Tasks: Secure Modal Klein Endpoint
1. Backend Client
- Add
KLEIN_MODAL_TOKENconfiguration inapp.py. - Send bearer auth to the Modal generation endpoint when configured.
- Send bearer auth to Modal health/status checks when configured.
- Ensure runtime status/setup can show token configured state without exposing the value.
2. Modal Worker
- Read
KLEIN_MODAL_TOKENinmodal_workers/klein_image.py. - Add token validation helper.
- Reject unauthorized
POST /generaterequests with HTTP 401 when the token is configured. - Keep requests allowed when the token is not configured.
3. Documentation
- Add
KLEIN_MODAL_TOKENto.env.example. - Update README Modal setup notes.
- Update runtime setup guidance for the shared token.
4. Verification
- Update
scripts/verify.pyfor auth wiring and redaction. - Run
python scripts\verify.py. - Run
python -m py_compile app.py scripts\verify.py modal_workers\klein_image.py. - Run
git diff --check.