feat: add native SAP AI Core support #50
@@ -276,6 +276,7 @@ func (c *AICoreClient) CompleteAnthropic(ctx context.Context, model string, mess
|
||||
req.Header.Set("Authorization", "Bearer "+token)
|
||||
req.Header.Set("AI-Resource-Group", c.config.ResourceGroup)
|
||||
req.Header.Set("Content-Type", "application/json")
|
||||
req.Header.Set("anthropic-version", "2023-06-01")
|
||||
|
||||
|
|
||||
resp, err := c.http.Do(req)
|
||||
if err != nil {
|
||||
[MINOR] Unbounded response body read for Anthropic invoke responses (io.ReadAll). To defend against large or malformed payloads from AI Core or misconfiguration, consider adding a read limit or Content-Length checks like in llm.Client.doRequest. **[MINOR]** Unbounded response body read for Anthropic invoke responses (io.ReadAll). To defend against large or malformed payloads from AI Core or misconfiguration, consider adding a read limit or Content-Length checks like in llm.Client.doRequest.
gpt-review-bot
commented
[MINOR] AI Core request paths do not validate response body length against Content-Length like client.doRequest does. Adding a similar check (and treating mismatches as retryable) would harden against truncated responses. This applies to both CompleteAnthropic and CompleteOpenAI. **[MINOR]** AI Core request paths do not validate response body length against Content-Length like client.doRequest does. Adding a similar check (and treating mismatches as retryable) would harden against truncated responses. This applies to both CompleteAnthropic and CompleteOpenAI.
|
||||
|
||||
Reference in New Issue
Block a user
[MINOR] The
TODO.mdself-review correctly notes thatCompleteAnthropicandCompleteOpenAIlack the Content-Length body validation thatdoRequesthas inclient.go. Given these methods duplicate the HTTP execution pattern rather than going throughdoRequest, any future fix to the retry/validation logic indoRequestwon't automatically apply here. Consider extracting a shared HTTP execution helper for AI Core, or routing throughdoRequestvia an adapter.