Add read-only companion endpoints (ping/info/owner-scoped models) (#863)

First, smallest cut of a LAN companion bridge (split out of #855 per review): a thin, additive, read-only layer so a LAN client can discover what a server offers. No new LLM logic; auth is enforced by the existing AuthMiddleware. - GET /api/companion/ping -- cheap auth-validated health check - GET /api/companion/info -- server identity + capability flags - GET /api/companion/models -- the CALLER's own model endpoints /models scopes to the caller's real owner (the token's owner for bearer callers) plus legacy null-owner shared rows, mirroring owner_filter, and never returns api_key material. The owner rule lives in two pure helpers (token_owner, owner_can_see) with direct tests proving a token for owner A cannot see owner B's rows and that null-owner rows don't widen access.
2026-06-17 02:05:22 -04:00 · 2026-06-02 06:20:53 +04:00
parent 4a84a895a0
commit 000bd6d1ab
5 changed files with 235 additions and 0 deletions
@@ -0,0 +1,10 @@
+"""Odysseus companion bridge — additive, read-only LAN endpoints.
+
+Exposes /api/companion/ping, /info, and an owner-scoped /models so a LAN client
+can discover what a server offers. No new LLM logic; auth is enforced by the
+existing AuthMiddleware. See companion/README.md.
+"""
+
+from companion.routes import setup_companion_routes
+
+__all__ = ["setup_companion_routes"]