Skip to content

Tag /api/gateway requests with direct-gateway feature header#547

Open
emilieschario wants to merge 1 commit intomainfrom
route-based-headers
Open

Tag /api/gateway requests with direct-gateway feature header#547
emilieschario wants to merge 1 commit intomainfrom
route-based-headers

Conversation

@emilieschario
Copy link
Contributor

@emilieschario emilieschario commented Feb 25, 2026

Summary

  • Requests hitting /api/gateway/ now have x-kilocode-feature: direct-gateway injected before being forwarded to the openrouter handler
  • Any client-supplied x-kilocode-feature header is overwritten
  • Added tests covering both behaviours

@kilo-code-bot
Copy link
Contributor

kilo-code-bot bot commented Feb 25, 2026

Code Review Summary

Status: No Issues Found | Recommendation: Merge

Clean change that wraps the gateway route handler to inject the x-kilocode-feature: direct-gateway header before forwarding to the openrouter POST handler. The server-side header injection correctly prevents client spoofing, 'direct-gateway' is a valid FEATURE_VALUES entry, and the NextRequest constructor properly clones the body from the original request. Tests cover both the default case and the overwrite case.

Files Reviewed (2 files)
  • src/app/api/gateway/[...path]/route.ts
  • src/app/api/gateway/[...path]/route.test.ts

@emilieschario emilieschario mentioned this pull request Feb 25, 2026
Open
pedroheyerdahl
pedroheyerdahl reviewed Feb 25, 2026
View reviewed changes
Copy link
Contributor

@pedroheyerdahl pedroheyerdahl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The route change is exactly right — this is the route-based approach Pedro originally had in #307 before reverting it, and it's the correct solution to #329.

One concern: the test mocks the openrouter POST handler and asserts on the forwarded request object. Per our coding guidelines, we avoid mocks because they make tests brittle and tied to implementation details. The test doesn't verify any observable behavior — it would still pass even if the header injection had no effect downstream.

Could the test instead make a real request through the stack and verify the feature column in the DB ends up as direct-gateway? There are examples in the existing integration test helpers (src/tests/helpers/microdollar-usage.helper.ts) that show how to check usage records. That would give us real confidence the wiring works end-to-end, rather than just that we're calling openrouterPOST with certain headers.

pedroheyerdahl
pedroheyerdahl approved these changes Feb 25, 2026
View reviewed changes
Copy link
Contributor

@pedroheyerdahl pedroheyerdahl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: the test mocks openrouter and checks what headers we passed in, but that doesn't actually verify the feature ends up in the DB (coding-style.md suggest not using mocks). would be worth wiring this up as an integration test instead, similar to what's in src/tests/helpers/microdollar-usage.helper.ts. I can send a follow up.

chrarnoldus
chrarnoldus reviewed Feb 25, 2026
View reviewed changes
src/app/api/gateway/[...path]/route.ts

export function POST(request: NextRequest) {
const headers = new Headers(request.headers);
headers.set(FEATURE_HEADER, 'direct-gateway');
Copy link
Contributor

@chrarnoldus chrarnoldus Feb 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we probably don't want to override it if it's already set

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chrarnoldus chrarnoldus chrarnoldus left review comments

@pedroheyerdahl pedroheyerdahl pedroheyerdahl approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@emilieschario @chrarnoldus @pedroheyerdahl