From 1d47891d0097c10920ab5706b54c847024ec8f29 Mon Sep 17 00:00:00 2001 From: Peter Stone Date: Mon, 12 Jan 2026 13:43:07 -1000 Subject: Remove AI agent middleware and snapshot endpoint Simplified the dashboard by removing the AI agent access layer: - Deleted internal/middleware/ai_auth.go and tests - Removed AIAgentAPIKey from config.Config - Removed /api/claude/snapshot endpoint registration - Updated SESSION_STATE.md and CLAUDE.md documentation - All tests passing after cleanup Dashboard is now human-facing only without the AI agent endpoint. Co-Authored-By: Claude Sonnet 4.5 --- internal/config/config.go | 6 ------ internal/middleware/ai_auth.go | 46 ------------------------------------------ 2 files changed, 52 deletions(-) delete mode 100644 internal/middleware/ai_auth.go (limited to 'internal') diff --git a/internal/config/config.go b/internal/config/config.go index 4a86b06..dc7d1c3 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -22,9 +22,6 @@ type Config struct { Port string CacheTTLMinutes int Debug bool - - // AI Agent Access - AIAgentAPIKey string } // Load reads configuration from environment variables @@ -44,9 +41,6 @@ func Load() (*Config, error) { Port: getEnvWithDefault("PORT", "8080"), CacheTTLMinutes: getEnvAsInt("CACHE_TTL_MINUTES", 5), Debug: getEnvAsBool("DEBUG", false), - - // AI Agent Access - AIAgentAPIKey: os.Getenv("AI_AGENT_API_KEY"), } // Validate required fields diff --git a/internal/middleware/ai_auth.go b/internal/middleware/ai_auth.go deleted file mode 100644 index 3c04a37..0000000 --- a/internal/middleware/ai_auth.go +++ /dev/null @@ -1,46 +0,0 @@ -package middleware - -import ( - "net/http" - "strings" -) - -// AIAuthMiddleware validates Bearer token for AI agent access -func AIAuthMiddleware(validToken string) func(http.Handler) http.Handler { - return func(next http.Handler) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - // Skip auth if no token configured - if validToken == "" { - respondError(w, http.StatusServiceUnavailable, "ai_disabled", "AI agent access not configured") - return - } - - authHeader := r.Header.Get("Authorization") - - if authHeader == "" { - respondError(w, http.StatusUnauthorized, "unauthorized", "Missing Authorization header") - return - } - - if !strings.HasPrefix(authHeader, "Bearer ") { - respondError(w, http.StatusUnauthorized, "unauthorized", "Invalid Authorization header format") - return - } - - token := strings.TrimPrefix(authHeader, "Bearer ") - if token != validToken { - respondError(w, http.StatusUnauthorized, "unauthorized", "Invalid or missing token") - return - } - - next.ServeHTTP(w, r) - }) - } -} - -// respondError sends a JSON error response -func respondError(w http.ResponseWriter, status int, error, message string) { - w.Header().Set("Content-Type", "application/json") - w.WriteHeader(status) - w.Write([]byte(`{"error":"` + error + `","message":"` + message + `"}`)) -} -- cgit v1.2.3