pub const ENV_ALLOW_DEV_MODE: &str = "TENSOR_WASM_API_ALLOW_DEV_MODE";Expand description
Environment variable that explicitly opts the gateway into dev mode
(auth disabled, every request passes through with AuthContext::dev).
Accepted truthy values are "1" and "true" (case-insensitive, trimmed).
Any other value — including unset — leaves dev mode disabled.
Closes the M4 finding: an empty / unset ENV_API_TOKENS used to make
bearer_auth fail open (wildcard pass-through), so a deployment that
merely forgot to populate the allowlist silently accepted every request.
We now fail closed: when no tokens are configured AND this opt-in is not
set, bearer_auth rejects every request with 401 Unauthorized. The
startup warn! in AuthConfig::from_env is preserved so an operator who
genuinely wants dev mode still sees the loud signal — they just have to
acknowledge it by setting this variable.
Only AuthConfig::from_env consults this variable. Configs built
programmatically via AuthConfig::from_tokens / AuthConfig::from_scopes
/ AuthConfig::default are treated as an explicit in-process opt-in
(they cannot be poisoned by hostile ambient environment), so they preserve
the historical pass-through behaviour for tests and embedders.