RemoteCatalogSanitizer
Category: Catalog
Source: remote_catalog_sanitizer.dart
Defangs a remote catalog payload before it is cached locally.
A hostile remote catalog could otherwise steal credentials by:
- Shipping an
auth.api_keyliteral (stored key leak). - Overriding an existing provider's
base_url→ on the next request the adapter would send the user's env-resolved API key to the attacker's host. - Adding
request_headersthat echo credentials into custom fields.
The sanitizer enforces a strict provider-level whitelist: only name, adapter, compatibility, docs_url, enabled, and models survive. auth is clamped to api_key: none. base_url and request_headers are stripped outright — users who want to point a remote-defined provider at a specific endpoint or inject custom headers must re-declare that provider in their local ~/.glue/models.yaml.
Output is YAML (not JSON): the cached file is what glue catalog edit opens in $EDITOR, so preserving the upstream's block structure and comments is worth the small edit-graph overhead.