docs(adr,openrouter): ADR-0020 — localhost-callback-only OAuth PKCE (Phase 0 prereq)#409
Merged
Merged
Conversation
…Phase 0 OpenRouter prereq) DA must-fix #4 from the OpenRouter integration analysis: OAuth PKCE callback re-introduces an auth surface ADR-0012 stripped. ADR-0020 constrains the callback to 127.0.0.1 only — ADR-0012's LAN-trust posture holds; users SSH-tunnel :8080 to complete the OR handshake. Scaffolds: - src/hal0/api/openrouter/auth.py — callback route (501; V1 fills in) - src/hal0/api/openrouter/_loopback.py — is_loopback_host helper - /api/openrouter/auth/callback enforces loopback guard from day 1 V1 (OpenRouter-as-Hermes-upstream) lands the actual code-exchange flow on top of this scaffold. Refs openrouter-research-2026-05-28/PLANNING.md §3 Phase 0 + §5 Q1. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
4 tasks
thinmintdev
added a commit
that referenced
this pull request
May 29, 2026
End-of-stream cut for v0.3. Bundles MCP-completion, memory-map redesign, Settings → Updates fix (#386), silent-eviction dispatcher recovery (#392), ADR-0020 OpenRouter callback skeleton (#409), persona spending-cap primitive (#411), δ-harness Hermes coverage (#410), and the docs/internal pin + dashboard-v3 walkthrough (#389/#390). After this tag, active scope rolls to v0.4 (install-mode reconciliation + UI polish + fully-implemented Agents/UI/Install bootstrapped) and v0.5 (MCP admin + memory wiring across UI and agents). CHANGELOG merged from two coexisting Unreleased blocks into a single [v0.3.2-alpha.1] section; added missing entries for #392 (dispatcher), #387 (async-job polling contract), and the docs PRs #389/#390. pyproject 0.3.1-alpha.1 → 0.3.2-alpha.1. uv.lock resynced (was stuck at 0.3.0a1 from prior drift). Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
/api/openrouter/auth/callbackreturns 501 (V1 fills in the exchange flow)is_loopback_hosthelper + per-route guard enforce the constraint from day 1Why now
DA review of the OpenRouter integration plan flagged this as P0 must-fix #4 (OAuth PKCE callback re-opens auth surface). ADR-0020 ships the architectural decision so V1 has a baseline that respects ADR-0012.
Test plan
is_loopback_hosttruth table (loopback literals accepted; LAN/public/empty rejected; 127.0.0.2 rejected — strict allowlist not /8 CIDR)adr: ADR-0020pointererror: loopback_requiredtyped enveloperequire_loopbackhelper raises HTTPException(403) for fabricated LAN Request scoperequire_loopbackhelper fail-closes on missing ASGI client tupleruff format --check src/ tests/cleanruff check src/ tests/cleanmypy src/hal0/api/openrouter/clean (0 errors in new module)tests/api/test_openrouter_auth_loopback.pyRefs
openrouter-research-2026-05-28/PLANNING.md§3 Phase 0 + §5 Q1.🤖 Generated with Claude Code