Skip to content

Catalog refactor and security/quality hardening pass#59

Merged
Patel230 merged 14 commits into
mainfrom
feature/wip-20260705
Jul 8, 2026
Merged

Catalog refactor and security/quality hardening pass#59
Patel230 merged 14 commits into
mainfrom
feature/wip-20260705

Conversation

@Patel230

@Patel230 Patel230 commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Add fuzz CI job for guardrails, message sanitization, and cache-key fuzz targets
  • Catalog v1 spec parsing, provider discovery/refresh, live enrichment, and deployment routing refactor
  • Remove deprecated legacy catalog shim

Test plan

  • go build ./...
  • go vet ./...
  • go test ./...
  • govulncheck ./...

Patel230 added 12 commits July 7, 2026 13:16
…RSION

- Remove broken internal/version/ package (embedding stale 0.1.0 copy)
- Add root version.go with //go:embed VERSION (resolves to root VERSION)
- Revert client/client.go to SetVersion pattern (version set by root init)
- Remove legacy migration code (migrate.go, EnsureDeploymentConfigV2, etc.)
- Add deploymentOwnerProviderID for poolside/groq-direct routing
api.poolside.ai does not resolve — Poolside runs on Baseten
(inference.poolside.ai). Verified with curl that models endpoint
returns available models (laguna-m.1, laguna-xs.2).
Both providers were missing FetchPoolside and FetchGroq functions
and were not registered in the live.Registry map, causing
'live: unknown fetcher' errors during catalog discovery.

Also updates the parity test assertion from 19 to 21 providers.
Adds mock HTTP server tests, no-key tests, and JSON parsing tests
for both FetchPoolside and FetchGroq, following the same pattern
as existing provider tests (grok, kimi, etc.).
Adds ClinePass as an OpenAI-compatible provider using the
https://api.cline.bot/api/v1 endpoint with CLINE_API_KEY auth.

Wires through all layers: provider spec, env config, profile,
runtime profile, routing, live fetcher, client registry,
compat config, deployment, and tests.
Cline API does not expose a GET /models endpoint, so credential
probing fails with HTTP 404. Changed ProbeKind to ProbeNone (key
is saved without validation). Live fetcher returns a curated
static list of 10 known ClinePass models instead of hitting the
API.
- Add fuzz CI job for guardrails, message sanitization, and cache-key
  fuzz targets
- Catalog v1 spec parsing, provider discovery/refresh, live enrichment,
  and deployment routing refactor
- Remove deprecated legacy catalog shim
@Patel230 Patel230 merged commit a914d20 into main Jul 8, 2026
10 of 12 checks passed
@Patel230 Patel230 deleted the feature/wip-20260705 branch July 8, 2026 17:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant