetStatisticsEnabled/error log file setters
into handleLoggingAndToggles; move the management route logic referencing
s.envManagementSecret, registerManagementRoutes, and s.managementRoutesEnabled
into handleManagementRoutes; move s.applyAccessConfig, s.cfg assignment, wsAuth
handling, managementasset.SetCurrentConfig, s.oldConfigYaml marshal,
s.handlers.UpdateClients, and s.mgmt.SetConfig/SetAuthManager into
applyConfigAndHandlers; pull the ampConfigChanged detection and
s.ampModule.OnConfigUpdated call into updateAmpIfNeeded; and extract the
tokenStore base-dir set, util.CountAuthFiles and client-count computation/printf
into countAndPrintClients. Keep existing function/method names (UpdateClients,
applyAccessConfig, registerManagementRoutes, ampModule.OnConfigUpdated,
handlers.UpdateClients) and ensure the same behavior and error logging are
preserved when moving code.

sdk/cliproxy/service.go (1)

597-603: ⚠️ Potential issue | 🟠 Major

Sticky strategy is normalized away before selector switch.

normalizeStrategy currently maps sticky aliases to "round-robin" via default, so the sticky branch never executes.

💡 Proposed fix

 		normalizeStrategy := func(strategy string) string {
 			switch strategy {
 			case "fill-first", "fill_first", "fillfirst", "ff":
 				return "fill-first"
+			case "sticky-round-robin", "sticky_round_robin", "stickyroundrobin", "srr":
+				return "sticky-round-robin"
 			default:
 				return "round-robin"
 			}
 		}
@@
 			switch nextStrategy {
 			case "fill-first":
 				selector = &coreauth.FillFirstSelector{}
-			case "sticky-round-robin", "stickyroundrobin", "srr":
+			case "sticky-round-robin":
 				selector = coreauth.NewStickyRoundRobinSelector(1000)
 			default:
 				selector = &coreauth.RoundRobinSelector{}
 			}

Also applies to: 612-613

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@sdk/cliproxy/service.go` around lines 597 - 603, The normalizeStrategy
function currently returns "round-robin" for any unrecognized alias, which
causes sticky aliases to be normalized away; update normalizeStrategy (used
where the selector switch checks the strategy) to explicitly map sticky aliases
(e.g., "sticky", "stick", "st") to return "sticky" in addition to mapping
fill-first variants to "fill-first", then ensure the selector switch (the code
that switches on the normalized strategy value) will see "sticky" and execute
the sticky branch; adjust any other alias lists accordingly so sticky is not
treated as the default round-robin.

sdk/auth/kilo.go (1)

43-50: ⚠️ Potential issue | 🟠 Major

Replace all stdout prints with zerolog for logging.

The auth flow uses fmt.Println and fmt.Printf instead of zerolog, including for messages containing user identifiers (email, org names). This violates the coding guideline "Use zerolog for logging (NOT fmt.Print)" and impacts log consistency across the codebase.

Affected lines: 43, 49–50, 52, 58, 67, 69, 83, 87, plus error reporting at 32, 46, 55, 62, 95.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@sdk/auth/kilo.go` around lines 43 - 50, Replace all fmt.Println/Printf usage
in sdk/auth/kilo.go with zerolog calls: use the package logger (e.g., log or
logger variable in scope) and convert freeform prints into structured zerolog
statements (for example log.Info().Str("verification_url",
resp.VerificationURL).Str("code", resp.Code).Msg("Kilo device flow initiated")
and log.Info().Msg("Initiating Kilo device authentication...") ), and replace
fmt-based error logging with log.Error().Err(err).Msg("...") in the
kilocodeAuth.InitiateDeviceFlow and related flows (refer to
kilocodeAuth.InitiateDeviceFlow, resp.VerificationURL, resp.Code and the
functions that currently use fmt for printing and error reporting) ensuring
sensitive identifiers are logged as structured fields only when appropriate and
using the correct log level.

pkg/llmproxy/api/handlers/management/auth_kilo.go (1)

12-12: ⚠️ Potential issue | 🟠 Major

Replace logrus and fmt logging with zerolog throughout this handler.

This file violates the repo logging standard by mixing logrus (line 12 import, used at lines 25, 44, 80) and fmt.Print family functions (lines 18, 33, 38) instead of using zerolog. Refactor all logging to use zerolog consistently.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/llmproxy/api/handlers/management/auth_kilo.go` at line 12, Replace the
logrus import and all fmt.*/fmt.Println usages in this handler with zerolog:
remove "github.com/sirupsen/logrus" and any fmt imports and instead import
"github.com/rs/zerolog/log"; then change logrus calls (e.g.,
log.WithError(...).Error(...), log.Warn(...), etc.) and fmt prints to zerolog
patterns such as log.Error().Err(err).Msg("context"), log.Warn().Msgf("format
%s", v), or log.Info().Msg("message")/log.Info().Msgf(...), keeping the original
message text and including error objects where appropriate; update each site
referenced in the review (the logrus usages around the former lines ~25, ~44,
~80 and fmt usages around ~18, ~33, ~38) to use these zerolog calls so the
handler consistently uses zerolog for all logging.

pkg/llmproxy/auth/qwen/qwen_auth.go (1)

365-370: ⚠️ Potential issue | 🟠 Major

Guard UpdateTokenStorage against nil parameters to prevent panic.

Unlike IFlowAuth.UpdateTokenStorage, this function has no nil checks. If storage, storage.BaseTokenStorage, or tokenData is nil, it will panic on field assignment. This is inconsistent with defensive patterns used elsewhere in the codebase (see SaveTokenToFile which explicitly checks BaseTokenStorage for nil). Add nil guards and initialize BaseTokenStorage if needed:

 func (o *QwenAuth) UpdateTokenStorage(storage *QwenTokenStorage, tokenData *QwenTokenData) {
-	storage.AccessToken = tokenData.AccessToken
-	storage.RefreshToken = tokenData.RefreshToken
-	storage.LastRefresh = time.Now().Format(time.RFC3339)
-	storage.ResourceURL = tokenData.ResourceURL
-	storage.Expire = tokenData.Expire
+	if storage == nil || tokenData == nil {
+		return
+	}
+	if storage.BaseTokenStorage == nil {
+		storage.BaseTokenStorage = &BaseTokenStorage{}
+	}
+	storage.BaseTokenStorage.AccessToken = tokenData.AccessToken
+	storage.BaseTokenStorage.RefreshToken = tokenData.RefreshToken
+	storage.BaseTokenStorage.LastRefresh = time.Now().Format(time.RFC3339)
+	storage.BaseTokenStorage.Expire = tokenData.Expire
+	storage.ResourceURL = tokenData.ResourceURL
 }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/llmproxy/auth/qwen/qwen_auth.go` around lines 365 - 370,
UpdateTokenStorage currently assumes non-nil inputs and will panic if storage,
storage.BaseTokenStorage, or tokenData is nil; add defensive nil guards in
QwenAuth.UpdateTokenStorage: if tokenData is nil return early; if storage is nil
return early (or create and return) and ensure storage.BaseTokenStorage is
initialized (allocate a new BaseTokenStorage struct) before assigning fields;
then copy AccessToken, RefreshToken, LastRefresh (use
time.Now().Format(time.RFC3339)), ResourceURL, and Expire into storage. Mirror
the defensive pattern used in SaveTokenToFile and reference QwenTokenStorage,
QwenTokenData, BaseTokenStorage, and the UpdateTokenStorage method when making
the changes.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@pkg/llmproxy/auth/claude/utls_transport.go`:
- Line 13: The file currently imports logrus (import alias log
"github.com/sirupsen/logrus")—replace that import with zerolog
(github.com/rs/zerolog/log) and update all logrus-style calls in
utls_transport.go to zerolog fluent calls; e.g., map log.Errorf/log.Errorf-like
calls to log.Error().Err(err).Str("proxyURL", maskedURL).Msg("failed to parse
proxy URL"), log.Infof to log.Info().Msg(...) and include context via
.Str/.Err/.Int as appropriate, ensuring all occurrences that reference the log
alias are converted to the zerolog chaining API.

In `@sdk/cliproxy/auth/conductor_apikey.go`:
- Around line 138-182: The function compileAPIKeyModelAliasForModels is over the
40-line limit and mixes responsibilities (alias normalization, upstream-name
mapping, and suffix-preservation); extract small helper functions (e.g.,
normalizeKey(name string) string, seedIfAbsent(out map[string]string, key
string, value string), seedAliasForModel(out map[string]string, m T), and
seedNameAndBaseForModel(out map[string]string, m T) or similar) and move the
parsing/trim/lowercasing and the ParseSuffix logic into those helpers, then
rewrite compileAPIKeyModelAliasForModels to iterate models and call those
helpers so the main function is concise and under 40 lines while preserving the
same behavior for aliasKey, nameKey, and baseKey seeding.

In `@sdk/cliproxy/auth/conductor_helpers.go`:
- Around line 345-347: In the List method iterate over m.auths and guard against
nil entries before calling Clone: for each auth in m.auths check if auth == nil
and skip (or handle appropriately) so auth.Clone() is only invoked on non-nil
pointers; update the code around the loop that currently does "for _, auth :=
range m.auths { list = append(list, auth.Clone()) }" to perform a nil-check and
avoid panics while preserving the original ordering and behavior.
- Around line 13-14: Replace the logrus import and all logrus calls with
zerolog: remove import alias log "github.com/sirupsen/logrus" and instead import
"github.com/rs/zerolog/log"; then convert logrus calls found in this file
(including the block around lines 274-306) — e.g., log.Errorf, log.Infof,
log.Warnf, log.Debugf, log.Fatalf — into zerolog equivalents using the global
logger methods and Msg/Msgf (for formatted messages) or Err(err).Msg(...) as
appropriate (for example use log.Error().Err(err).Msgf(...),
log.Info().Msgf(...), log.Warn().Msgf(...), log.Debug().Msgf(...), and avoid
using Fatalf directly; if a process exit is needed use log.Fatal().Msgf(...) or
call os.Exit after logging). Update any structured fields to use .With(). or
.Str/.Err as needed to preserve context.

---

Outside diff comments:
In `@pkg/llmproxy/api/handlers/management/auth_kilo.go`:
- Line 12: Replace the logrus import and all fmt.*/fmt.Println usages in this
handler with zerolog: remove "github.com/sirupsen/logrus" and any fmt imports
and instead import "github.com/rs/zerolog/log"; then change logrus calls (e.g.,
log.WithError(...).Error(...), log.Warn(...), etc.) and fmt prints to zerolog
patterns such as log.Error().Err(err).Msg("context"), log.Warn().Msgf("format
%s", v), or log.Info().Msg("message")/log.Info().Msgf(...), keeping the original
message text and including error objects where appropriate; update each site
referenced in the review (the logrus usages around the former lines ~25, ~44,
~80 and fmt usages around ~18, ~33, ~38) to use these zerolog calls so the
handler consistently uses zerolog for all logging.

In `@pkg/llmproxy/api/server.go`:
- Around line 912-1049: The UpdateClients function is too large and does
multiple responsibilities; split it into focused private helpers (e.g.,
handleLoggingAndToggles, handleManagementRoutes, applyConfigAndHandlers,
updateAmpIfNeeded, countAndPrintClients) and move related blocks into those
helpers called from UpdateClients so UpdateClients becomes a short orchestration
(<40 lines). Specifically: extract the requestLogger toggles and
logging.ConfigureLogOutput/usage.SetStatisticsEnabled/error log file setters
into handleLoggingAndToggles; move the management route logic referencing
s.envManagementSecret, registerManagementRoutes, and s.managementRoutesEnabled
into handleManagementRoutes; move s.applyAccessConfig, s.cfg assignment, wsAuth
handling, managementasset.SetCurrentConfig, s.oldConfigYaml marshal,
s.handlers.UpdateClients, and s.mgmt.SetConfig/SetAuthManager into
applyConfigAndHandlers; pull the ampConfigChanged detection and
s.ampModule.OnConfigUpdated call into updateAmpIfNeeded; and extract the
tokenStore base-dir set, util.CountAuthFiles and client-count computation/printf
into countAndPrintClients. Keep existing function/method names (UpdateClients,
applyAccessConfig, registerManagementRoutes, ampModule.OnConfigUpdated,
handlers.UpdateClients) and ensure the same behavior and error logging are
preserved when moving code.

In `@pkg/llmproxy/auth/claude/utls_transport.go`:
- Around line 34-45: The code logs cfg.ProxyURL directly which can leak embedded
credentials; change the error messages to never emit the raw cfg.ProxyURL: parse
the URL with url.Parse (as you already do) and when logging use
proxyURL.Redacted() (url.URL.Redacted()) in the proxy.FromURL error path and
success path; for the initial parse failure path avoid printing cfg.ProxyURL
verbatim—either log only scheme/host or a redacted form (remove userinfo)
instead of the full string. Ensure references: url.Parse, proxyURL,
proxy.FromURL, cfg.ProxyURL are updated accordingly.

In `@pkg/llmproxy/auth/copilot/copilot_extra_test.go`:
- Around line 157-198: The test TestCopilotAuth_LoadAndValidateToken is too
long; refactor it by splitting the three scenarios into separate subtests (e.g.,
t.Run("valid", ...), t.Run("expired", ...), t.Run("nil_storage", ...)) or small
helper functions, while keeping shared setup (httptest server, custom
http.Client, auth := NewCopilotAuth(...)) in the parent scope or a setup helper;
within each subtest create the CopilotTokenStorage instances (using
CopilotTokenStorage.AccessToken = "valid"/"expired") and call
auth.LoadAndValidateToken(ctx, storage) asserting results appropriate for each
case (valid returns ok==true & err==nil, expired returns err containing
"expired", nil storage returns error), so TestCopilotAuth_LoadAndValidateToken
stays under the 40-line limit.

In `@pkg/llmproxy/auth/kiro/sso_oidc.go`:
- Around line 442-456: RefreshTokenWithRegion currently uses the raw region
value; validate/normalize it first (call normalizeOIDCRegion or
validateIDCRegion to produce a validatedRegion), then use validatedRegion when
computing endpoint via getOIDCEndpoint and when calling applyIDCRefreshHeaders
so the Host/header logic uses the same fallback region; ensure any return values
or error handling that reference region use validatedRegion instead of the
original region.
- Around line 1037-1048: The current debug log prints the raw userinfo JSON
(respBody) which may contain PII; remove or replace the log.Debugf("userinfo
response: %s", string(respBody)) call and instead log only non-sensitive
identifiers after parsing (e.g., log limited fields from the local userInfo
struct such as Sub or PreferredUsername), or redact sensitive fields (Email,
Name) before any logging; ensure the change is applied around the json.Unmarshal
usage in this function so only safe values are logged.
- Around line 60-62: Remove the unused duplicate regex variable
oidcRegionPattern: it's identical to awsRegionPattern and never referenced
elsewhere, so delete the oidcRegionPattern declaration to avoid dead code and
maintenance overhead; ensure all validations continue to use awsRegionPattern
(the existing symbol referenced in the code) and run tests to confirm no
references remain to oidcRegionPattern.

In `@pkg/llmproxy/auth/kiro/token.go`:
- Around line 162-168: Remove the dead helper function cleanAuthPath from
pkg/llmproxy/auth/kiro/token.go since it is defined but never referenced; delete
the entire cleanAuthPath function (including its signature and body) and run
tests/linters to ensure no remaining references to cleanAuthPath exist.

In `@pkg/llmproxy/auth/qwen/qwen_auth.go`:
- Around line 365-370: UpdateTokenStorage currently assumes non-nil inputs and
will panic if storage, storage.BaseTokenStorage, or tokenData is nil; add
defensive nil guards in QwenAuth.UpdateTokenStorage: if tokenData is nil return
early; if storage is nil return early (or create and return) and ensure
storage.BaseTokenStorage is initialized (allocate a new BaseTokenStorage struct)
before assigning fields; then copy AccessToken, RefreshToken, LastRefresh (use
time.Now().Format(time.RFC3339)), ResourceURL, and Expire into storage. Mirror
the defensive pattern used in SaveTokenToFile and reference QwenTokenStorage,
QwenTokenData, BaseTokenStorage, and the UpdateTokenStorage method when making
the changes.

In `@pkg/llmproxy/watcher/clients.go`:
- Around line 24-121: The reloadClients function is too long; extract logical
phases into small private helpers to keep reloadClients under 40 lines: 1) move
the provider filtering block that manipulates w.currentAuths and uses
matchProvider into a helper named something like filterAffectedOAuthProviders(w
*Watcher, affectedOAuthProviders []string) and call it from reloadClients; 2)
move the auth-file rescan/cache rebuild (the filepath.Walk, lastAuthHashes and
lastAuthContents initialization and JSON parse) into a helper named
rebuildAuthCache(w *Watcher, cfg *Config) that returns the authFileCount, and
call it when rescanAuth is true; 3) move the reload-callback/logging/summary
trigger into a helper named triggerReloadAndLog(w *Watcher, cfg *Config,
totals...) that invokes w.reloadCallback and logs the final info message; ensure
each helper holds the precise mutex lock/unlock logic currently in reloadClients
and keep the symbols BuildAPIKeyClients, refreshAuthState, normalizeAuthPath,
lastAuthHashes, lastAuthContents, and reloadCallback usage unchanged.

In `@sdk/auth/kilo.go`:
- Around line 43-50: Replace all fmt.Println/Printf usage in sdk/auth/kilo.go
with zerolog calls: use the package logger (e.g., log or logger variable in
scope) and convert freeform prints into structured zerolog statements (for
example log.Info().Str("verification_url", resp.VerificationURL).Str("code",
resp.Code).Msg("Kilo device flow initiated") and log.Info().Msg("Initiating Kilo
device authentication...") ), and replace fmt-based error logging with
log.Error().Err(err).Msg("...") in the kilocodeAuth.InitiateDeviceFlow and
related flows (refer to kilocodeAuth.InitiateDeviceFlow, resp.VerificationURL,
resp.Code and the functions that currently use fmt for printing and error
reporting) ensuring sensitive identifiers are logged as structured fields only
when appropriate and using the correct log level.

In `@sdk/cliproxy/service.go`:
- Around line 597-603: The normalizeStrategy function currently returns
"round-robin" for any unrecognized alias, which causes sticky aliases to be
normalized away; update normalizeStrategy (used where the selector switch checks
the strategy) to explicitly map sticky aliases (e.g., "sticky", "stick", "st")
to return "sticky" in addition to mapping fill-first variants to "fill-first",
then ensure the selector switch (the code that switches on the normalized
strategy value) will see "sticky" and execute the sticky branch; adjust any
other alias lists accordingly so sticky is not treated as the default
round-robin.

---

Duplicate comments:
In `@pkg/llmproxy/api/server.go`:
- Around line 1039-1048: Replace the fmt.Printf call that prints the
clients/configuration summary (the statement referencing total, authEntries,
geminiClientCount, claudeClientCount, codexClientCount, vertexAICompatCount,
openAICompatCount) with a zerolog structured log call (e.g., log.Info() with
fields and a message) and remove the fmt import; ensure you import
"github.com/rs/zerolog/log" if not present and log the counts as structured
fields (e.g., "total", "authEntries", "geminiKeys", "claudeKeys", "codexKeys",
"vertexCompat", "openaiCompat") instead of writing to stdout so the code in
server.go uses centralized logging.

In `@pkg/llmproxy/auth/kiro/sso_oidc.go`:
- Around line 108-121: The isValidAWSRegion function currently performs a
permissive rune check; replace its logic to use the existing compiled
awsRegionPattern (the same regex used by validateIDCRegion and
normalizeOIDCRegion) to strictly validate region strings (rejecting values like
"-" or "foo"); update isValidAWSRegion to return
awsRegionPattern.MatchString(region) after the empty-string guard so OIDC
endpoints are constructed only from correctly-formatted AWS regions.

In `@pkg/llmproxy/auth/qwen/qwen_auth.go`:
- Line 18: Replace the logrus import and any fmt.Printf usage in qwen_auth.go
with zerolog: remove import alias log "github.com/sirupsen/logrus" and any fmt
imports, add import "github.com/rs/zerolog/log", then change fmt.Printf
polling/debug prints to structured zerolog calls (e.g., log.Info().Msgf(...)) in
the polling loop(s) mentioned (the fmt.Printf occurrences and polling logic
around the session polling functions), ensuring any error logs use
log.Error().Err(err).Msg("context") to match zerolog usage.

In `@pkg/llmproxy/auth/qwen/qwen_token.go`:
- Around line 78-83: cleanTokenFilePath(authFilePath, "qwen token") is called
but its cleaned result is ignored, so BaseTokenStorage.Save() still uses the
old/empty FilePath; fix by capturing the returned cleaned path and assign it to
the underlying storage before saving (e.g. set ts.BaseTokenStorage.FilePath =
cleanedPath), then set ts.BaseTokenStorage.Type = "qwen" and call
ts.BaseTokenStorage.Save(); ensure you propagate any error from
cleanTokenFilePath instead of discarding it.
- Around line 41-47: The token file is created with os.Create which doesn't
enforce owner-only permissions; replace the create call with os.OpenFile using
flags os.O_WRONLY|os.O_CREATE|os.O_TRUNC and file mode 0o600 (owner read/write)
when opening b.FilePath so the file is created with strict permissions, then
continue to use json.NewEncoder(f).Encode(b) and defer f.Close(); handle and
return the os.OpenFile error similarly to the existing error handling for
Create. Ensure you update the same function where b.FilePath and
json.NewEncoder(f).Encode(b) are used.

In `@pkg/llmproxy/executor/antigravity_executor.go`:
- Around line 1688-1717: The validateAntigravityBaseURL function is too
permissive: update it to reject URLs that contain userinfo, explicit port,
non-empty RawQuery, Fragment, or non-root Path (allow only "" or "/"), ensure
Scheme == "https" and Hostname() strictly endsWith ".googleapis.com"; then use
this hardened validator from resolveCustomAntigravityBaseURL when accepting
auth.Attributes["base_url"] or auth.Metadata["base_url"]. Also, per guidelines
replace manual checks with go-playground/validator by registering a custom
validation (e.g., "antigravity_base_url") that enforces the same rules and call
validator.Var for the supplied base_url in resolveCustomAntigravityBaseURL
before returning it.

In `@pkg/llmproxy/executor/codex_websockets_executor.go`:
- Around line 1298-1306: sanitizeCodexWebsocketLogField is currently producing a
constant redaction for non-empty session/auth values which prevents correlating
logCodexWebsocketConnected and logCodexWebsocketDisconnected events; change
sanitizeCodexWebsocketLogField to detect non-empty inputs and return a
deterministic, non-reversible stable mask (e.g., truncated HMAC/SHA256 hex or
base62 of the value with a static salt) instead of a single constant like
"[REDACTED]"; update any calls in logCodexWebsocketConnected and
logCodexWebsocketDisconnected to use this new deterministic mask so the same
sessionID/authID yield the same masked token across events, and consider reusing
existing RedactAPIKey helper logic if it supports stable hashing (or refactor
RedactAPIKey to expose a stableMask(value string) function used by
sanitizeCodexWebsocketLogField).

In `@pkg/llmproxy/logging/request_logger.go`:
- Around line 319-322: LogStreamingRequest constructs filePath via
l.generateFilename and filepath.Join but doesn't validate the resulting path
stays under l.logsDir; modify LogStreamingRequest to replicate the same
path-containment guard used in logRequest: compute the candidate path (use
filepath.Join and filepath.Clean), then verify it is contained within l.logsDir
(e.g., via filepath.Rel and ensuring the relative path does not start with ".."
or by checking a normalized HasPrefix on absolute paths); if the check fails,
log an error and return without writing the streaming log. Ensure you reference
and use l.generateFilename, filePath, and l.logsDir in this validation.

In `@pkg/llmproxy/thinking/apply.go`:
- Line 124: The map value for the "model" field is incorrectly using
util.RedactAPIKey (which redacts public model identifiers); replace calls to
util.RedactAPIKey(baseModel) with the existing redactLogText(baseModel) (or
remove redaction) in the same function so model names remain readable in logs;
update the three occurrences noted (the current use at the shown diff plus the
other occurrences corresponding to the earlier "model" entries) by changing
util.RedactAPIKey -> redactLogText to match lines 189-194 behavior and keep
logging consistent.

In `@pkg/llmproxy/watcher/clients.go`:
- Around line 58-60: The log statement uses logrus-style Debugf; replace it with
zerolog usage: after calling BuildAPIKeyClients (symbols geminiClientCount,
vertexCompatClientCount, claudeClientCount, codexClientCount, openAICompatCount
and totalAPIKeyClients), import rs/zerolog/log and change the log.Debugf call to
a zerolog call (e.g., log.Debug().Int("total_api_key_clients",
totalAPIKeyClients).Msg("loaded API key clients") or use Msgf via
log.Debug().Msgf) so the file uses zerolog consistently instead of logrus-style
logging.

In `@sdk/auth/filestore.go`:
- Around line 185-186: The containment check in sdk/auth/filestore.go improperly
allows candidate == cleanBase (e.g., ".") to pass; update the condition around
candidate and cleanBase in the delete-path containment logic so equality is
rejected as well — change the if that currently reads using candidate !=
cleanBase && !strings.HasPrefix(candidate, cleanBase+string(os.PathSeparator))
to reject when candidate == cleanBase or when candidate does not have the
required cleanBase+os.PathSeparator prefix, ensuring candidate and cleanBase are
referenced exactly as in the current code.

In `@sdk/cliproxy/auth/conductor_apikey.go`:
- Around line 185-232: The applyAPIKeyModelAlias function is too long and mixes
fast-path lookup, runtime-config fallback, and provider dispatch; split it into
a short fast-path function and a fallback resolver: (1) extract the initial
API-key guard and the quick in-memory mapping into a small function like
fastApplyAPIKeyModelAlias that calls lookupAPIKeyUpstreamModel(auth.ID,
requestedModel) and returns early; (2) extract the slow path into a separate
function like fallbackApplyAPIKeyModelAlias which loads cfg via
m.runtimeConfig.Load(), normalizes provider (auth.Provider), and contains the
switch that calls resolveUpstreamModelForGeminiAPIKey /
resolveUpstreamModelForClaudeAPIKey / resolveUpstreamModelForCodexAPIKey /
resolveUpstreamModelForVertexAPIKey / resolveUpstreamModelForOpenAICompatAPIKey;
(3) make the original applyAPIKeyModelAlias just validate m/auth/requestedModel,
call the fast-path, and if empty call the fallback and return the resolved value
or requestedModel. Ensure you reference lookupAPIKeyUpstreamModel,
runtimeConfig.Load, and the resolveUpstreamModelFor* helpers when moving code.
- Around line 249-267: The comparisons treating API keys as case-insensitive and
using strings.EqualFold should be replaced with exact, constant-time
comparisons: where API key variables (cfgKey, attrKey, and (*entry).GetAPIKey())
are compared, use a length check followed by crypto/subtle.ConstantTimeCompare
on the byte slices (preserving case sensitivity) instead of strings.EqualFold;
keep the existing logic for cfgBase/attrBase comparisons if they are non-secret,
and update the block that iterates entries (referencing GetAPIKey, cfgKey,
attrKey, cfgBase, attrBase, and entries) so that all API key equality checks are
case-sensitive and timing-safe.
- Around line 74-135: rebuildAPIKeyModelAliasLocked is too long and mixes auth
filtering, provider dispatch, and alias assembly; split it into small helpers:
extract auth validation into a helper (e.g., shouldProcessAuth or validateAuth)
that encapsulates nil checks, ID trim, and AccountInfo kind check; extract
provider dispatch into per-provider helpers (e.g., handleGemini, handleClaude,
handleCodex, handleVertex, handleOpenAICompat) that call
resolveGeminiAPIKeyConfig/resolveClaudeAPIKeyConfig/resolveCodexAPIKeyConfig/resolveVertexAPIKeyConfig/resolveOpenAICompatConfig
and invoke compileAPIKeyModelAliasForModels into a returned map[string]string;
have rebuildAPIKeyModelAliasLocked iterate m.auths, call the validation helper
then the appropriate provider helper to merge returned byAlias into out, and
finally call m.apiKeyModelAlias.Store(out) — this reduces function length below
40 lines and improves testability by allowing unit tests for each provider
handler and the auth validator.

In `@sdk/cliproxy/auth/conductor_execution.go`:
- Around line 294-296: The current code marks a stream as successful whenever
failed == false, which can incorrectly publish success for canceled streams;
update the success path in conductor_execution.go to only call
m.MarkResult(streamCtx, Result{... Success: true}) when failed == false AND the
stream context has not been canceled (e.g., streamCtx.Err() == nil or check
<-streamCtx.Done() status). In short, change the conditional that wraps
MarkResult to require both failed == false and no context cancellation so
canceled streams are not marked successful and failure state is not cleared
incorrectly.
- Around line 103-158: The function executeMixedOnce is too long and duplicates
attempt/result bookkeeping; break it into smaller helpers to meet the 40-line
limit. Extract: (1) context/roundtripper setup into prepareExecCtx(auth) (use
roundTripperFor and roundTripperContextKey), (2) request rewriting into
prepareExecReq(req, routeModel, auth) that calls rewriteModelForAuth,
applyOAuthModelAlias, applyAPIKeyModelAlias, (3) error/result handling into
handleExecutionResult(execCtx, auth, provider, routeModel, errExec) which builds
Result, sets Error/HTTPStatus/RetryAfter, calls MarkResult and returns whether
to continue or return a final error/response. Replace the corresponding blocks
in executeMixedOnce (the execCtx setup, execReq transforms, and the large
errExec handling/result marking) with calls to these helpers and keep
executeMixedOnce as the orchestration loop using pickNextMixed, executor.Execute
and the new helpers.

In `@sdk/cliproxy/auth/conductor_helpers.go`:
- Around line 61-116: The closestCooldownWait method is too long; split its
responsibilities into smaller helper functions: 1) extract provider
normalization into a new function (e.g., normalizeProviders(providers []string)
map[string]struct{}) and use it where providerSet is created, 2) move retry
resolution logic into a helper like resolveEffectiveRetry(auth AuthType,
defaultRetry int) int that wraps m.requestRetry.Load() defaulting and
auth.RequestRetryOverride(), and 3) move the per-auth blocked-state check into a
helper checkAuthCooldown(auth AuthType, model string, now time.Time, attempt
int, effectiveRetry int) (time.Duration, bool) that calls isAuthBlockedForModel
and returns the wait and whether it should be considered. Then simplify
Manager.closestCooldownWait to call these helpers while retaining the original
semantics and variables (m.auths, isAuthBlockedForModel, RequestRetryOverride).
- Around line 425-428: Remove the early return that skips persistence when
auth.Metadata == nil; instead, persist the auth record even if Metadata is nil
and only skip persistence when the record is explicitly transient/runtime-only
or when required persistence fields are missing. Concretely, in the function
containing the auth.Metadata == nil check replace that guard with an explicit
check for a transient marker (e.g., auth.RuntimeOnly or auth.Transient) or a
validation that required persistence fields (ID, credentials, or whatever this
package uses) are absent, and otherwise proceed to save the auth (ensuring
static/API-key entries are not dropped); update any tests exercising persistence
to reflect this behavior.

In `@sdk/cliproxy/auth/conductor_http.go`:
- Around line 14-24: The InjectCredentials method can panic if called on a nil
Manager because it immediately uses m.mu.RLock(); add a nil-receiver guard at
the start of InjectCredentials (i.e. return nil if m == nil) before any access
to m.mu, m.auths, or m.executors; keep the rest of the logic (including use of
executorKeyFromAuth and accessing m.auths and m.executors) unchanged so
subsequent RLock/RUnlock and lookup behavior remains intact.

In `@sdk/cliproxy/auth/conductor_management.go`:
- Around line 62-64: The Register and Update flows currently ignore errors from
m.persist (e.g., the line "_ = m.persist(ctx, auth)") and proceed to call
m.hook.OnAuthRegistered and return success; change both to check the returned
error from m.persist, return that error to the caller (do not call the hook or
return auth on persist failure), and only invoke m.hook.OnAuthRegistered(ctx,
auth.Clone()) and return auth.Clone(), nil when persist succeeds; update the
same pattern for the corresponding Update code paths around the referenced
lines.
- Around line 19-27: The registration uses provider :=
strings.TrimSpace(executor.Identifier()) but other code normalizes to lowercase,
causing key mismatches; change registration to normalize the key (e.g.,
providerKey := strings.ToLower(strings.TrimSpace(executor.Identifier()))) and
use that normalized key when reading/writing m.executors (replace references to
provider with providerKey when getting replaced and assigning
m.executors[providerKey] = executor) so register/unregister/lookups use the same
lowercase key; keep the local variable replaced (ProviderExecutor) logic the
same but reference the normalized key.
- Around line 84-92: In Load, avoid calling m.store.List(ctx) while holding
m.mu: grab a local reference to the store (e.g. store := m.store) under the lock
and check for nil, then unlock before calling store.List(ctx); after the List
call, re-acquire m.mu only if you need to modify manager state. This moves the
blocking I/O (m.store.List) outside the critical section while keeping the
nil-check and any subsequent state mutations safe; reference the mutex m.mu, the
store field m.store, and the List call to locate the code.

In `@sdk/cliproxy/auth/conductor_refresh.go`:
- Around line 64-65: The refresh loop is using the raw a.Provider string when
calling m.executorFor, which misses executors registered under
normalized/provider-key semantics; before lookup, normalize the provider key
(e.g., via the existing normalization helper or the same logic used during
registration) and call m.executorFor with that normalized key (replace uses of
m.executorFor(a.Provider) — including the other occurrence around lines 323-325
— with m.executorFor(normalizedProvider) or ensure executorFor itself normalizes
its input) so refresh lookups match registration keys.
- Around line 18-22: The current logic in the conductor refresh interval check
(the block using variable interval and refreshCheckInterval in
conductor_refresh.go) always overwrites caller-provided interval because both
the if and else assign refreshCheckInterval; change the logic so that you only
assign refreshCheckInterval when the caller-provided interval is invalid
(interval <= 0 || interval > refreshCheckInterval), and otherwise keep the
caller's interval value; update the code in the function/method that contains
this check (referencing the interval variable and refreshCheckInterval constant)
to remove the incorrect else branch or adjust its assignment accordingly.
- Around line 87-140: The shouldRefresh and refreshAuth functions are too large
and mix policy, parsing, and mutation; refactor by extracting focused helper
functions: e.g., extract authLastRefresh logic into getLastRefresh(a *Auth, now
time.Time) (or reuse authLastRefreshTimestamp), move preferred-interval logic
into evaluateIntervalRefresh(a *Auth, now time.Time, lastRefresh time.Time)
bool, move provider/lead logic into evaluateProviderRefresh(a *Auth, now
time.Time, lastRefresh time.Time) bool, and keep shouldRefresh to only
orchestrate those helpers and the RefreshEvaluator check; update calls in
refreshAuth to use these helpers so both functions fall under the 40-line limit
and separation of concerns is preserved (refer to Manager.shouldRefresh,
refreshAuth, authLastRefreshTimestamp, authPreferredInterval,
ProviderRefreshLead, and RefreshEvaluator).
- Around line 23-29: StartAutoRefresh and StopAutoRefresh access and mutate
m.refreshCancel without synchronization; protect reads/writes by using a mutex
on the receiver (e.g., add or use an existing sync.Mutex or sync.RWMutex on the
struct) and lock around every access to m.refreshCancel in StartAutoRefresh,
StopAutoRefresh, and the goroutine cancellation path (use defer unlock where
appropriate). Specifically, wrap the check/cancel/set operations around
m.refreshCancel with mu.Lock()/Unlock() (or mu.RLock()/RUnlock() for reads) for
the code in StartAutoRefresh and StopAutoRefresh so concurrent start/stop races
cannot occur. Ensure the goroutine still uses the context created but does not
access m.refreshCancel without holding the lock.
- Around line 11-12: Replace the logrus import and usage in conductor_refresh.go
with zerolog: remove import alias log "github.com/sirupsen/logrus" and import
"github.com/rs/zerolog/log" instead, then change all logrus call sites in this
file (e.g., any log.Errorf/log.Warnf/log.Infof/log.Debugf occurrences around the
noted regions) to zerolog patterns such as log.Error().Err(err).Msgf(...),
log.Warn().Msgf(...), log.Info().Msgf(...), or log.Debug().Msgf(...) as
appropriate so the file uses zerolog consistently with repository policy.

In `@sdk/cliproxy/auth/conductor_result.go`:
- Around line 25-26: The code is persisting while holding m.mu which can block;
change the flow in the block that checks m.auths[result.AuthID] so you read and
copy the auth (auth := m.auths[result.AuthID] or assign to a local variable),
then release m.mu (m.mu.Unlock()) before calling the persist/store operation,
and only re-lock if you need to update shared state afterwards; apply the same
pattern for the other occurrence around lines 123-125 to avoid IO under m.mu.
- Around line 14-140: MarkResult is too large and mixes orchestration, state
mutation and side-effects; refactor it into focused helpers to meet the 40-line
limit by extracting the main responsibilities: create handleSuccessResult(ctx,
auth, result, now) to reset model/auth state and compute flags
(shouldResumeModel, clearModelQuota), handleFailureResult(ctx, auth, result,
now) to set model or auth error state and compute flags (shouldSuspendModel,
setModelQuota, suspendReason), and a small persistAndRelease(ctx, auth) helper
to call m.persist and unlock; keep MarkResult as the coordinator that acquires
m.mu, looks up auth, calls these helpers, then performs registry actions
(ClearModelQuotaExceeded/SetModelQuotaExceeded/ResumeClientModel/SuspendClientModel)
and m.hook.OnResult, so each helper encapsulates mutation logic
(ensureModelState, resetModelState, updateAggregatedAvailability,
applyAuthFailureState, nextQuotaCooldown logic, etc.) and returns the minimal
control flags and error info back to MarkResult.
- Around line 347-394: The code sets auth.Unavailable = true unconditionally
before inspecting statusCodeFromResult(resultErr), which quarantines credentials
for client/request-shape errors like 400; change the logic so auth.Unavailable
(and auth.Status = StatusError) is only set for error classes that warrant
disabling the auth (e.g., server/transient errors 5xx, 429 quota,
401/402/403/404 if you intend to block them) after the switch on statusCode (or
set it conditionally inside relevant cases); use statusCodeFromResult(resultErr)
and the existing switch on statusCode to decide when to set auth.Unavailable,
adjust NextRetryAfter/Quota fields as currently done, and ensure client errors
(e.g., 400) leave auth.Unavailable false and preserve a non-quarantined state.

In `@sdk/cliproxy/auth/conductor_selection.go`:
- Around line 17-34: The provider string comparisons and the m.executors lookup
must use the same normalized/canonical keying as executorKeyFromAuth to avoid
mismatches: compute the canonical provider key (using the existing
executorKeyFromAuth logic) once (e.g., into a variable like
canonicalProviderKey) and use that key when looking up m.executors (instead of
raw provider) and when filtering candidate.Provider in the loop over m.auths;
update references around m.executors, executor/okExecutor, and the
candidate.Provider check so both use the same normalized key.
- Around line 62-69: The code reads selected.indexAssigned outside the mutex
then re-checks state after unlocking, which can race; instead re-evaluate under
the lock using the stable clone variable: inside the m.mu.Lock() block, fetch
current := m.auths[authCopy.ID], check current != nil && !current.indexAssigned,
call current.EnsureIndex() and set authCopy = current.Clone() there (and avoid
reading selected after releasing the lock); apply the same fix pattern for the
analogous block referenced around EnsureIndex/Clone at the other location (lines
~146-153) to avoid reading selected state after unlocking.
- Around line 13-71: The pickNext function is too long and mixes model
normalization, candidate filtering, selector invocation, and index assignment;
refactor by extracting each responsibility into small helpers such as
normalizeModelKey(opts.Metadata, model) to handle pinned auth and thinking
suffix stripping, buildCandidates(provider, modelKey, tried) to collect m.auths
under m.mu.RLock/RUnlock, and assignIndexIfNeeded(authCopy) (which acquires
m.mu.Lock/mu.Unlock only for EnsureIndex logic) to keep locking minimal and
correct; update pickNext to call these helpers and perform only orchestration
plus the selector.Pick call, preserving existing semantics (use m.selector.Pick
with the candidate slice and return auth copy and executor) and apply the same
decomposition to the similar method around lines 74-155.

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 629a6bf and 5b7bdac.

📒 Files selected for processing (59)

• .gitignore
• internal/auth/claude/anthropic_auth.go
• internal/auth/claude/token.go
• internal/auth/copilot/copilot_auth.go
• internal/auth/copilot/token.go
• internal/auth/gemini/gemini_auth.go
• internal/auth/gemini/gemini_token.go
• pkg/llmproxy/api/handlers/management/auth_gemini.go
• pkg/llmproxy/api/handlers/management/auth_github.go
• pkg/llmproxy/api/handlers/management/auth_kilo.go
• pkg/llmproxy/api/server.go
• pkg/llmproxy/auth/claude/anthropic_auth.go
• pkg/llmproxy/auth/claude/utls_transport.go
• pkg/llmproxy/auth/codex/openai_auth.go
• pkg/llmproxy/auth/codex/openai_auth_test.go
• pkg/llmproxy/auth/codex/token_test.go
• pkg/llmproxy/auth/copilot/copilot_auth.go
• pkg/llmproxy/auth/copilot/copilot_extra_test.go
• pkg/llmproxy/auth/copilot/token_test.go
• pkg/llmproxy/auth/diff/config_diff.go
• pkg/llmproxy/auth/gemini/gemini_auth.go
• pkg/llmproxy/auth/gemini/gemini_auth_test.go
• pkg/llmproxy/auth/iflow/iflow_auth.go
• pkg/llmproxy/auth/kimi/kimi.go
• pkg/llmproxy/auth/kimi/token_path_test.go
• pkg/llmproxy/auth/kiro/sso_oidc.go
• pkg/llmproxy/auth/kiro/token.go
• pkg/llmproxy/auth/qwen/qwen_auth.go
• pkg/llmproxy/auth/qwen/qwen_auth_test.go
• pkg/llmproxy/auth/qwen/qwen_token.go
• pkg/llmproxy/auth/qwen/qwen_token_test.go
• pkg/llmproxy/executor/antigravity_executor.go
• pkg/llmproxy/executor/codex_websockets_executor.go
• pkg/llmproxy/executor/kiro_auth.go
• pkg/llmproxy/executor/kiro_executor.go
• pkg/llmproxy/executor/kiro_streaming.go
• pkg/llmproxy/executor/kiro_transform.go
• pkg/llmproxy/executor/logging_helpers.go
• pkg/llmproxy/logging/request_logger.go
• pkg/llmproxy/registry/model_registry.go
• pkg/llmproxy/thinking/apply.go
• pkg/llmproxy/usage/metrics.go
• pkg/llmproxy/watcher/clients.go
• pkg/llmproxy/watcher/diff/config_diff.go
• pkg/llmproxy/watcher/diff/models_summary.go
• pkg/llmproxy/watcher/diff/openai_compat.go
• pkg/llmproxy/watcher/synthesizer/helpers.go
• sdk/auth/filestore.go
• sdk/auth/kilo.go
• sdk/cliproxy/auth/conductor_apikey.go
• sdk/cliproxy/auth/conductor_execution.go
• sdk/cliproxy/auth/conductor_helpers.go
• sdk/cliproxy/auth/conductor_http.go
• sdk/cliproxy/auth/conductor_management.go
• sdk/cliproxy/auth/conductor_refresh.go
• sdk/cliproxy/auth/conductor_result.go
• sdk/cliproxy/auth/conductor_selection.go
• sdk/cliproxy/auth/selector.go
• sdk/cliproxy/service.go

💤 Files with no reviewable changes (8)

• internal/auth/claude/token.go
• internal/auth/gemini/gemini_token.go
• internal/auth/copilot/token.go
• internal/auth/claude/anthropic_auth.go
• internal/auth/copilot/copilot_auth.go
• internal/auth/gemini/gemini_auth.go
• pkg/llmproxy/executor/kiro_executor.go
• pkg/llmproxy/executor/kiro_auth.go

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Use zerolog instead of logrus.

The coding guidelines specify using zerolog for logging. This file imports and uses logrus (github.com/sirupsen/logrus).

♻️ Proposed fix

-	log "github.com/sirupsen/logrus"
+	"github.com/rs/zerolog/log"

Then update the log calls accordingly (e.g., log.Error().Err(err).Str("proxyURL", maskedURL).Msg("failed to parse proxy URL")).

As per coding guidelines: "Use zerolog for logging (NOT fmt.Print)".

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/llmproxy/auth/claude/utls_transport.go` at line 13, The file currently
imports logrus (import alias log "github.com/sirupsen/logrus")—replace that
import with zerolog (github.com/rs/zerolog/log) and update all logrus-style
calls in utls_transport.go to zerolog fluent calls; e.g., map
log.Errorf/log.Errorf-like calls to log.Error().Err(err).Str("proxyURL",
maskedURL).Msg("failed to parse proxy URL"), log.Infof to log.Info().Msg(...)
and include context via .Str/.Err/.Int as appropriate, ensuring all occurrences
that reference the log alias are converted to the zerolog chaining API.

[coderabbitai]

🛠️ Refactor suggestion | 🟠 Major

Refactor compileAPIKeyModelAliasForModels to stay under the 40-line limit.

The function currently combines alias normalization, upstream no-op mapping, and suffix-preservation seeding in one block. Extracting focused helpers will simplify behavior and reduce regression risk.

As per coding guidelines Maximum function length: 40 lines.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@sdk/cliproxy/auth/conductor_apikey.go` around lines 138 - 182, The function
compileAPIKeyModelAliasForModels is over the 40-line limit and mixes
responsibilities (alias normalization, upstream-name mapping, and
suffix-preservation); extract small helper functions (e.g., normalizeKey(name
string) string, seedIfAbsent(out map[string]string, key string, value string),
seedAliasForModel(out map[string]string, m T), and seedNameAndBaseForModel(out
map[string]string, m T) or similar) and move the parsing/trim/lowercasing and
the ParseSuffix logic into those helpers, then rewrite
compileAPIKeyModelAliasForModels to iterate models and call those helpers so the
main function is concise and under 40 lines while preserving the same behavior
for aliasKey, nameKey, and baseKey seeding.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

# First, let's look at the file in question
wc -l sdk/cliproxy/auth/conductor_helpers.go

Repository: KooshaPari/cliproxyapi-plusplus

Length of output: 117

---

🏁 Script executed:

# Read the import section (lines 1-20) to confirm the logrus import
head -20 sdk/cliproxy/auth/conductor_helpers.go | cat -n

Repository: KooshaPari/cliproxyapi-plusplus

Length of output: 718

---

🏁 Script executed:

# Check lines 274-306 where logrus is reportedly used
sed -n '274,306p' sdk/cliproxy/auth/conductor_helpers.go | cat -n

Repository: KooshaPari/cliproxyapi-plusplus

Length of output: 1372

---

🏁 Script executed:

# Search for zerolog usage in the repository to confirm it's the standard
rg "zerolog" --type go -c

Repository: KooshaPari/cliproxyapi-plusplus

Length of output: 57

---

🏁 Script executed:

# Check if other files in the same directory use zerolog
find sdk/cliproxy/auth -name "*.go" -exec grep -l "zerolog\|logrus" {} \;

Repository: KooshaPari/cliproxyapi-plusplus

Length of output: 152

---

🏁 Script executed:

# Check if logrus is used across the codebase
rg "github.com/sirupsen/logrus" --type go | head -20

Repository: KooshaPari/cliproxyapi-plusplus

Length of output: 1335

---

🏁 Script executed:

# Check for zerolog imports specifically
rg "zerolog" --type go | head -20

Repository: KooshaPari/cliproxyapi-plusplus

Length of output: 57

---

🏁 Script executed:

# Look for logging package in the codebase
find . -path "*/llmproxy/logging*" -o -path "*/logging/*.go" | head -10

Repository: KooshaPari/cliproxyapi-plusplus

Length of output: 469

---

🏁 Script executed:

# Check the logging package that's imported
cat sdk/cliproxy/auth/conductor_helpers.go | grep -A 5 "llmproxy/logging"

Repository: KooshaPari/cliproxyapi-plusplus

Length of output: 336

---

🏁 Script executed:

# Examine the logging package
find . -name "logging.go" -o -name "logging" -type d | head -5

Repository: KooshaPari/cliproxyapi-plusplus

Length of output: 111

---

🏁 Script executed:

# Check the global_logger.go to see what logging standard is used
cat pkg/llmproxy/logging/global_logger.go

Repository: KooshaPari/cliproxyapi-plusplus

Length of output: 5454

---

🏁 Script executed:

# Check the request_logger.go
cat pkg/llmproxy/logging/request_logger.go | head -50

Repository: KooshaPari/cliproxyapi-plusplus

Length of output: 1678

---

🏁 Script executed:

# Check if there's any documentation about logging standards
find . -name "*.md" -o -name "*.txt" | xargs grep -l "zerolog\|logrus" 2>/dev/null | head -5

Repository: KooshaPari/cliproxyapi-plusplus

Length of output: 102

---

🏁 Script executed:

# Check the AGENTS.md or similar documentation mentioned in learnings
cat AGENTS.md 2>/dev/null | head -100

Repository: KooshaPari/cliproxyapi-plusplus

Length of output: 2265

---

🏁 Script executed:

# Check if there's a changelog or migration plan
find . -name "CHANGELOG*" -o -name "MIGRATION*" | head -3

Repository: KooshaPari/cliproxyapi-plusplus

Length of output: 166

---

Refactor to use zerolog instead of logrus.

File imports and uses logrus, which conflicts with the repository's logging standard documented in AGENTS.md. All new code must use zerolog for consistency.

Also applies to lines 274-306.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@sdk/cliproxy/auth/conductor_helpers.go` around lines 13 - 14, Replace the
logrus import and all logrus calls with zerolog: remove import alias log
"github.com/sirupsen/logrus" and instead import "github.com/rs/zerolog/log";
then convert logrus calls found in this file (including the block around lines
274-306) — e.g., log.Errorf, log.Infof, log.Warnf, log.Debugf, log.Fatalf — into
zerolog equivalents using the global logger methods and Msg/Msgf (for formatted
messages) or Err(err).Msg(...) as appropriate (for example use
log.Error().Err(err).Msgf(...), log.Info().Msgf(...), log.Warn().Msgf(...),
log.Debug().Msgf(...), and avoid using Fatalf directly; if a process exit is
needed use log.Fatal().Msgf(...) or call os.Exit after logging). Update any
structured fields to use .With(). or .Str/.Err as needed to preserve context.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Guard against nil auth entries in List before cloning.

auth.Clone() can panic if a nil entry exists in m.auths; this file already treats auth pointers as nullable in other iterations.

🛠️ Proposed fix

 	for _, auth := range m.auths {
+		if auth == nil {
+			continue
+		}
 		list = append(list, auth.Clone())
 	}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	for _, auth := range m.auths {
	list = append(list, auth.Clone())
	}
	for _, auth := range m.auths {
	if auth == nil {
	continue
	}
	list = append(list, auth.Clone())
	}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@sdk/cliproxy/auth/conductor_helpers.go` around lines 345 - 347, In the List
method iterate over m.auths and guard against nil entries before calling Clone:
for each auth in m.auths check if auth == nil and skip (or handle appropriately)
so auth.Clone() is only invoked on non-nil pointers; update the code around the
loop that currently does "for _, auth := range m.auths { list = append(list,
auth.Clone()) }" to perform a nil-check and avoid panics while preserving the
original ordering and behavior.

[coderabbitai]

Actionable comments posted: 8

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

.github/workflows/coderabbit-rate-limit-retry.yml (1)

128-128: ⚠️ Potential issue | 🟡 Minor

Label description is inconsistent with updated bypass logic.

The description still references "high PR backlog" but the bypass eligibility (line 185) now only checks staleness (stale && !stateOk), not backlog.

📝 Proposed fix to update label description

-                  description: "Temporary bypass for CodeRabbit rate-limit under high PR backlog.",
+                  description: "Temporary bypass for stale CodeRabbit checks that haven't succeeded.",

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/coderabbit-rate-limit-retry.yml at line 128, The label's
description string ("Temporary bypass for CodeRabbit rate-limit under high PR
backlog.") is inaccurate given the bypass condition now uses only staleness and
state check (the logic at the bypass eligibility check: stale && !stateOk);
update the description field (the YAML key description for that label) to
accurately reflect the current criteria (e.g., mention stale PRs or failing
state checks) so the label text matches the bypass logic.

♻️ Duplicate comments (2)

pkg/llmproxy/auth/qwen/qwen_token.go (2)

41-47: ⚠️ Potential issue | 🟠 Major

Create token files with explicit owner-only permissions (0600).

Line 41 uses os.Create, so token file mode depends on process umask. For credential material, enforce owner-only permissions at creation time.

Proposed hardening

-	f, err := os.Create(b.FilePath)
+	f, err := os.OpenFile(b.FilePath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0o600)
 	if err != nil {
 		return fmt.Errorf("failed to create token file: %w", err)
 	}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/llmproxy/auth/qwen/qwen_token.go` around lines 41 - 47, The token file is
created with os.Create which relies on the process umask; change creation to
explicitly set owner-only permissions by opening the file with
os.OpenFile(b.FilePath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600) instead of
os.Create, keep the existing error checks and defer f.Close(), and continue
using json.NewEncoder(f).Encode(b) to write the token so the file is created
with strict 0600 permissions at creation time.

---

78-84: ⚠️ Potential issue | 🟠 Major

Canonicalization alone does not prevent arbitrary-path writes.

Line 83 still accepts a cleaned absolute path derived from authFilePath and persists to it. cleanTokenFilePath blocks .. traversal patterns but does not enforce containment under an allowed credentials directory, so uncontrolled path expression risk remains.

Also applies to: 88-101

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/llmproxy/auth/qwen/qwen_token.go` around lines 78 - 84, The code
currently assigns a cleaned path to BaseTokenStorage.FilePath (in qwen_token.go)
but cleanTokenFilePath only strips traversal sequences and still allows absolute
or out-of-directory targets; update the logic around cleanTokenFilePath and the
assignment to BaseTokenStorage.FilePath/Type to enforce containment inside an
allowed credentials directory: compute the absolute paths for both the allowed
credentials directory (e.g., a configured credentialsDir) and the cleaned
authFilePath, use filepath.Rel (or equivalent) to ensure the cleaned path is
inside credentialsDir (reject if it escapes or is absolute outside), and if
valid, join the cleaned filename to the credentialsDir before setting
ts.BaseTokenStorage.FilePath and ts.BaseTokenStorage.Type; fail with an error if
the path is outside the allowed directory.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/pr-test-build.yml:
- Around line 334-335: Replace the non-deterministic npm install step in the
GitHub Actions job with the lockfile-aware command by changing the "npm install"
line to "npm ci" while leaving "npm run docs:build" unchanged; update the
workflow step that currently runs the commands "npm install" and "npm run
docs:build" so it uses "npm ci" to ensure deterministic docs CI using the
existing package-lock.json.
- Around line 77-80: Replace the unpinned install of staticcheck by changing the
go install call (go install honnef.co/go/tools/cmd/staticcheck@latest) to use a
specific version tag instead of `@latest` (e.g.
honnef.co/go/tools/cmd/staticcheck@<SPECIFIC_VERSION>); pick and lock a concrete
staticcheck release that is compatible with the workflow (and coordinate with
the existing golangci-lint v1.64.8 pin), so CI uses a deterministic staticcheck
version.
- Around line 307-308: The current alternation in the workflow's conditional
(the regex used with echo "${changed_files}" | rg) is missing grouping and
allows matching "auth" as a substring; update the pattern so the keywords are
grouped and require a boundary after the keyword (end-of-string, slash, hyphen,
or dot) so files like "authoring.md" don't match while "policy.json",
"oauth-config.yml", and "pkg/security/" do; replace the existing pattern with
one that groups the keywords and enforces the trailing boundary, e.g. use a
pattern equivalent to: start-or-slash, then (security|policy|oauth|token|auth),
then end-or-slash-or-hyphen-or-dot, and keep the rest of the conditional
assigning scope="security" unchanged.
- Around line 81-86: The workflow invokes the Task CLI (e.g., the step that runs
`task quality:ci`) but never installs it; add a pre-step named "Set up Task" in
each job that calls `task` (quality-staged-check, fmt-check, test-smoke,
pre-release-config-compat-smoke and the existing quality job) to provision the
go-task binary before any `task` commands run; implement the step to install the
Task CLI (for example by downloading the appropriate release or using `go
install`/package manager) so that the subsequent `task` invocation (e.g., `task
quality:ci`) succeeds reliably on all runners.

In `@docs/troubleshooting.md`:
- Line 222: The table cell for "Gemini CLI/Antigravity prompt cache drift"
contains a complex, escaped inline command that breaks the markdown table and
prevents copy-paste; replace the long inline command in that cell with a short
reference (e.g., "See Cache drift probe commands below") and add a fenced code
block titled "Cache drift probe commands" after the table containing the two
multi-line bash snippets (the curl loops for gemini-2.5-pro and
antigravity/claude-sonnet-4-5-thinking) using unescaped model names and jq
'{model,usage,error}' so the pipes remain inside the code block and do not break
the table; ensure the table cell text and the new code block use the same
reference label so readers can find the commands easily.

In `@pkg/llmproxy/api/handlers/management/alerts.go`:
- Around line 242-245: Replace the duplicated hard-coded cap
maxAlertHistoryAlloc in GetAlertHistory with the manager's configured limit by
using m.maxHistory: remove the const maxAlertHistoryAlloc and the comparison
against it, and instead clamp limit with if limit > m.maxHistory { limit =
m.maxHistory }; ensure you reference the method GetAlertHistory and the field
m.maxHistory so the single source of truth governs history limits.
- Around line 365-371: Replace the manual fmt.Sscanf + clamping with Gin
validator-backed binding: define a small query struct (e.g., AlertsQuery with
field Limit int `form:"limit" binding:"omitempty,min=1,max=1000"`), call
c.ShouldBindQuery(&q) and handle/return validation errors, then set a default
when q.Limit == 0 (e.g., q.Limit = 50) and use q.Limit in place of the previous
limit variable; remove the fmt.Sscanf and if/else clamps. Use ShouldBindQuery
and the AlertsQuery struct name to locate where to change the
parsing/validation.

In `@pkg/llmproxy/auth/qwen/qwen_token.go`:
- Around line 55-62: SaveTokenToFile currently calls BaseTokenStorage.Save which
only serializes the embedded BaseTokenStorage and drops Qwen-specific fields
(ResourceURL, Email); change SaveTokenToFile to encode the full
*QwenTokenStorage instead of delegating to BaseTokenStorage.Save. Locate the
QwenTokenStorage type and the SaveTokenToFile method, and replace the
BaseTokenStorage.Save call with a custom encoder that marshals/encodes the
entire *QwenTokenStorage value (including ResourceURL and Email) to the same
destination/format used by BaseTokenStorage.Save, preserving error handling and
file/stream semantics.

---

Outside diff comments:
In @.github/workflows/coderabbit-rate-limit-retry.yml:
- Line 128: The label's description string ("Temporary bypass for CodeRabbit
rate-limit under high PR backlog.") is inaccurate given the bypass condition now
uses only staleness and state check (the logic at the bypass eligibility check:
stale && !stateOk); update the description field (the YAML key description for
that label) to accurately reflect the current criteria (e.g., mention stale PRs
or failing state checks) so the label text matches the bypass logic.

---

Duplicate comments:
In `@pkg/llmproxy/auth/qwen/qwen_token.go`:
- Around line 41-47: The token file is created with os.Create which relies on
the process umask; change creation to explicitly set owner-only permissions by
opening the file with os.OpenFile(b.FilePath,
os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600) instead of os.Create, keep the
existing error checks and defer f.Close(), and continue using
json.NewEncoder(f).Encode(b) to write the token so the file is created with
strict 0600 permissions at creation time.
- Around line 78-84: The code currently assigns a cleaned path to
BaseTokenStorage.FilePath (in qwen_token.go) but cleanTokenFilePath only strips
traversal sequences and still allows absolute or out-of-directory targets;
update the logic around cleanTokenFilePath and the assignment to
BaseTokenStorage.FilePath/Type to enforce containment inside an allowed
credentials directory: compute the absolute paths for both the allowed
credentials directory (e.g., a configured credentialsDir) and the cleaned
authFilePath, use filepath.Rel (or equivalent) to ensure the cleaned path is
inside credentialsDir (reject if it escapes or is absolute outside), and if
valid, join the cleaned filename to the credentialsDir before setting
ts.BaseTokenStorage.FilePath and ts.BaseTokenStorage.Type; fail with an error if
the path is outside the allowed directory.

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5b7bdac and 33bb77f.

📒 Files selected for processing (10)

• .github/codeql/codeql-config.yml
• .github/workflows/codeql.yml
• .github/workflows/coderabbit-rate-limit-retry.yml
• .github/workflows/pr-path-guard.yml
• .github/workflows/pr-test-build.yml
• docs/troubleshooting.md
• pkg/llmproxy/api/handlers/management/alerts.go
• pkg/llmproxy/auth/gemini/gemini_auth_test.go
• pkg/llmproxy/auth/kimi/token_path_test.go
• pkg/llmproxy/auth/qwen/qwen_token.go

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: Analyze (Go) (go)
• GitHub Check: go-ci
• GitHub Check: lint-test

🧰 Additional context used

📓 Path-based instructions (2)

**/*.go

📄 CodeRabbit inference engine (AGENTS.md)

**/*.go: NEVER create a v2 file - refactor the original instead
NEVER create a new class if an existing one can be made generic
NEVER create custom implementations when an OSS library exists - search pkg.go.dev for existing libraries before writing code
Build generic building blocks (provider interface + registry) before application logic
Use chi for HTTP routing (NOT custom routers)
Use zerolog for logging (NOT fmt.Print)
Use viper for configuration (NOT manual env parsing)
Use go-playground/validator for validation (NOT manual if/else validation)
Use golang.org/x/time/rate for rate limiting (NOT custom limiters)
Use template strings for messages instead of hardcoded messages and config-driven logic instead of code-driven
Zero new lint suppressions without inline justification
All new code must pass: go fmt, go vet, golint
Maximum function length: 40 lines
No placeholder TODOs in committed code

Files:

• pkg/llmproxy/auth/gemini/gemini_auth_test.go
• pkg/llmproxy/api/handlers/management/alerts.go
• pkg/llmproxy/auth/kimi/token_path_test.go
• pkg/llmproxy/auth/qwen/qwen_token.go

**/*.md

📄 CodeRabbit inference engine (CLAUDE.md)

Consolidate overlapping documentation aggressively; merge related session docs and remove orphaned or outdated markdown files

Files:

• docs/troubleshooting.md

🧬 Code graph analysis (2)

pkg/llmproxy/auth/gemini/gemini_auth_test.go (1)

sdk/cliproxy/auth/errors.go (1)

• Error (4-13)

pkg/llmproxy/auth/qwen/qwen_token.go (1)

pkg/llmproxy/misc/credentials.go (1)

• LogSavingCredentials (15-21)

🪛 Gitleaks (8.30.0)

docs/troubleshooting.md

[high] 222-222: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.

(curl-auth-header)

🪛 markdownlint-cli2 (0.21.0)

docs/troubleshooting.md

[warning] 222-222: Table column count
Expected: 4; Actual: 5; Too many cells, extra data will be missing

(MD056, table-column-count)

🔇 Additional comments (11)

.github/workflows/codeql.yml (1)

28-33: Good CodeQL initialization update.

Line 32 correctly wires the dedicated CodeQL config file into the init step, which keeps scan behavior explicit and maintainable.

.github/codeql/codeql-config.yml (1)

1-9: Config file is clear and appropriately scoped.

The new CodeQL config is well-structured, and the paths-ignore entries on Lines 7–9 are reasonable for reducing non-actionable alerts.

pkg/llmproxy/auth/kimi/token_path_test.go (2)

9-10: Test setup change is clean and behavior-preserving.

Line 9 and Line 10 keep initialization explicit without changing the traversal-path test intent.

---

17-17: Error assertion is now more resilient without weakening validation.

Line 17 still verifies an invalid-path failure, while tolerating equivalent error wording from underlying validation layers.

.github/workflows/pr-path-guard.yml (1)

11-12: LGTM!

Adding an explicit name field improves clarity in the GitHub Actions UI. While it's identical to the job ID, explicit naming is a good practice for consistency across workflows.

pkg/llmproxy/auth/gemini/gemini_auth_test.go (2)

52-53: Post-construction field assignment is a good compatibility update.

Assigning Email and Type after initialization keeps the test resilient to struct-literal shape changes without altering behavior.

---

79-79: Traversal-path test assertion is appropriately robust to message variants.

This keeps the security expectation strict (must reject traversal) while avoiding brittle failures from harmless error-string renames.

.github/workflows/coderabbit-rate-limit-retry.yml (3)

185-185: LGTM! Simplified bypass eligibility logic.

The new condition stale && !stateOk is clearer and removes the backlog threshold dependency, making retriggers purely time-based when CodeRabbit hasn't succeeded.

---

194-194: Clear and informative retrigger message.

The updated message accurately reflects the bypass criteria and provides useful context for debugging.

---

211-211: LGTM!

Gate summary correctly reflects the stale threshold, consistent with the updated bypass logic.

pkg/llmproxy/auth/qwen/qwen_token.go (1)

88-95: This validation pattern is appropriate for this context and does not require refactoring.

The cleanTokenFilePath function performs security-critical path validation (trimming, empty-path detection, and path traversal prevention) at the function parameter level. The go-playground/validator library is designed for struct field validation using tags and cannot express path traversal security checks like detecting ., .., or ../ patterns. This function's manual validation is the correct approach for parameter-level security validation, distinct from struct field validation covered by the coding guidelines.

Likely an incorrect or invalid review comment.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# First, examine the exact file and lines mentioned
cat -n .github/workflows/pr-test-build.yml | sed -n '70,85p'

Repository: KooshaPari/cliproxyapi-plusplus

Length of output: 809

---

🏁 Script executed:

#!/bin/bash
# Search for all unpinned tool installations (`@latest`) in GitHub workflows
echo "=== Searching for `@latest` in workflow files ==="
rg -n '@latest' .github/workflows/ || echo "No `@latest` found"
echo ""
echo "=== Full context of staticcheck installation ==="
rg -B5 -A5 'staticcheck' .github/workflows/pr-test-build.yml

Repository: KooshaPari/cliproxyapi-plusplus

Length of output: 848

---

🏁 Script executed:

#!/bin/bash
# Check if other go install commands in this workflow use pinned versions
echo "=== All go install commands in pr-test-build.yml ==="
rg -n 'go install' .github/workflows/pr-test-build.yml

Repository: KooshaPari/cliproxyapi-plusplus

Length of output: 455

---

Pin staticcheck to a specific version; it currently uses @latest while golangci-lint is pinned to v1.64.8.

Unpinned lint tool versions in CI can introduce unexpected behavior changes between PR runs without code modifications, potentially breaking builds. The inconsistency with other tools in this workflow (which are version-pinned) should be resolved.

🔒 Suggested fix

       - name: Install staticcheck
+        env:
+          STATICCHECK_VERSION: ${{ vars.STATICCHECK_VERSION }}
         run: |
+          : "${STATICCHECK_VERSION:?Set repository variable STATICCHECK_VERSION}"
           if ! command -v staticcheck >/dev/null 2>&1; then
-            go install honnef.co/go/tools/cmd/staticcheck@latest
+            go install honnef.co/go/tools/cmd/staticcheck@${STATICCHECK_VERSION}
           fi

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/pr-test-build.yml around lines 77 - 80, Replace the
unpinned install of staticcheck by changing the go install call (go install
honnef.co/go/tools/cmd/staticcheck@latest) to use a specific version tag instead
of `@latest` (e.g. honnef.co/go/tools/cmd/staticcheck@<SPECIFIC_VERSION>); pick
and lock a concrete staticcheck release that is compatible with the workflow
(and coordinate with the existing golangci-lint v1.64.8 pin), so CI uses a
deterministic staticcheck version.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

# First, let's check the actual file to confirm the content at lines 307-308
sed -n '305,310p' .github/workflows/pr-test-build.yml

Repository: KooshaPari/cliproxyapi-plusplus

Length of output: 352

---

🏁 Script executed:

# Test the regex patterns as shown in the review
cat > /tmp/paths.txt <<'EOF'
docs/authoring.md
pkg/security/rules.go
pkg/auth/token.go
pkg/runtime/router.go
policy.json
oauth-config.yml
token-secret.env
authentication.js
EOF

echo "=== Current pattern matches ==="
rg -n '(^|/)security|policy|oauth|token|auth' /tmp/paths.txt || true

echo
echo "=== Proposed pattern matches ==="
rg -n '(^|/)(security|policy|oauth|token|auth)(/|$)' /tmp/paths.txt || true

Repository: KooshaPari/cliproxyapi-plusplus

Length of output: 320

---

Tighten security-scope regex to fix false positive matches of auth substring.

Current pattern (^|/)security|policy|oauth|token|auth has operator precedence issues. It matches "auth" as a substring in "authoring.md" and "authentication.js" when it should only match "auth" as a separate path component.

Suggested fix needs adjustment. The proposed pattern (^|/)(security|policy|oauth|token|auth)(/|$) is too restrictive—it requires "/" or end-of-string immediately after the keyword, which blocks legitimate matches like policy.json, oauth-config.yml, and token-secret.env.

Consider instead: (^|/)(security|policy|oauth|token|auth)($|[/-]|\.)

This allows the keyword to be followed by end-of-path, slash, hyphen, or dot, matching both directory paths like pkg/security/ and files like policy.json.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/pr-test-build.yml around lines 307 - 308, The current
alternation in the workflow's conditional (the regex used with echo
"${changed_files}" | rg) is missing grouping and allows matching "auth" as a
substring; update the pattern so the keywords are grouped and require a boundary
after the keyword (end-of-string, slash, hyphen, or dot) so files like
"authoring.md" don't match while "policy.json", "oauth-config.yml", and
"pkg/security/" do; replace the existing pattern with one that groups the
keywords and enforces the trailing boundary, e.g. use a pattern equivalent to:
start-or-slash, then (security|policy|oauth|token|auth), then
end-or-slash-or-hyphen-or-dot, and keep the rest of the conditional assigning
scope="security" unchanged.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

🧩 Analysis chain

🏁 Script executed:

fd 'package-lock.json|npm-shrinkwrap.json' docs

Repository: KooshaPari/cliproxyapi-plusplus

Length of output: 97

---

Use lockfile install (npm ci) for deterministic docs CI.

npm install can update resolution state and makes builds less reproducible. A package-lock.json is present in the docs directory, so npm ci should be used instead.

Suggested fix

       - name: Build docs
         working-directory: docs
         run: |
-          npm install
+          npm ci
           npm run docs:build

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	npm install
	npm run docs:build
	- name: Build docs
	working-directory: docs
	run: |
	npm ci
	npm run docs:build

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/pr-test-build.yml around lines 334 - 335, Replace the
non-deterministic npm install step in the GitHub Actions job with the
lockfile-aware command by changing the "npm install" line to "npm ci" while
leaving "npm run docs:build" unchanged; update the workflow step that currently
runs the commands "npm install" and "npm run docs:build" so it uses "npm ci" to
ensure deterministic docs CI using the existing package-lock.json.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Refactor complex commands out of table cells.

The HTML entity escaping (<model>) prevents users from directly copy-pasting the troubleshooting command, and the unescaped pipe characters in the jq filter break the markdown table structure (4 expected columns vs 5 detected).

Complex multi-line commands with special characters should be moved to code blocks below the table, with the table cell containing only a brief reference or command name.

♻️ Proposed fix: Move commands to code blocks

Replace the long inline commands with a reference, then add the full commands below the table:

-| Gemini CLI/Antigravity prompt cache drift (`CPB-0792`, `CPB-0797`) | prompt cache keying or executor fallback lacks validation, letting round-robin slip to stale providers and emit unexpected usage totals | re-run the `gemini-2.5-pro` chat completion three times and repeat with `antigravity/claude-sonnet-4-5-thinking`, e.g. `curl -sS -X POST http://localhost:8317/v1/chat/completions -H "Authorization: Bearer demo-client-key" -H "Content-Type: application/json" -d '{"model":"<model>","messages":[{"role":"user","content":"cache guard probe"}],"stream":false}' | jq '{model,usage,error}'` | reset prompt caches, enforce provider-specific cache keys/fallbacks, and alert when round-robin reroutes to unexpected providers |
+| Gemini CLI/Antigravity prompt cache drift (`CPB-0792`, `CPB-0797`) | prompt cache keying or executor fallback lacks validation, letting round-robin slip to stale providers and emit unexpected usage totals | See cache drift probe commands below | reset prompt caches, enforce provider-specific cache keys/fallbacks, and alert when round-robin reroutes to unexpected providers |

Then add after the table (before line 229):

### Cache drift probe commands

Test Gemini and Antigravity prompt cache behavior by running the same request three times:

```bash
# Test with Gemini 2.5 Pro
for i in {1..3}; do
  curl -sS -X POST http://localhost:8317/v1/chat/completions \
    -H "Authorization: Bearer demo-client-key" \
    -H "Content-Type: application/json" \
    -d '{"model":"gemini-2.5-pro","messages":[{"role":"user","content":"cache guard probe"}],"stream":false}' \
    | jq '{model,usage,error}'
done

# Repeat with Antigravity Claude
for i in {1..3}; do
  curl -sS -X POST http://localhost:8317/v1/chat/completions \
    -H "Authorization: Bearer demo-client-key" \
    -H "Content-Type: application/json" \
    -d '{"model":"antigravity/claude-sonnet-4-5-thinking","messages":[{"role":"user","content":"cache guard probe"}],"stream":false}' \
    | jq '{model,usage,error}'
done

</details>

<details>
<summary>🧰 Tools</summary>

<details>
<summary>🪛 Gitleaks (8.30.0)</summary>

[high] 222-222: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.

(curl-auth-header)

</details>
<details>
<summary>🪛 markdownlint-cli2 (0.21.0)</summary>

[warning] 222-222: Table column count
Expected: 4; Actual: 5; Too many cells, extra data will be missing

(MD056, table-column-count)

</details>

</details>

<details>
<summary>🤖 Prompt for AI Agents</summary>

Verify each finding against the current code and only fix it if needed.

In @docs/troubleshooting.md at line 222, The table cell for "Gemini
CLI/Antigravity prompt cache drift" contains a complex, escaped inline command
that breaks the markdown table and prevents copy-paste; replace the long inline
command in that cell with a short reference (e.g., "See Cache drift probe
commands below") and add a fenced code block titled "Cache drift probe commands"
after the table containing the two multi-line bash snippets (the curl loops for
gemini-2.5-pro and antigravity/claude-sonnet-4-5-thinking) using unescaped model
names and jq '{model,usage,error}' so the pipes remain inside the code block and
do not break the table; ensure the table cell text and the new code block use
the same reference label so readers can find the commands easily.

</details>

<!-- This is an auto-generated comment by CodeRabbit -->

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Use m.maxHistory instead of a duplicated hard-coded cap.

This introduces a second source of truth for history limits. If maxHistory changes later, GetAlertHistory can drift.

♻️ Proposed refactor

-	// Cap allocation to prevent uncontrolled allocation from caller-supplied values.
-	const maxAlertHistoryAlloc = 1000
-	if limit > maxAlertHistoryAlloc {
-		limit = maxAlertHistoryAlloc
+	// Cap allocation to the manager's configured maximum.
+	if limit > m.maxHistory {
+		limit = m.maxHistory
 	}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	// Cap allocation to prevent uncontrolled allocation from caller-supplied values.
	const maxAlertHistoryAlloc = 1000
	if limit > maxAlertHistoryAlloc {
	limit = maxAlertHistoryAlloc
	// Cap allocation to the manager's configured maximum.
	if limit > m.maxHistory {
	limit = m.maxHistory
	}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/llmproxy/api/handlers/management/alerts.go` around lines 242 - 245,
Replace the duplicated hard-coded cap maxAlertHistoryAlloc in GetAlertHistory
with the manager's configured limit by using m.maxHistory: remove the const
maxAlertHistoryAlloc and the comparison against it, and instead clamp limit with
if limit > m.maxHistory { limit = m.maxHistory }; ensure you reference the
method GetAlertHistory and the field m.maxHistory so the single source of truth
governs history limits.

[coderabbitai]

🛠️ Refactor suggestion | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

# Find the file and examine its imports
head -50 pkg/llmproxy/api/handlers/management/alerts.go | grep -E "^import|^package|gin|validator"

Repository: KooshaPari/cliproxyapi-plusplus

Length of output: 130

---

🏁 Script executed:

# Check for go.mod to verify dependencies
cat go.mod | grep -E "gin|validator"

Repository: KooshaPari/cliproxyapi-plusplus

Length of output: 216

---

🏁 Script executed:

# Examine the full GETAlertHistory function to see actual implementation
sed -n '340,400p' pkg/llmproxy/api/handlers/management/alerts.go

Repository: KooshaPari/cliproxyapi-plusplus

Length of output: 1423

---

Replace manual query validation with validator-backed binding.

Lines 365–371 manually parse and clamp limit with fmt.Sscanf and if/else statements. Use ShouldBindQuery with validation constraints to replace this manual validation, as required by project guidelines.

✅ Proposed fix

 func (h *AlertHandler) GETAlertHistory(c *gin.Context) {
-	limit := 50
-	fmt.Sscanf(c.DefaultQuery("limit", "50"), "%d", &limit)
-	if limit < 1 {
-		limit = 1
-	}
-	if limit > 1000 {
-		limit = 1000
-	}
+	var q struct {
+		Limit int `form:"limit" binding:"min=1,max=1000"`
+	}
+	if err := c.ShouldBindQuery(&q); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+	limit := q.Limit
+	if limit == 0 {
+		limit = 50
+	}
 
-	history := h.manager.GetAlertHistory(limit)
+	history := h.manager.GetAlertHistory(limit)

Validator is already a project dependency (go-playground/validator/v10). Per coding guidelines, use validator for query binding instead of manual if/else checks.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/llmproxy/api/handlers/management/alerts.go` around lines 365 - 371,
Replace the manual fmt.Sscanf + clamping with Gin validator-backed binding:
define a small query struct (e.g., AlertsQuery with field Limit int
`form:"limit" binding:"omitempty,min=1,max=1000"`), call c.ShouldBindQuery(&q)
and handle/return validation errors, then set a default when q.Limit == 0 (e.g.,
q.Limit = 50) and use q.Limit in place of the previous limit variable; remove
the fmt.Sscanf and if/else clamps. Use ShouldBindQuery and the AlertsQuery
struct name to locate where to change the parsing/validation.