Skip to content

fix(yaad): fix gRPC auth, HTTP status, privacy filter#36

Merged
Patel230 merged 1 commit into
mainfrom
fix/yaad-issues
Jul 17, 2026
Merged

fix(yaad): fix gRPC auth, HTTP status, privacy filter#36
Patel230 merged 1 commit into
mainfrom
fix/yaad-issues

Conversation

@Patel230

Copy link
Copy Markdown
Contributor

Fix gRPC authentication, HTTP status handling, and privacy filter.

…vacy-filtered exports

CRITICAL SECURITY FIXES:
- Add WithAPIKey() for gRPC server authentication with constant-time token comparison
- Check HTTP status codes in OpenAI embedding provider (prevents silent data corruption)
- Apply privacy filter to exported memory content

These changes address:
- CRITICAL: Unauthenticated gRPC server exposure
- HIGH: OpenAI embedding ignoring HTTP errors that could produce bogus data
- HIGH: Memory exports containing raw secrets without privacy filtering
@Patel230
Patel230 merged commit b672d5c into main Jul 17, 2026
12 checks passed
@Patel230
Patel230 deleted the fix/yaad-issues branch July 17, 2026 07:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant