Skip to content

Prevent POST /dev/unload behind an opt-in setting#483

Open
sanjaygulati13 wants to merge 1 commit into
remsky:masterfrom
sanjaygulati13:fix/gate-dev-unload
Open

Prevent POST /dev/unload behind an opt-in setting#483
sanjaygulati13 wants to merge 1 commit into
remsky:masterfrom
sanjaygulati13:fix/gate-dev-unload

Conversation

@sanjaygulati13

Copy link
Copy Markdown

Currently /dev/unload is mounted by default with no authentication, so any caller that can reach the API can unload the active model from memory and can possibly force repeated reload cycles (#478).

Added an allow_dev_unload setting (default False) and return 403 when disabled. The endpoint is off by default and can be re-enabled with ALLOW_DEV_UNLOAD=true for trusted deployments.

Testing: uv run pytest (94 tests passed, I have included a new 403-when-disabled test) plus tried live, non-Docker run and I confirm /dev/unload returns 403 by default and 200 with ALLOW_DEV_UNLOAD=true set.

Did not test via Docker Compose or on CUDA hardware (I have Apple Silicon Mac). The change is a config flag and an early return guard with no docker container or GPU specific paths, but appreciate if someone else can confirm on other environments.

Currently /dev/unload is mounted by default with no authentication, so any caller that can reach the API can unload the active model from memory and can possibly force repeated reload cycles (remsky#478).

Add an 'allow_dev_unload' setting (default False) and return 403 when disabled, so the endpoint is off by default and can be re-enabled with ALLOW_DEV_UNLOAD=true for trusted deployments.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant