Skip to content

Commit f9b8cd8

Browse files
committed
fix(settings): address Codex bot review round 2 on CPA auto-discovery
- Auto-discovery never sends the API key. The key is only transmitted on explicit user actions ("Test connection" button, Save). Removes implicit credential transmission to typo'd or untrusted endpoints during incremental baseUrl/wire edits. - Move discovery status strings from `settings.providers.cliProxyApi.*` to `settings.providers.custom.*`. The modal renders these for every custom provider, not just CPA, so the copy must be provider-agnostic. Changed "Could not connect to CPA" → "Could not auto-discover models". Signed-off-by: hqhq1025 <1506751656@qq.com>
1 parent ed35872 commit f9b8cd8

3 files changed

Lines changed: 17 additions & 17 deletions

File tree

apps/desktop/src/renderer/src/components/AddCustomProviderModal.tsx

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -110,26 +110,26 @@ export function AddCustomProviderModal({
110110
const debounceTimer = useRef<ReturnType<typeof setTimeout> | null>(null);
111111
const discoverySeq = useRef(0);
112112

113-
function scheduleDiscovery(currentBaseUrl: string, currentApiKey: string, currentWire: WireApi) {
113+
function scheduleDiscovery(currentBaseUrl: string, currentWire: WireApi) {
114114
if (debounceTimer.current !== null) clearTimeout(debounceTimer.current);
115115
if (!currentBaseUrl.trim().match(/^https?:\/\//)) {
116116
setDiscovery({ kind: 'idle' });
117117
return;
118118
}
119119
debounceTimer.current = setTimeout(() => {
120-
void runDiscovery(currentBaseUrl, currentApiKey, currentWire);
120+
void runDiscovery(currentBaseUrl, currentWire);
121121
}, 500);
122122
}
123123

124-
async function runDiscovery(currentBaseUrl: string, currentApiKey: string, currentWire: WireApi) {
124+
async function runDiscovery(currentBaseUrl: string, currentWire: WireApi) {
125125
if (!window.codesign?.config) return;
126126
const seq = ++discoverySeq.current;
127127
setDiscovery({ kind: 'discovering' });
128128
try {
129129
const res = await window.codesign.config.testEndpoint({
130130
wire: currentWire,
131131
baseUrl: currentBaseUrl.trim(),
132-
apiKey: currentApiKey.trim(),
132+
apiKey: '',
133133
});
134134
if (seq !== discoverySeq.current) return;
135135
if (res.ok && res.models.length > 0) {
@@ -150,7 +150,7 @@ export function AddCustomProviderModal({
150150
setBaseUrl(v);
151151
if (wireAuto) setWire(detectWireFromBaseUrl(v));
152152
setTest({ kind: 'idle' });
153-
scheduleDiscovery(v, apiKey, wireAuto ? detectWireFromBaseUrl(v) : wire);
153+
scheduleDiscovery(v, wireAuto ? detectWireFromBaseUrl(v) : wire);
154154
}
155155

156156
function handleApiKeyChange(v: string) {
@@ -160,7 +160,7 @@ export function AddCustomProviderModal({
160160
function handleWireChange(v: WireApi) {
161161
setWire(v);
162162
setWireAuto(false);
163-
scheduleDiscovery(baseUrl, apiKey, v);
163+
scheduleDiscovery(baseUrl, v);
164164
}
165165

166166
function handleModelSelect(v: string) {
@@ -348,19 +348,19 @@ export function AddCustomProviderModal({
348348
discovery.kind === 'discovering' ? (
349349
<span className="inline-flex items-center gap-1 text-[var(--text-xs)] text-[var(--color-text-muted)]">
350350
<Loader2 className="w-3 h-3 animate-spin" />
351-
{t('settings.providers.cliProxyApi.discoveringModels')}
351+
{t('settings.providers.custom.discoveringModels')}
352352
</span>
353353
) : discovery.kind === 'found' ? (
354354
<span className="inline-flex items-center gap-1 text-[var(--text-xs)] text-[var(--color-success)]">
355355
<Check className="w-3 h-3" />
356-
{t('settings.providers.cliProxyApi.discoveredModels', {
356+
{t('settings.providers.custom.discoveredModels', {
357357
count: discovery.models.length,
358358
})}
359359
</span>
360360
) : discovery.kind === 'failed' ? (
361361
<span className="inline-flex items-center gap-1 text-[var(--text-xs)] text-[var(--color-text-muted)]">
362362
<AlertCircle className="w-3 h-3" />
363-
{t('settings.providers.cliProxyApi.discoveryFailed')}
363+
{t('settings.providers.custom.discoveryFailed')}
364364
</span>
365365
) : null
366366
}

packages/i18n/src/locales/en.json

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -217,6 +217,9 @@
217217
"defaultModel": "Default model",
218218
"switchToManual": "Enter manually",
219219
"switchToDropdown": "Pick from list",
220+
"discoveringModels": "Discovering models...",
221+
"discoveredModels": "Found {{count}} models",
222+
"discoveryFailed": "Could not auto-discover models",
220223
"test": "Test connection",
221224
"testOk": "OK — {{count}} models available",
222225
"save": "Save & continue",
@@ -307,10 +310,7 @@
307310
"presetName": "CLIProxyAPI",
308311
"presetDescription": "Local proxy that wraps Claude/Codex/Gemini OAuth subscriptions",
309312
"apiKeyOptional": "API key only required if you configured `api-keys` in CPA config.yaml",
310-
"thinkingHint": "Tip: append `(high)` / `(xhigh)` / `(8192)` to model name to control thinking budget",
311-
"discoveringModels": "Discovering models...",
312-
"discoveredModels": "Found {{count}} models",
313-
"discoveryFailed": "Could not connect to CPA"
313+
"thinkingHint": "Tip: append `(high)` / `(xhigh)` / `(8192)` to model name to control thinking budget"
314314
},
315315
"reasoning": {
316316
"label": "Reasoning depth",

packages/i18n/src/locales/zh-CN.json

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -217,6 +217,9 @@
217217
"defaultModel": "默认模型",
218218
"switchToManual": "手动输入",
219219
"switchToDropdown": "从列表选择",
220+
"discoveringModels": "正在发现模型…",
221+
"discoveredModels": "发现 {{count}} 个模型",
222+
"discoveryFailed": "无法自动发现模型",
220223
"test": "测试连接",
221224
"testOk": "正常 — 共 {{count}} 个模型",
222225
"save": "保存并继续",
@@ -307,10 +310,7 @@
307310
"presetName": "CLIProxyAPI",
308311
"presetDescription": "本地反代,将 Claude/Codex/Gemini 的订阅账号包装成统一 API",
309312
"apiKeyOptional": "仅当你在 CPA config.yaml 里配置了 api-keys 才需要填",
310-
"thinkingHint": "提示:在 model 名后加 `(high)` / `(xhigh)` / `(8192)` 可控制思考力度",
311-
"discoveringModels": "正在发现模型…",
312-
"discoveredModels": "发现 {{count}} 个模型",
313-
"discoveryFailed": "连接 CPA 失败"
313+
"thinkingHint": "提示:在 model 名后加 `(high)` / `(xhigh)` / `(8192)` 可控制思考力度"
314314
},
315315
"reasoning": {
316316
"label": "推理深度",

0 commit comments

Comments
 (0)