claw
91f31ff2d7
PR Ready Gate / clear-labels (pull_request) Successful in 2s
CI / test (pull_request) Successful in 24s
CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 34s
CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 1m43s
CI / review (gpt-5, security, ., rodin/security-patterns, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 1m49s
MINOR #1: Move AllowInsecureHTTPForTest to export_test.go so it is only available in test binaries and does not pollute the production API surface. MINOR #2: Replace url.Parse with a strings.EqualFold prefix check in doRequest's HTTPS enforcement, avoiding a per-request allocation. NIT #3: Push back — slog.Warn on ignored AllowInsecureHTTP is a deliberate design choice that helps operators debug 'refusing to send credentials' errors when the env gate is not set.