[MINOR] AI Core URLs (AICORE_AUTH_URL, AICORE_API_URL) are accepted as-is without enforcing or warning on non-HTTPS schemes. Requiring or warning on non-HTTPS would reduce risk of credential/token interception in misconfigurations.
[MINOR] The code trusts and directly uses the deploymentUrl returned by the AI Core API to construct subsequent requests (appending /invoke or /chat/completions). While appropriate in normal operation, this creates a potential SSRF or token exfiltration vector if the AI Core API or configuration is compromised. As a defense-in-depth measure, consider validating that deploymentUrl shares the expected host/scheme with the configured APIURL.
[MINOR] Error returns include the full response body on deployments request failure (fmt.Errorf("deployments request failed ...: %s", body)). This may leak internal details to logs. Prefer limiting or redacting response bodies in error messages.
[MINOR] Error returns include the full response body on token request failure (fmt.Errorf("token request failed ...: %s", body)). This can lead to information leakage in logs if upstream returns verbose error details. Consider truncating or redacting bodies in errors.
[MINOR] Unbounded response body read for deployments discovery (io.ReadAll). Similar DoS risk as above if APIURL is misconfigured or untrusted. Add a body size cap or Content-Length validation.
[MINOR] Error path for deployments includes the entire response body in the error message. Consider truncating or redacting to avoid leaking potentially sensitive upstream details.
[MINOR] Error message includes full response body from the token endpoint (fmt.Errorf("token request failed ...: %s", body)). This can leak sensitive details from upstream error payloads into logs. Consider truncating or redacting bodies in errors, especially for auth endpoints.
[MINOR] Unbounded response body read for Anthropic invoke responses (io.ReadAll). To defend against large or malformed payloads from AI Core or misconfiguration, consider adding a read limit or Content-Length checks like in llm.Client.doRequest.
[MINOR] Anthropic error path includes full response body in error. Truncate or sanitize to reduce risk of leaking sensitive content into logs.
[MINOR] Unbounded response body read for OpenAI-compatible chat responses via AI Core. Consider adding a maximum body size or Content-Length validation for defense-in-depth.
[MINOR] OpenAI-compatible error path includes full response body in error. Recommend truncating or redacting the body in error messages to avoid potential sensitive data exposure.
[MINOR] Unbounded response body read from the token endpoint (io.ReadAll on resp.Body). If the AuthURL is misconfigured or points to a hostile server, this can lead to excessive memory usage. Consider adding a reasonable limit via io.LimitReader or validating Content-Length and capping size.
[MINOR] On authentication and API failures, the code includes the full upstream response body in returned errors (e.g., token and deployments requests, and AI Core invoke errors). While convenient for debugging, this can leak detailed service information into logs. Consider redacting or truncating bodies on errors, or limiting to status code and a short message.
[NIT] AICoreClient uses an internal http.Client with a fixed 30s Timeout irrespective of the overall LLM timeout. While requests also honor context deadlines, the shorter client timeout may cause premature cancellations and inconsistent behavior. Consider aligning with the caller-provided context/timeout or making this configurable.
[MINOR] AuthURL/APIURL are accepted as-is and used to construct requests without verifying the scheme. If misconfigured to use plain HTTP, client credentials could be sent in cleartext. Consider validating that AuthURL and APIURL use https:// (or at least warning/refusing non-HTTPS) to prevent accidental credential exposure.