Summary
PR #93 fixed issue #71 by making embedding.apiKey optional so local providers like Ollama can start without authentication. The core fix is useful and should remain, but there are two follow-up areas worth tightening.
Follow-up items
- Add stable test coverage for the no-apiKey path
- The PR added
test/ollama-no-apikey.test.mjs, but it depends on a local Ollama instance.
- Add unit-level coverage that does not require a running local server, so CI can reliably lock in the expected config/embedder behavior.
- Revisit the
no-key-required fallback strategy
- Today, missing
embedding.apiKey falls back to a dummy value and emits a warning.
- This is convenient for local providers, but it also changes failure behavior for cloud providers from config-time failure to runtime failure.
- Consider a more provider-aware path so local providers can omit keys cleanly while cloud providers still fail early and clearly.
Context
This is not a regression report against PR #93. It is a follow-up hardening task so the Ollama/local-provider fix has better long-term test and behavior guarantees.
Summary
PR #93 fixed issue #71 by making
embedding.apiKeyoptional so local providers like Ollama can start without authentication. The core fix is useful and should remain, but there are two follow-up areas worth tightening.Follow-up items
test/ollama-no-apikey.test.mjs, but it depends on a local Ollama instance.no-key-requiredfallback strategyembedding.apiKeyfalls back to a dummy value and emits a warning.Context
This is not a regression report against PR #93. It is a follow-up hardening task so the Ollama/local-provider fix has better long-term test and behavior guarantees.