Add externally managed API key safety controls#20
Conversation
|
Thanks for this PR! We appreciate the work, but after reviewing it we're going to take a different approach. The real issueThe core problem this PR solves — rejecting a funded API key when the local Cashu wallet has zero balance — is a real bug, but it lives in a single function:
The fix we're going withSkip the wallet balance check in private async _checkBalance(baseUrl: string): Promise<void> {
if (this.mode === "apikeys" && this.storageAdapter.getApiKey(baseUrl)) {
return; // funded key exists, balance lives on the provider
}
// ...existing check
}PR #24 implements this. Importing existing keysUsers who already have a funded API key just import it into the SDK storage before making requests — no new config flags or modes needed: storage.setApiKey("https://provider.example/", "sk-existing-key");
const response = await client.routeRequest({ ... });The SDK then manages the key normally (refunds, topups, failover all still work), which gives users better recovery behavior than the Why not the external modeThe Closing this in favor of #24. Thanks again for the work! |
|
I see that you already have a cashu wallet in there, you should be able to easily plug it into routstr-sdk. it plugs a cli wallet to the sdk, but you can plug any wallet very easily. Pls let me know if you face further issues here |
Summary
apiKeyManagement: "external"policy for applications that already own funded Routstr sessionsautoProviderFailover: falsefor applications that also own provider selectionRoutstrClient,resolveRequestContext,fetchAIResponse, androuteRequestsWhy
Some clients persist and synchronize funded Routstr API-key sessions separately from their device-local Cashu wallets. In that setup, the current
apikeysrequest path has two risky incompatibilities:That can break a valid funded session on a device with an empty local wallet, or move a shared provider balance into one device's wallet unexpectedly.
This PR keeps all existing defaults unchanged. The safe external policy is explicit:
Balance metadata may still be refreshed after a successful request, but the request pipeline never moves funds or changes the externally owned key. Explicit
BalanceManagercalls remain available to callers.Validation
pnpm exec vitest run tests/unit/externalApiKeyManagement.test.ts— 4 passedpnpm exec vitest run tests/unit --exclude tests/unit/providerManagerPricing.test.ts— 54 passedpnpm run build— ESM, CJS, and declarations built successfullyThe complete unit command currently reports four pre-existing failures in
providerManagerPricing.test.ts: production uses a 420,000 ms cooldown while those tests expect 42,000 ms. This patch does not touch that code.