nomyo-ai/nomyo-router
2
2
Fork 0
Code Issues 1 Pull requests 10 Projects Releases 9 Packages 1 Wiki Activity Actions

dev-0.9.x -> main #76

Merged
alpha-nerd merged 15 commits from dev-0.9.x into main 2026-05-15 09:16:11 +02:00
Conversation 4 Commits 15 Files changed 8 +611 -84
alpha-nerd commented 2026-05-13 15:02:27 +02:00
Owner
Copy link

prep new release

prep new release
alpha-nerd added 11 commits 2026-05-13 15:02:28 +02:00 
add opencode bot for automatic issue management
Reviewed-on: https://bitfreedom.net/code/code/nomyo-ai/nomyo-router/pulls/72
.forgejo/workflows/nyxscanner.yml aktualisiert
Some checks failed
NYX Security Scan / nyx-scan (pull_request) Failing after 6m31s
Details
f4bc272e0b 
Reviewed-on: https://bitfreedom.net/code/code/nomyo-ai/nomyo-router/pulls/75
fix: removed dead config key
Some checks failed
NYX Security Scan / nyx-scan (pull_request) Failing after 7m3s
Details
84e3b30f2f
alpha-nerd commented 2026-05-13 15:09:29 +02:00
Author
Owner
Copy link

🔴 NYX found 14 issue(s)

  • ERROR router.py:1279:38 [py.auth.token_override_without_validation] — token acceptance flow writes through oclient.chat.completions.create without validating that token expiration is not validated, token recipient identity is not validated
  • ERROR router.py:2053:35 [py.auth.token_override_without_validation] — token acceptance flow writes through oclient.completions.create without validating that token expiration is not validated, token recipient identity is not validated
  • ERROR router.py:2289:39 [py.auth.token_override_without_validation] — token acceptance flow writes through oclient.chat.completions.create without validating that token expiration is not validated, token recipient identity is not validated
  • ERROR router.py:2451:35 [py.auth.token_override_without_validation] — token acceptance flow writes through client.embeddings.create without validating that token expiration is not validated, token recipient identity is not validated
  • ERROR router.py:2516:35 [py.auth.token_override_without_validation] — token acceptance flow writes through client.embeddings.create without validating that token expiration is not validated, token recipient identity is not validated
  • ERROR router.py:2573:24 [py.auth.token_override_without_validation] — token acceptance flow writes through client.create without validating that token expiration is not validated, token recipient identity is not validated
  • ERROR router.py:2773:26 [py.auth.token_override_without_validation] — token acceptance flow writes through client.delete without validating that token expiration is not validated, token recipient identity is not validated
  • ERROR router.py:3253:27 [py.auth.token_override_without_validation] — token acceptance flow writes through oclient.embeddings.create without validating that token expiration is not validated, token recipient identity is not validated
  • ERROR router.py:3487:35 [py.auth.token_override_without_validation] — token acceptance flow writes through oclient.chat.completions.create without validating that token expiration is not validated, token recipient identity is not validated
  • ERROR router.py:3680:27 [py.auth.token_override_without_validation] — token acceptance flow writes through oclient.completions.create without validating that token expiration is not validated, token recipient identity is not validated
  • WARNING db.py:26:21 [state-resource-leak] — resource self is never closed
  • WARNING router.py:1:1 [state-resource-leak] — resource aspect_ratio is never closed
  • WARNING router.py:1421:9 [cfg-resource-leak] — Image.open acquires file handle but not all exit paths release it
  • NOTE router.py:486:12 [py.crypto.sha1] — hashlib.sha1() uses a weak hash algorithm
## 🔴 NYX found 14 issue(s) - **ERROR** `router.py:1279:38` [py.auth.token_override_without_validation] — token acceptance flow writes through `oclient.chat.completions.create` without validating that token expiration is not validated, token recipient identity is not validated - **ERROR** `router.py:2053:35` [py.auth.token_override_without_validation] — token acceptance flow writes through `oclient.completions.create` without validating that token expiration is not validated, token recipient identity is not validated - **ERROR** `router.py:2289:39` [py.auth.token_override_without_validation] — token acceptance flow writes through `oclient.chat.completions.create` without validating that token expiration is not validated, token recipient identity is not validated - **ERROR** `router.py:2451:35` [py.auth.token_override_without_validation] — token acceptance flow writes through `client.embeddings.create` without validating that token expiration is not validated, token recipient identity is not validated - **ERROR** `router.py:2516:35` [py.auth.token_override_without_validation] — token acceptance flow writes through `client.embeddings.create` without validating that token expiration is not validated, token recipient identity is not validated - **ERROR** `router.py:2573:24` [py.auth.token_override_without_validation] — token acceptance flow writes through `client.create` without validating that token expiration is not validated, token recipient identity is not validated - **ERROR** `router.py:2773:26` [py.auth.token_override_without_validation] — token acceptance flow writes through `client.delete` without validating that token expiration is not validated, token recipient identity is not validated - **ERROR** `router.py:3253:27` [py.auth.token_override_without_validation] — token acceptance flow writes through `oclient.embeddings.create` without validating that token expiration is not validated, token recipient identity is not validated - **ERROR** `router.py:3487:35` [py.auth.token_override_without_validation] — token acceptance flow writes through `oclient.chat.completions.create` without validating that token expiration is not validated, token recipient identity is not validated - **ERROR** `router.py:3680:27` [py.auth.token_override_without_validation] — token acceptance flow writes through `oclient.completions.create` without validating that token expiration is not validated, token recipient identity is not validated - **WARNING** `db.py:26:21` [state-resource-leak] — resource `self` is never closed - **WARNING** `router.py:1:1` [state-resource-leak] — resource `aspect_ratio` is never closed - **WARNING** `router.py:1421:9` [cfg-resource-leak] — `Image.open` acquires file handle but not all exit paths release it - **NOTE** `router.py:486:12` [py.crypto.sha1] — hashlib.sha1() uses a weak hash algorithm
alpha-nerd commented 2026-05-13 16:21:14 +02:00
Author
Owner
Copy link
  • py.auth.token_override_without_validation -> false positive
  • db.py misses the lifecylce close() db.py:33
  • router.py:1421:9 is real, but low -> PR will be extended
- py.auth.token_override_without_validation -> false positive - db.py misses the lifecylce close() db.py:33 - router.py:1421:9 is real, but low -> PR will be extended
alpha-nerd added 1 commit 2026-05-13 16:22:55 +02:00
alpha-nerd self-assigned this 2026-05-13 16:25:12 +02:00
alpha-nerd commented 2026-05-13 16:29:52 +02:00
Author
Owner
Copy link

🔴 NYX found 13 issue(s)

  • ERROR router.py:1279:38 [py.auth.token_override_without_validation] — token acceptance flow writes through oclient.chat.completions.create without validating that token expiration is not validated, token recipient identity is not validated
  • ERROR router.py:2053:35 [py.auth.token_override_without_validation] — token acceptance flow writes through oclient.completions.create without validating that token expiration is not validated, token recipient identity is not validated
  • ERROR router.py:2289:39 [py.auth.token_override_without_validation] — token acceptance flow writes through oclient.chat.completions.create without validating that token expiration is not validated, token recipient identity is not validated
  • ERROR router.py:2451:35 [py.auth.token_override_without_validation] — token acceptance flow writes through client.embeddings.create without validating that token expiration is not validated, token recipient identity is not validated
  • ERROR router.py:2516:35 [py.auth.token_override_without_validation] — token acceptance flow writes through client.embeddings.create without validating that token expiration is not validated, token recipient identity is not validated
  • ERROR router.py:2573:24 [py.auth.token_override_without_validation] — token acceptance flow writes through client.create without validating that token expiration is not validated, token recipient identity is not validated
  • ERROR router.py:2773:26 [py.auth.token_override_without_validation] — token acceptance flow writes through client.delete without validating that token expiration is not validated, token recipient identity is not validated
  • ERROR router.py:3253:27 [py.auth.token_override_without_validation] — token acceptance flow writes through oclient.embeddings.create without validating that token expiration is not validated, token recipient identity is not validated
  • ERROR router.py:3487:35 [py.auth.token_override_without_validation] — token acceptance flow writes through oclient.chat.completions.create without validating that token expiration is not validated, token recipient identity is not validated
  • ERROR router.py:3680:27 [py.auth.token_override_without_validation] — token acceptance flow writes through oclient.completions.create without validating that token expiration is not validated, token recipient identity is not validated
  • WARNING db.py:26:21 [state-resource-leak] — resource self is never closed
  • WARNING router.py:1:1 [state-resource-leak] — resource aspect_ratio is never closed
  • NOTE router.py:486:12 [py.crypto.sha1] — hashlib.sha1() uses a weak hash algorithm
## 🔴 NYX found 13 issue(s) - **ERROR** `router.py:1279:38` [py.auth.token_override_without_validation] — token acceptance flow writes through `oclient.chat.completions.create` without validating that token expiration is not validated, token recipient identity is not validated - **ERROR** `router.py:2053:35` [py.auth.token_override_without_validation] — token acceptance flow writes through `oclient.completions.create` without validating that token expiration is not validated, token recipient identity is not validated - **ERROR** `router.py:2289:39` [py.auth.token_override_without_validation] — token acceptance flow writes through `oclient.chat.completions.create` without validating that token expiration is not validated, token recipient identity is not validated - **ERROR** `router.py:2451:35` [py.auth.token_override_without_validation] — token acceptance flow writes through `client.embeddings.create` without validating that token expiration is not validated, token recipient identity is not validated - **ERROR** `router.py:2516:35` [py.auth.token_override_without_validation] — token acceptance flow writes through `client.embeddings.create` without validating that token expiration is not validated, token recipient identity is not validated - **ERROR** `router.py:2573:24` [py.auth.token_override_without_validation] — token acceptance flow writes through `client.create` without validating that token expiration is not validated, token recipient identity is not validated - **ERROR** `router.py:2773:26` [py.auth.token_override_without_validation] — token acceptance flow writes through `client.delete` without validating that token expiration is not validated, token recipient identity is not validated - **ERROR** `router.py:3253:27` [py.auth.token_override_without_validation] — token acceptance flow writes through `oclient.embeddings.create` without validating that token expiration is not validated, token recipient identity is not validated - **ERROR** `router.py:3487:35` [py.auth.token_override_without_validation] — token acceptance flow writes through `oclient.chat.completions.create` without validating that token expiration is not validated, token recipient identity is not validated - **ERROR** `router.py:3680:27` [py.auth.token_override_without_validation] — token acceptance flow writes through `oclient.completions.create` without validating that token expiration is not validated, token recipient identity is not validated - **WARNING** `db.py:26:21` [state-resource-leak] — resource `self` is never closed - **WARNING** `router.py:1:1` [state-resource-leak] — resource `aspect_ratio` is never closed - **NOTE** `router.py:486:12` [py.crypto.sha1] — hashlib.sha1() uses a weak hash algorithm
alpha-nerd added 1 commit 2026-05-13 17:05:41 +02:00
feat: nyx triage
Some checks failed
NYX Security Scan / nyx-scan (pull_request) Failing after 6m35s
Details
85f6f780ef
alpha-nerd commented 2026-05-13 17:27:18 +02:00
Author
Owner
Copy link

🔴 NYX found 13 issue(s)

  • ERROR router.py:1279:38 [py.auth.token_override_without_validation] — token acceptance flow writes through oclient.chat.completions.create without validating that token expiration is not validated, token recipient identity is not validated
  • ERROR router.py:2053:35 [py.auth.token_override_without_validation] — token acceptance flow writes through oclient.completions.create without validating that token expiration is not validated, token recipient identity is not validated
  • ERROR router.py:2289:39 [py.auth.token_override_without_validation] — token acceptance flow writes through oclient.chat.completions.create without validating that token expiration is not validated, token recipient identity is not validated
  • ERROR router.py:2451:35 [py.auth.token_override_without_validation] — token acceptance flow writes through client.embeddings.create without validating that token expiration is not validated, token recipient identity is not validated
  • ERROR router.py:2516:35 [py.auth.token_override_without_validation] — token acceptance flow writes through client.embeddings.create without validating that token expiration is not validated, token recipient identity is not validated
  • ERROR router.py:2573:24 [py.auth.token_override_without_validation] — token acceptance flow writes through client.create without validating that token expiration is not validated, token recipient identity is not validated
  • ERROR router.py:2773:26 [py.auth.token_override_without_validation] — token acceptance flow writes through client.delete without validating that token expiration is not validated, token recipient identity is not validated
  • ERROR router.py:3253:27 [py.auth.token_override_without_validation] — token acceptance flow writes through oclient.embeddings.create without validating that token expiration is not validated, token recipient identity is not validated
  • ERROR router.py:3487:35 [py.auth.token_override_without_validation] — token acceptance flow writes through oclient.chat.completions.create without validating that token expiration is not validated, token recipient identity is not validated
  • ERROR router.py:3680:27 [py.auth.token_override_without_validation] — token acceptance flow writes through oclient.completions.create without validating that token expiration is not validated, token recipient identity is not validated
  • WARNING db.py:26:21 [state-resource-leak] — resource self is never closed
  • WARNING router.py:1:1 [state-resource-leak] — resource aspect_ratio is never closed
  • NOTE router.py:486:12 [py.crypto.sha1] — hashlib.sha1() uses a weak hash algorithm
## 🔴 NYX found 13 issue(s) - **ERROR** `router.py:1279:38` [py.auth.token_override_without_validation] — token acceptance flow writes through `oclient.chat.completions.create` without validating that token expiration is not validated, token recipient identity is not validated - **ERROR** `router.py:2053:35` [py.auth.token_override_without_validation] — token acceptance flow writes through `oclient.completions.create` without validating that token expiration is not validated, token recipient identity is not validated - **ERROR** `router.py:2289:39` [py.auth.token_override_without_validation] — token acceptance flow writes through `oclient.chat.completions.create` without validating that token expiration is not validated, token recipient identity is not validated - **ERROR** `router.py:2451:35` [py.auth.token_override_without_validation] — token acceptance flow writes through `client.embeddings.create` without validating that token expiration is not validated, token recipient identity is not validated - **ERROR** `router.py:2516:35` [py.auth.token_override_without_validation] — token acceptance flow writes through `client.embeddings.create` without validating that token expiration is not validated, token recipient identity is not validated - **ERROR** `router.py:2573:24` [py.auth.token_override_without_validation] — token acceptance flow writes through `client.create` without validating that token expiration is not validated, token recipient identity is not validated - **ERROR** `router.py:2773:26` [py.auth.token_override_without_validation] — token acceptance flow writes through `client.delete` without validating that token expiration is not validated, token recipient identity is not validated - **ERROR** `router.py:3253:27` [py.auth.token_override_without_validation] — token acceptance flow writes through `oclient.embeddings.create` without validating that token expiration is not validated, token recipient identity is not validated - **ERROR** `router.py:3487:35` [py.auth.token_override_without_validation] — token acceptance flow writes through `oclient.chat.completions.create` without validating that token expiration is not validated, token recipient identity is not validated - **ERROR** `router.py:3680:27` [py.auth.token_override_without_validation] — token acceptance flow writes through `oclient.completions.create` without validating that token expiration is not validated, token recipient identity is not validated - **WARNING** `db.py:26:21` [state-resource-leak] — resource `self` is never closed - **WARNING** `router.py:1:1` [state-resource-leak] — resource `aspect_ratio` is never closed - **NOTE** `router.py:486:12` [py.crypto.sha1] — hashlib.sha1() uses a weak hash algorithm
alpha-nerd added 1 commit 2026-05-13 17:32:20 +02:00
chore: deduplicate nyx triage entries
Some checks failed
NYX Security Scan / nyx-scan (pull_request) Failing after 6m37s
Details
5ce4eed0ad
alpha-nerd added 1 commit 2026-05-13 19:07:25 +02:00
fix: triage by suppression_rules for CI
All checks were successful
NYX Security Scan / nyx-scan (pull_request) Successful in 6m35s
Details
e484f12228
alpha-nerd merged commit 648b016629 into main 2026-05-15 09:16:10 +02:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
bug

Something is not working

  
dependencies

dependency management

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
help wanted

Need some help

  
invalid

Something is wrong

  
question

More information is needed

  
renovate: stop-updating

stop renovate-bot pushing

  
wontfix

This won't be fixed

  
bug

Something is not working

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
help wanted

Need some help

  
invalid

Something is wrong

  
question

More information is needed

  
renovate: stop-updating

cmd renovate to stop updating the pr

  
security

CVE warning

  
wontfix

This won't be fixed

No labels
bug
dependencies
duplicate
enhancement
help wanted
invalid
question
renovate: stop-updating
wontfix
bug
duplicate
enhancement
help wanted
invalid
question
renovate: stop-updating
security
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
alpha-nerd
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: nomyo-ai/nomyo-router#76
No description provided.
Delete branch "dev-0.9.x"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?