@@ -44,11 +44,7 @@ def get_api_key_from_context(ctx: Context) -> str:
4444 return auth_header [7 :] # Remove "Bearer " prefix
4545 elif headers :
4646 # HTTP mode but no/invalid Authorization header
47- # Fall back to environment variable for containerized deployment
48- api_key = os .environ .get ("CODEALIVE_HTTP_API_KEY" ) or os .environ .get ("CODEALIVE_API_KEY" , "" )
49- if not api_key :
50- raise ValueError ("HTTP mode: Authorization: Bearer <api-key> header required or CODEALIVE_API_KEY environment variable" )
51- return api_key
47+ raise ValueError ("HTTP mode: Authorization: Bearer <api-key> header required" )
5248 else :
5349 # STDIO mode - no HTTP headers available
5450 api_key = os .environ .get ("CODEALIVE_API_KEY" , "" )
@@ -730,13 +726,12 @@ async def search_code(
730726 sys .exit (1 )
731727 print (f"STDIO mode: Using API key from environment (ends with: ...{ api_key [- 4 :] if len (api_key ) > 4 else '****' } )
732728 else :
733- # HTTP mode: allow API key in environment for AWS Fargate deployment
729+ # HTTP mode: API keys must be provided via Authorization: Bearer headers
734730 if api_key :
735- print ("HTTP mode: Using API key from environment for Fargate deployment" )
736- # Set HTTP API key for the auth function
737- os .environ ["CODEALIVE_HTTP_API_KEY" ] = api_key
738- else :
739- print ("HTTP mode: No environment API key found. API keys will be extracted from Authorization: Bearer headers" )
731+ print ("WARNING: HTTP mode detected CODEALIVE_API_KEY in environment." )
732+ print ("In production, API keys should be provided via Authorization: Bearer headers." )
733+ print ("Environment variable will be ignored in HTTP mode." )
734+ print ("HTTP mode: API keys will be extracted from Authorization: Bearer headers" )
740735
741736 if not base_url :
742737 print ("WARNING: CODEALIVE_BASE_URL environment variable is not set, using default." )
0 commit comments