sync: record gateway final hardening
This commit is contained in:
Rene Fichtmueller
parent
c7491406d1
commit
b15b8da963
@ -10,7 +10,25 @@
|
|||||||
|
|
||||||
## Session Status
|
## Session Status
|
||||||
|
|
||||||
### Latest Verified State — 2026-05-12 23:08 Europe/Berlin
|
### Latest Verified State — 2026-05-12 23:30 Europe/Berlin
|
||||||
|
|
||||||
|
- Live hardening and verification completed:
|
||||||
|
- GitHub Copilot bridge now binds to loopback by default (`127.0.0.1`) and reports stable diagnostic health instead of hiding startup/auth failures behind PM2 restarts.
|
||||||
|
- The Copilot bridge health now exposes `auth_required`, host, package, last startup/output, and an explicit warning while `COPILOT_API_PACKAGE` is still `copilot-api@latest`.
|
||||||
|
- Dashboard Client Coverage now shows bridge provider/runtime state per desktop client, not only local process/install detection.
|
||||||
|
- Live `/api/dashboard/clients?hours=24` verifies:
|
||||||
|
- Codex Desktop / CLI: `live`, bridge `codex` ready, callers include `codex-cli`, `codex-live-gateway-check`, `codex-secure-tunnel-smoke`, `tokensSaved=4067`.
|
||||||
|
- Claude Desktop / Claude Code: `live`, bridge `claude-code` ready, callers include `claude-code-companion`, `requestCount=28`.
|
||||||
|
- Microsoft Copilot: local process detected, bridge `m365-copilot-bridge` remains `auth_required` until Microsoft Graph/device auth is configured.
|
||||||
|
- GitHub Copilot: local process/bridge detected, bridge `copilot-bridge` remains `auth_required` until GitHub Copilot device login is completed.
|
||||||
|
- Fresh compression proof after deploy:
|
||||||
|
- Caller `final-repeat-compression-smoke`, model `qwen2.5:14b`.
|
||||||
|
- Compression mode `ctxlean:verbatim_compact`.
|
||||||
|
- Tokens `8882 -> 106`, saved `8776`, savings `98.81%`.
|
||||||
|
- Gateway public health remains green: `/api/dashboard/health` returns `status=ok`, database `connected`.
|
||||||
|
- Operational note:
|
||||||
|
- Cloudflare SSH fallback needed explicit Go DNS mode from Codex sandbox: `GODEBUG=netdns=go+1 cloudflared access ssh --hostname ssh.context-x.org`.
|
||||||
|
- Direct SSH to Erik was intermittent/refused during deploy, but Cloudflare SSH with the DNS override completed restart and verification.
|
||||||
|
|
||||||
- Companion tool-use adapter added and verified:
|
- Companion tool-use adapter added and verified:
|
||||||
- Anthropic `tools` are summarized into a strict tool-use adapter instruction for the text backend.
|
- Anthropic `tools` are summarized into a strict tool-use adapter instruction for the text backend.
|
||||||
|
|||||||
43
sync/history/2026-05-12-gateway-final-hardening.md
Normal file
43
sync/history/2026-05-12-gateway-final-hardening.md
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
# LLM Gateway Final Hardening Handoff — 2026-05-12
|
||||||
|
|
||||||
|
## Summary
|
||||||
|
|
||||||
|
- Hardened GitHub Copilot bridge:
|
||||||
|
- Loopback-only default: `COPILOT_BRIDGE_HOST=127.0.0.1`.
|
||||||
|
- Health endpoint remains available when underlying `copilot-api` is starting, unavailable, or auth-blocked.
|
||||||
|
- Health now reports `auth_required`, package/version, last startup/output, and warns while `COPILOT_API_PACKAGE=copilot-api@latest`.
|
||||||
|
- Existing spawn/restart behavior from Erik was preserved.
|
||||||
|
- Dashboard client coverage now reports bridge runtime state per client:
|
||||||
|
- Codex -> `codex`.
|
||||||
|
- Claude Code -> `claude-code`.
|
||||||
|
- Microsoft Copilot -> `m365-copilot-bridge`.
|
||||||
|
- GitHub Copilot -> `copilot-bridge`.
|
||||||
|
- ChatGPT/OpenAI Desktop -> `chatgpt-bridge`.
|
||||||
|
- Deployed changed dashboard artifacts and restarted only `copilot-bridge` and `llm-gateway`.
|
||||||
|
|
||||||
|
## Live Verification
|
||||||
|
|
||||||
|
- Public Gateway health: `status=ok`, database `connected`.
|
||||||
|
- Client coverage, 24h:
|
||||||
|
- Codex Desktop / CLI: `live`, bridge ready, `requestCount=3`, `tokensSaved=4067`.
|
||||||
|
- Claude Desktop / Claude Code: `live`, bridge ready, `requestCount=28`.
|
||||||
|
- Microsoft Copilot: local process detected, bridge `auth_required`.
|
||||||
|
- GitHub Copilot: local process detected, bridge `auth_required`.
|
||||||
|
- Copilot bridge direct health:
|
||||||
|
- `status=auth_required`.
|
||||||
|
- `host=127.0.0.1`.
|
||||||
|
- `copilot_api_package=copilot-api@latest`.
|
||||||
|
- Detail: authorize GitHub device login shown in bridge logs.
|
||||||
|
- Fresh compression proof:
|
||||||
|
- Request `chatcmpl-1778621358742-cascdms`.
|
||||||
|
- Caller `final-repeat-compression-smoke`.
|
||||||
|
- Model `qwen2.5:14b`.
|
||||||
|
- Compression `ctxlean:verbatim_compact`.
|
||||||
|
- Tokens `8882 -> 106`, saved `8776`, savings `98.81%`.
|
||||||
|
|
||||||
|
## Remaining Boundaries
|
||||||
|
|
||||||
|
- Gateway tracks and compresses only traffic that enters the Gateway/Companion before provider execution.
|
||||||
|
- GitHub Copilot and Microsoft Copilot cannot be counted until their real account/device auth is completed.
|
||||||
|
- `copilot-api@latest` should be pinned before treating the GitHub Copilot bridge as fully production-stable.
|
||||||
|
- Erik direct SSH was intermittent/refused during deploy; Cloudflare SSH worked with `GODEBUG=netdns=go+1`.
|
||||||
Loading…
x
Reference in New Issue
Block a user