skip balance checks in cloud-agent and webhook triggers#35
Conversation
![kilo-code-bot[bot]](https://avatars.githubusercontent.com/in/2193792?s=60&v=4){kind=small}
|
|
||
| export function createCloudChatClient(authToken: string): CloudAgentClient { | ||
| return new CloudAgentClient(authToken, { | ||
| skipBalanceCheck: true, |
There was a problem hiding this comment.
CRITICAL: skipBalanceCheck is hard-enabled for createCloudChatClient()
createCloudChatClient() always sets skipBalanceCheck: true, which sends the x-skip-balance-check header for all requests from this client. If this is used outside of a separately-billed product surface, it effectively disables server-side balance enforcement in cloud-agent. Consider either (a) keeping skipBalanceCheck limited to explicitly separately-billed integrations (e.g. App Builder/Slack), or (b) adding an explicit server-side authorization check gating when this client can be used.
| const authToken = generateApiToken(ctx.user); | ||
| const githubToken = await getGitHubTokenForUser(ctx.user.id); | ||
| const client = createCloudAgentClient(authToken); | ||
| const client = createCloudChatClient(authToken); |
There was a problem hiding this comment.
CRITICAL: Cloud Agent router now bypasses balance validation
This router previously constructed the default client; it now uses createCloudChatClient() (see cloud-agent-router.ts), which hard-enables skipBalanceCheck. The router’s existing checkEligibility endpoint is informational only and doesn’t enforce anything on mutations/subscriptions, so this change can allow running sessions with insufficient credits unless there is another server-side gate.
Code Review SummaryStatus: 3 Issues Found | Recommendation: Address before merge Overview
Fix these issues in Kilo Cloud Issue Details (click to expand)CRITICAL
Files Reviewed (7 files)
|
pandemicsyn
changed the title
| 'Content-Type': 'application/json', | ||
| Authorization: `Bearer ${token}`, | ||
| 'x-internal-api-key': internalApiSecret, | ||
| 'x-skip-balance-check': 'true', |
There was a problem hiding this comment.
CRITICAL: Balance check bypass via x-skip-balance-check
Hard-coding x-skip-balance-check: true on the internal prepareSession call bypasses credit enforcement for webhook-trigger initiated sessions. If this header is honored in production, this is effectively a billing/eligibility bypass. It also makes the 402 handling below largely unreachable.
| 'Content-Type': 'application/json', | ||
| Authorization: `Bearer ${token}`, | ||
| 'x-internal-api-key': internalApiSecret, | ||
| 'x-skip-balance-check': 'true', |
There was a problem hiding this comment.
CRITICAL: Balance check bypass via x-skip-balance-check
Same concern as the prepareSession request above: this hard-codes a balance-check bypass on initiateFromKilocodeSessionV2, which can enable running webhook-trigger sessions without sufficient credits.
There was a problem hiding this comment.
its fine this is temporary
| : personalEligibilityQuery.isPending; | ||
| const hasInsufficientBalance = | ||
| !isEligibilityLoading && eligibilityData && !eligibilityData.isEligible; | ||
| const hasInsufficientBalance = false; |
There was a problem hiding this comment.
CRITICAL: Hard-coded hasInsufficientBalance = false disables eligibility gating
This forces the UI to treat every user/org as eligible, regardless of what the checkEligibility endpoint would return. If server-side balance checks are also being skipped, this becomes a direct billing bypass; if server-side checks still enforce, users will hit late 402 failures after form submission.
2 participants
Skip balance checks in cloud-agent and webhook triggers during kilo league