000bd6d1ab
First, smallest cut of a LAN companion bridge (split out of #855 per review): a thin, additive, read-only layer so a LAN client can discover what a server offers. No new LLM logic; auth is enforced by the existing AuthMiddleware. - GET /api/companion/ping -- cheap auth-validated health check - GET /api/companion/info -- server identity + capability flags - GET /api/companion/models -- the CALLER's own model endpoints /models scopes to the caller's real owner (the token's owner for bearer callers) plus legacy null-owner shared rows, mirroring owner_filter, and never returns api_key material. The owner rule lives in two pure helpers (token_owner, owner_can_see) with direct tests proving a token for owner A cannot see owner B's rows and that null-owner rows don't widen access.
Companion bridge (read-only)
A thin, additive layer so a LAN client can discover what an Odysseus server
offers, without duplicating any LLM logic. Reachable with either a logged-in
cookie session or a Bearer ody_ API token (auth is enforced globally by
AuthMiddleware).
| Method | Path | Purpose |
|---|---|---|
| GET | /api/companion/ping |
cheap, auth-validated health check |
| GET | /api/companion/info |
server identity + capability flags |
| GET | /api/companion/models |
the caller's own model endpoints |
/models scopes to the caller's real owner (the token's owner for bearer
callers) plus legacy null-owner shared rows, the same rule as owner_filter. It
never returns API-key material. The owner rule lives in two pure, tested helpers
(token_owner, owner_can_see) — see tests/test_companion_readonly.py.
This module is intentionally read-only. Pairing/token-minting, token-owner session attribution, and any mutation endpoints are proposed in separate PRs.