Skip to content

Require confirmation for custom OpenAI-compatible endpoints#264

Draft
leoz9 wants to merge 1 commit into
linyqh:mainfrom
leoz9:codex/warn-custom-base-url
Draft

Require confirmation for custom OpenAI-compatible endpoints#264
leoz9 wants to merge 1 commit into
linyqh:mainfrom
leoz9:codex/warn-custom-base-url

Conversation

@leoz9

@leoz9 leoz9 commented Jul 2, 2026

Copy link
Copy Markdown

Summary

  • Require explicit UI confirmation before saving or testing an untrusted custom OpenAI-compatible base_url.
  • Reuse the existing trusted-host warning logic and apply it to both vision and text model settings.
  • Add regression coverage for the confirmation decision helper.

Why

This strengthens the mitigation discussed in #253: a custom OpenAI-compatible endpoint receives the configured API key during connection tests and generation. The UI now makes that trust decision explicit before using an untrusted endpoint.

Validation

  • uv run pytest app/services/llm/test_openai_compat_unittest.py -q
  • uv run python -m json.tool webui/i18n/zh.json >/dev/null && uv run python -m json.tool webui/i18n/en.json >/dev/null
  • uv run pytest tests/test_generate_script_docu_unittest.py -q

Refs #253

@leoz9 leoz9 changed the title [codex] Require confirmation for custom OpenAI-compatible endpoints Require confirmation for custom OpenAI-compatible endpoints Jul 2, 2026
@leoz9 leoz9 force-pushed the codex/warn-custom-base-url branch from fea71ea to dc67420 Compare July 2, 2026 08:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant