Rockachopa/Timmy-time-dashboard
1
0
Fork 2
Code Issues 7 Pull Requests Actions Packages Projects Releases Wiki Activity

Remove or gate cloud integrations: Grok, Claude backends behind proper feature flags #30

New Issue
Closed
opened 2026-03-14 13:33:35 +00:00 by Rockachopa · 0 comments
Rockachopa commented 2026-03-14 13:33:35 +00:00
Owner
Copy Link

What

The Grok and Claude backends in timmy/backends.py (240+ lines) are cloud API clients. They're properly gated behind grok_enabled / claude_available() checks, but:

  1. The fallback chain in agent.py auto-falls-back to Claude if Ollama is unreachable — this means a network blip could silently send your data to Anthropic's API
  2. The Grok backend imports openai SDK and makes calls to api.x.ai — a cloud dependency
  3. Config has anthropic-backup and openai-backup providers defined (disabled, but present)

Sovereignty concern

Line 148 in agent.py:

if not _check_model_available(model_name):
    if claude_available():
        logger.warning("Ollama unreachable — falling back to Claude backend")
        return ClaudeBackend()

This is a silent cloud fallback. If Ollama crashes, Timmy starts sending your conversations to Anthropic without explicit consent.

What to do

  1. Remove the auto-fallback to Claude in agent.py. If Ollama is down, fail loudly.
  2. Make cloud backends require explicit --backend claude or --backend grok CLI flag
  3. Consider moving cloud backends to a separate optional package (pip install timmy[cloud])
  4. Add a startup warning if any cloud backend is enabled

Files

  • src/timmy/agent.py lines 143-148 — remove silent fallback
  • src/timmy/backends.py — keep but gate more strictly
  • src/config.py — ensure cloud settings are off by default

Estimated effort: 1 hour

## What The Grok and Claude backends in `timmy/backends.py` (240+ lines) are cloud API clients. They're properly gated behind `grok_enabled` / `claude_available()` checks, but: 1. The fallback chain in `agent.py` auto-falls-back to Claude if Ollama is unreachable — this means a network blip could silently send your data to Anthropic's API 2. The Grok backend imports `openai` SDK and makes calls to `api.x.ai` — a cloud dependency 3. Config has `anthropic-backup` and `openai-backup` providers defined (disabled, but present) ## Sovereignty concern Line 148 in `agent.py`: ```python if not _check_model_available(model_name): if claude_available(): logger.warning("Ollama unreachable — falling back to Claude backend") return ClaudeBackend() ``` This is a **silent cloud fallback**. If Ollama crashes, Timmy starts sending your conversations to Anthropic without explicit consent. ## What to do 1. Remove the auto-fallback to Claude in `agent.py`. If Ollama is down, fail loudly. 2. Make cloud backends require explicit `--backend claude` or `--backend grok` CLI flag 3. Consider moving cloud backends to a separate optional package (`pip install timmy[cloud]`) 4. Add a startup warning if any cloud backend is enabled ## Files - `src/timmy/agent.py` lines 143-148 — remove silent fallback - `src/timmy/backends.py` — keep but gate more strictly - `src/config.py` — ensure cloud settings are off by default ## Estimated effort: 1 hour
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
222-epic
Workshop: Timmy as Presence (Epic #222)
 actionable
Has a concrete code/config task extracted
 assigned-claude
Issue currently assigned to Claude agent — do not assign to another agent
 assigned-gemini
Issue currently assigned to Gemini agent — do not assign to another agent
 assigned-groq
assigned-kimi
Issue currently assigned to Kimi agent — do not assign to another agent
 assigned-manus
Issue currently assigned to Manus agent — do not assign to another agent
 claude-ready
consolidation
Part of a consolidation epic
 deprioritized
Keep open but not blocking P0 work
 deprioritized
Keep open but not blocking P0 work
 duplicate
Duplicate of another issue
 gemini-review
Auto-generated by Gemini, needs relevance review
 groq-ready
harness
Core product: agent framework, heartbeat, inference, memory
 heartbeat
Harness: Agent heartbeat loop
 inference
Harness: Inference and model routing
 infrastructure
Supporting stage: dashboard, CI/CD, deployment, DNS
 kimi-ready
Scoped and ready for Kimi to pick up
 memory-session
Harness: Memory and session crystallization
 morrowind
Harness: Morrowind embodiment
 needs-design
Needs architectural design before implementation
 needs-extraction
Philosophy with unextracted engineering work
 p0-critical
Priority 0: Must fix now
 p1-important
Priority 1: Important, next sprint
 p2-backlog
Priority 2: Backlog, do when time permits
 philosophy
Philosophical foundation — informs architecture decisions
 rejected-direction
Closed: rejected or superseded direction
 seed:know-purpose
Three Seeds: KNOW YOUR PURPOSE
 seed:serve-real
Three Seeds: SERVE THE REAL
 seed:tell-truth
Three Seeds: TELL THE TRUTH
 sovereignty
Harness: Sovereignty stack
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
Timmy claude grok groq kimi manus perplexity Rockachopa
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Rockachopa/Timmy-time-dashboard#30
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?