fix(opik_client): make OPIK_API_KEY optional for self-hosted backends#150
Merged
Conversation
resolve_opik_config has hard-required OPIK_API_KEY since the Python rewrite, so opik-mcp cannot talk to a self-hosted Opik that runs with auth disabled and authorizes on the Comet-Workspace header alone — it errors before issuing any request. Make the key optional, mirroring the workspace handling that is already optional: when no key (and no inbound Authorization header) is present, requests go out without an Authorization header and the backend decides (a hosted Opik still rejects with 401, surfaced as a normal request error). ask_ollie still requires a key, since it targets the hosted Comet endpoint. - resolve_opik_config: drop the missing-key raise; return api_key | None - OpikClient.__init__ / _headers: api_key optional; send Authorization only when present - tests: flip the two key-required tests to assert keyless behavior Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Lock in the no-regression case: when a key is genuinely required (hosted backend) but not configured, the request is still attempted with no Authorization header and the backend's 401 surfaces as a typed OpikAuthError — no silent success, hang, or raw crash. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
awkoy
approved these changes
Jun 25, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
resolve_opik_confighas hard-requiredOPIK_API_KEYsince the Python rewrite (a52a687). A self-hosted Opik typically runs with auth disabled and authorizes on theComet-Workspaceheader alone, but opik-mcp errors out —OPIK_API_KEY (or an inbound Authorization header) is required to call Opik REST— before issuing any request, so it can't be used against a local/OSS backend without inventing a dummy key.Fix
Make the API key optional, mirroring the workspace handling that
mainalready made optional (DEFAULT_WORKSPACEfallback):resolve_opik_config: drop the missing-key raise; returnapi_keyasstr | None.OpikClient.__init__/_headers: accept an optional key and send theAuthorizationheader only when present.Authorizationheader) is set, requests go out with just the workspace header and the backend decides — a hosted Opik still rejects with401, surfaced as a normal request error.ask_ollieis intentionally left untouched: it targets the hosted Comet endpoint and still requires a key viarequire_ollie_config.Tests
resolve_opik_configreturnsapi_key=None;_headersomitsAuthorization).ruff check,ruff format --check, andmypyall clean.list_projectsandget_tracesucceed over both:5173/apiand:8080.🤖 Generated with Claude Code