From 4c4cbd44dab25856182b8dec8c887c519465e512 Mon Sep 17 00:00:00 2001 From: VooDisss Date: Fri, 27 Mar 2026 18:34:51 +0200 Subject: [PATCH] fix(auth): avoid leaking or over-persisting affinity keys Stop using one-shot idempotency keys as long-lived auth-affinity identifiers and remove raw affinity-key values from debug logs so sticky routing keeps its continuity benefits without creating avoidable memory growth or credential exposure risks. --- sdk/api/handlers/handlers.go | 2 -- sdk/cliproxy/auth/conductor.go | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/sdk/api/handlers/handlers.go b/sdk/api/handlers/handlers.go index 5fc1154e..420d1fcc 100644 --- a/sdk/api/handlers/handlers.go +++ b/sdk/api/handlers/handlers.go @@ -211,8 +211,6 @@ func requestExecutionMetadata(ctx context.Context) map[string]any { if executionSessionID := executionSessionIDFromContext(ctx); executionSessionID != "" { meta[coreexecutor.ExecutionSessionMetadataKey] = executionSessionID meta[authAffinityMetadataKey] = executionSessionID - } else if explicitIdempotencyKey != "" { - meta[authAffinityMetadataKey] = explicitIdempotencyKey } else if ctx != nil { if ginCtx, ok := ctx.Value("gin").(*gin.Context); ok && ginCtx != nil { if apiKey, exists := ginCtx.Get("apiKey"); exists && apiKey != nil { diff --git a/sdk/cliproxy/auth/conductor.go b/sdk/cliproxy/auth/conductor.go index 6ef13baa..147b0ece 100644 --- a/sdk/cliproxy/auth/conductor.go +++ b/sdk/cliproxy/auth/conductor.go @@ -2277,7 +2277,7 @@ func (m *Manager) persistAuthAffinity(entry *log.Entry, opts cliproxyexecutor.Op if affinityKey := authAffinityKeyFromMetadata(opts.Metadata); affinityKey != "" { m.SetAuthAffinity(affinityKey, authID) if entry != nil && log.IsLevelEnabled(log.DebugLevel) { - entry.Debugf("auth affinity pinned key=%s auth_id=%s provider=%s model=%s", affinityKey, authID, provider, model) + entry.Debugf("auth affinity pinned auth_id=%s provider=%s model=%s", authID, provider, model) } } }