Circuit-Forge/kiwi
2
0
Fork 0
Code Issues 4 Pull requests 1 Projects Releases Packages Wiki Activity Actions

fix: recipes endpoint — inject session tier before all gate checks

Browse source
This commit is contained in:
pyr0ball 2026-03-31 12:52:10 -07:00
parent ce61b5f422
commit ea22dc8b47
1 changed files with 4 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
app/api/endpoints/recipes.py
View file

@ -21,19 +21,20 @@ async def suggest_recipes(
session: CloudUser = Depends(get_session), session: CloudUser = Depends(get_session),
store: Store = Depends(get_store), store: Store = Depends(get_store),
) -> RecipeResult: ) -> RecipeResult:
# Inject session-authoritative tier/byok immediately — client-supplied values are ignored.
req = req.model_copy(update={"tier": session.tier, "has_byok": session.has_byok})
if req.level == 4 and not req.wildcard_confirmed: if req.level == 4 and not req.wildcard_confirmed:
raise HTTPException( raise HTTPException(
status_code=400, status_code=400,
detail="Level 4 (Wildcard) requires wildcard_confirmed=true.", detail="Level 4 (Wildcard) requires wildcard_confirmed=true.",
) )
if req.level in (3, 4) and not can_use("recipe_suggestions", session.tier, session.has_byok): if req.level in (3, 4) and not can_use("recipe_suggestions", req.tier, req.has_byok):
raise HTTPException( raise HTTPException(
status_code=403, status_code=403,
detail="LLM recipe levels require Paid tier or a configured LLM backend.", detail="LLM recipe levels require Paid tier or a configured LLM backend.",
) )
if req.style_id and not can_use("style_picker", session.tier): if req.style_id and not can_use("style_picker", req.tier):
raise HTTPException(status_code=403, detail="Style picker requires Paid tier.") raise HTTPException(status_code=403, detail="Style picker requires Paid tier.")
req = req.model_copy(update={"tier": session.tier, "has_byok": session.has_byok})
engine = RecipeEngine(store) engine = RecipeEngine(store)
return await asyncio.to_thread(engine.suggest, req) return await asyncio.to_thread(engine.suggest, req)