rene/llm-gateway
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
llm-gateway/sync/history/2026-05-12-gateway-final-hardening.md
Rene Fichtmueller b15b8da963 sync: record gateway final hardening
2026-05-12 23:31:02 +02:00

44 lines
2.1 KiB
Markdown
Raw Blame History

# LLM Gateway Final Hardening Handoff — 2026-05-12
## Summary
- Hardened GitHub Copilot bridge:
- Loopback-only default: `COPILOT_BRIDGE_HOST=127.0.0.1`.
- Health endpoint remains available when underlying `copilot-api` is starting, unavailable, or auth-blocked.
- Health now reports `auth_required`, package/version, last startup/output, and warns while `COPILOT_API_PACKAGE=copilot-api@latest`.
- Existing spawn/restart behavior from Erik was preserved.
- Dashboard client coverage now reports bridge runtime state per client:
- Codex -> `codex`.
- Claude Code -> `claude-code`.
- Microsoft Copilot -> `m365-copilot-bridge`.
- GitHub Copilot -> `copilot-bridge`.
- ChatGPT/OpenAI Desktop -> `chatgpt-bridge`.
- Deployed changed dashboard artifacts and restarted only `copilot-bridge` and `llm-gateway`.
## Live Verification
- Public Gateway health: `status=ok`, database `connected`.
- Client coverage, 24h:
- Codex Desktop / CLI: `live`, bridge ready, `requestCount=3`, `tokensSaved=4067`.
- Claude Desktop / Claude Code: `live`, bridge ready, `requestCount=28`.
- Microsoft Copilot: local process detected, bridge `auth_required`.
- GitHub Copilot: local process detected, bridge `auth_required`.
- Copilot bridge direct health:
- `status=auth_required`.
- `host=127.0.0.1`.
- `copilot_api_package=copilot-api@latest`.
- Detail: authorize GitHub device login shown in bridge logs.
- Fresh compression proof:
- Request `chatcmpl-1778621358742-cascdms`.
- Caller `final-repeat-compression-smoke`.
- Model `qwen2.5:14b`.
- Compression `ctxlean:verbatim_compact`.
- Tokens `8882 -> 106`, saved `8776`, savings `98.81%`.
## Remaining Boundaries
- Gateway tracks and compresses only traffic that enters the Gateway/Companion before provider execution.
- GitHub Copilot and Microsoft Copilot cannot be counted until their real account/device auth is completed.
- `copilot-api@latest` should be pinned before treating the GitHub Copilot bridge as fully production-stable.
- Erik direct SSH was intermittent/refused during deploy; Cloudflare SSH worked with `GODEBUG=netdns=go+1`.
Reference in New Issue View Git Blame Copy Permalink