Skip to content

Add PicoClaw provider/auth UI and model testing#825

Open
ethanperrine wants to merge 1 commit into
sipeed:mainfrom
ethanperrine:main
Open

Add PicoClaw provider/auth UI and model testing#825
ethanperrine wants to merge 1 commit into
sipeed:mainfrom
ethanperrine:main

Conversation

@ethanperrine

Copy link
Copy Markdown
Contributor

Rework PicoClaw model configuration into a provider/auth/provider-model UI and server-side support for testing and OAuth orchestration. Changes include:

  • HTTP routes for model config, model test, and auth status/login/logout/callback in the router.
  • OAuth orchestration that uses the picoclaw binary device-code flow; stores non-secret auth hints in a sidecar file and exposes availability/authenticated flags.
  • Model Test endpoint that runs a minimal prompt against configured providers, classifies outcomes (auth, model, endpoint, network, parser, etc.), and returns a redacted result with a server log reference.
  • Persist provider/auth/model selection to a non-secret .nanokvm-model.json sidecar and ensure API keys are written only to .security.yml (0600). Preserving unrelated top-level keys when reading/writing .security.yml.
  • Introduced typed model config handling (validation of provider/auth/method, key management semantics: set/keep/clear) and robust save/apply logic.
  • Added build-deploy.sh for cross-compiling and deploying the server to NanoKVM devices.
  • Frontend and i18n/jotai updates to support the new UI and flows.

Security: API keys are never returned in API responses or logs; OAuth tokens remain inside the picoclaw binary. Several new files and server handlers implement these behaviors and error codes for auth/model-test flows.

Rework PicoClaw model configuration into a full provider/auth/provider-model UI and add server-side support for testing and OAuth orchestration. Changes include:

- New HTTP routes for model config, model test, and auth status/login/logout/callback in the router.
- Added OAuth orchestration that drives the picoclaw binary device-code flow without exposing secrets to the frontend; stores non-secret auth hints in a sidecar file and exposes availability/authenticated flags.
- Implemented a Model Test endpoint that runs a minimal prompt against configured providers, classifies outcomes (auth, model, endpoint, network, parser, etc.), and returns a redacted result with a server log reference.
- Persist provider/auth/model selection to a non-secret .nanokvm-model.json sidecar and ensure API keys are written only to .security.yml (0600). Preserving unrelated top-level keys when reading/writing .security.yml.
- Introduced typed model config handling (validation of provider/auth/method, key management semantics: set/keep/clear) and robust save/apply logic.
- Added build-deploy.sh for cross-compiling and deploying the server to NanoKVM devices.
- Frontend and i18n/jotai updates to support the new UI and flows.

Security: API keys are never returned in API responses or logs; OAuth tokens remain inside the picoclaw binary. Several new files and server handlers implement these behaviors and error codes for auth/model-test flows.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant