[codex] Harden public model cache handling#13
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 5ee4618128
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| if sourceKind == .remoteURL, | ||
| !allowDownload, | ||
| currentModel?.installState != .cached { | ||
| throw RouteModelError.refreshRequiresDownload(id) |
There was a problem hiding this comment.
The new allowDownload == false gate only checks installState == .cached, but cached is computed from required artifacts only. installRouteModel still calls modelInstaller.install(..., mode: .downloadArtifacts), and downloadArtifactsIfNeeded iterates all artifacts (including optional ones), so a model with missing optional cache files can still trigger remote HTTP requests despite explicit download denial. This breaks the consent contract in environments where users expect allowDownload: false to guarantee no outbound fetches.
Useful? React with 👍 / 👎.
1 participant
Summary
Validation
swift test --package-path Packages/ValarCore --jobs 1swift test --package-path Packages/ValarPersistence --jobs 1swift build --package-path apps/ValarCLI --jobs 1swift build --package-path apps/ValarDaemon --jobs 1bash tools/public_repo_audit.sh --root .bash tools/public_repo_secret_scan.sh --root .bash tools/public_repo_secret_scan.sh --root . --include-ignoredbash tools/public_repo_history_scan.sh --root .gitleaks detect --source . --config .gitleaks.toml --redact --no-bannerPublic-safety notes
assets/media/social-preview-text.jpgout of the commit.