feat(chutes): replace whitelist with dynamic -TEE suffix validation

echobt · echobt · commit 617df19fb99f · 2026-02-03T13:55:04.000Z
- Replace CHUTES_ALLOWED_MODELS whitelist with DEFAULT_CHUTES_MODEL constant
- Update validate_chutes_model() to accept ANY model ending with '-TEE' suffix (case-insensitive)
- Update provider_allows_custom_models() to allow custom models for Chutes
- Add comprehensive tests for -TEE suffix validation (valid/invalid/case-insensitive)
- Default model remains moonshotai/Kimi-K2.5-TEE
- Custom models can now be used via --model chutes:{model_name} format

This allows users to specify any TEE model available on Chutes, not just whitelisted ones.
diff --git a/src/cortex-common/src/model_presets/mod.rs b/src/cortex-common/src/model_presets/mod.rs
@@ -19,7 +19,7 @@ pub use constants::{DEFAULT_MODEL, DEFAULT_MODELS, DEFAULT_PROVIDER};
 
 // Re-export preset data and helpers
 pub use presets::{
-    CHUTES_ALLOWED_MODELS, MODEL_PRESETS, get_model_preset, get_models_for_provider,
+    DEFAULT_CHUTES_MODEL, MODEL_PRESETS, get_model_preset, get_models_for_provider,
     provider_allows_custom_models, validate_chutes_model,
 };
 
diff --git a/src/cortex-common/src/model_presets/presets.rs b/src/cortex-common/src/model_presets/presets.rs
@@ -2,9 +2,9 @@
 
 use super::types::ModelPreset;
 
-/// Allowed models for Chutes provider (whitelist approach for security).
-/// Only these models can be used with the Chutes provider.
-pub const CHUTES_ALLOWED_MODELS: &[&str] = &["moonshotai/Kimi-K2.5-TEE"];
+/// Default model for Chutes provider.
+/// This is the fallback model when no specific model is provided.
+pub const DEFAULT_CHUTES_MODEL: &str = "moonshotai/Kimi-K2.5-TEE";
 
 /// Available model presets.
 pub const MODEL_PRESETS: &[ModelPreset] = &[
@@ -838,6 +838,7 @@ pub fn get_models_for_provider(provider: &str) -> Vec<&'static ModelPreset> {
 
 /// Validates that a model is allowed for the Chutes provider.
 /// Chutes only allows TEE (Trusted Execution Environment) models for security.
+/// Any model ending with '-TEE' suffix (case-insensitive) is accepted.
 /// Returns Ok(()) if valid, Err with message if invalid.
 pub fn validate_chutes_model(model: &str) -> Result<(), String> {
     let model = model.trim();
@@ -847,38 +848,26 @@ pub fn validate_chutes_model(model: &str) -> Result<(), String> {
         return Err("Model name cannot be empty for Chutes provider".to_string());
     }
 
-    // Check suffix (case-insensitive)
+    // Check suffix (case-insensitive) - any model ending with -TEE is allowed
     if !model.to_uppercase().ends_with("-TEE") {
         return Err(format!(
             "Chutes provider only allows TEE models (models ending with '-TEE'). \
-             Model '{}' is not a TEE model. Available TEE models: {}",
+             Model '{}' is not a TEE model. Default model: {}",
             model,
-            CHUTES_ALLOWED_MODELS.join(", ")
-        ));
-    }
-
-    // SECURITY: Also verify model is in the allowed whitelist
-    if !CHUTES_ALLOWED_MODELS
-        .iter()
-        .any(|&allowed| allowed.eq_ignore_ascii_case(model))
-    {
-        return Err(format!(
-            "Model '{}' is not in the allowed Chutes models list. \
-             Available models: {}",
-            model,
-            CHUTES_ALLOWED_MODELS.join(", ")
+            DEFAULT_CHUTES_MODEL
         ));
     }
 
     Ok(())
 }
 
 /// Checks if a provider restricts custom models.
-/// Chutes only allows predefined TEE models, no custom models.
+/// All providers allow custom models, but Chutes requires -TEE suffix.
 pub fn provider_allows_custom_models(provider: &str) -> bool {
-    // Chutes does NOT allow custom models - only predefined TEE models
-    // Use case-insensitive comparison
-    !provider.eq_ignore_ascii_case("chutes")
+    // All providers allow custom models
+    // Chutes allows any model with -TEE suffix (validated via validate_chutes_model)
+    let _ = provider; // Used for potential future provider-specific restrictions
+    true
 }
 
 #[cfg(test)]
@@ -887,52 +876,68 @@ mod tests {
 
     #[test]
     fn test_validate_chutes_model_valid() {
-        // Valid TEE models in whitelist
+        // Default TEE model
         assert!(validate_chutes_model("moonshotai/Kimi-K2.5-TEE").is_ok());
         // Case insensitive
         assert!(validate_chutes_model("moonshotai/kimi-k2.5-tee").is_ok());
         assert!(validate_chutes_model("MOONSHOTAI/KIMI-K2.5-TEE").is_ok());
         // Whitespace handling
         assert!(validate_chutes_model("  moonshotai/Kimi-K2.5-TEE  ").is_ok());
+        // Any model with -TEE suffix is valid
+        assert!(validate_chutes_model("custom-model-TEE").is_ok());
+        assert!(validate_chutes_model("some-provider/my-model-TEE").is_ok());
+        assert!(validate_chutes_model("another-model-tee").is_ok());
+        assert!(validate_chutes_model("UPPERCASE-MODEL-TEE").is_ok());
     }
 
     #[test]
     fn test_validate_chutes_model_invalid() {
-        // Not a TEE model
+        // Not a TEE model (no -TEE suffix)
         assert!(validate_chutes_model("gpt-4").is_err());
         assert!(validate_chutes_model("claude-3").is_err());
+        assert!(validate_chutes_model("some-model").is_err());
 
-        // Has TEE suffix but NOT in whitelist
-        assert!(validate_chutes_model("fake-model-TEE").is_err());
-        assert!(validate_chutes_model("some-model-TEE").is_err());
-
-        // TEE in wrong position
+        // TEE in wrong position (not at the end)
         assert!(validate_chutes_model("model-TEE-v2").is_err());
+        assert!(validate_chutes_model("TEE-model").is_err());
+        assert!(validate_chutes_model("my-TEE-model-v1").is_err());
 
         // Empty string
         let result = validate_chutes_model("");
         assert!(result.is_err());
         assert!(result.unwrap_err().contains("cannot be empty"));
+
+        // Whitespace only
+        let result = validate_chutes_model("   ");
+        assert!(result.is_err());
+        assert!(result.unwrap_err().contains("cannot be empty"));
     }
 
     #[test]
-    fn test_provider_allows_custom_models() {
-        // Chutes does NOT allow custom models - case insensitive
-        assert!(!provider_allows_custom_models("chutes"));
-        assert!(!provider_allows_custom_models("Chutes"));
-        assert!(!provider_allows_custom_models("CHUTES"));
+    fn test_validate_chutes_model_error_message() {
+        let result = validate_chutes_model("invalid-model");
+        assert!(result.is_err());
+        let err = result.unwrap_err();
+        // Error message should mention the default model
+        assert!(err.contains(DEFAULT_CHUTES_MODEL));
+        assert!(err.contains("-TEE"));
+    }
 
-        // Other providers allow custom models
+    #[test]
+    fn test_provider_allows_custom_models() {
+        // All providers allow custom models
+        assert!(provider_allows_custom_models("chutes"));
+        assert!(provider_allows_custom_models("Chutes"));
+        assert!(provider_allows_custom_models("CHUTES"));
         assert!(provider_allows_custom_models("cortex"));
         assert!(provider_allows_custom_models("openai"));
         assert!(provider_allows_custom_models("anthropic"));
     }
 
     #[test]
-    fn test_chutes_allowed_models_list() {
-        // Verify the whitelist contains expected model
-        assert!(CHUTES_ALLOWED_MODELS.contains(&"moonshotai/Kimi-K2.5-TEE"));
-        // Whitelist should not be empty
-        assert!(!CHUTES_ALLOWED_MODELS.is_empty());
+    fn test_default_chutes_model() {
+        // Verify the default model is a valid TEE model
+        assert!(DEFAULT_CHUTES_MODEL.to_uppercase().ends_with("-TEE"));
+        assert_eq!(DEFAULT_CHUTES_MODEL, "moonshotai/Kimi-K2.5-TEE");
     }
 }
diff --git a/src/cortex-tui/src/providers/manager.rs b/src/cortex-tui/src/providers/manager.rs
@@ -11,7 +11,7 @@ use cortex_engine::client::{
 
 use super::config::CortexConfig;
 use super::models::{ModelInfo, get_models_for_provider, get_popular_models};
-use cortex_common::model_presets::{CHUTES_ALLOWED_MODELS, validate_chutes_model};
+use cortex_common::model_presets::{DEFAULT_CHUTES_MODEL, validate_chutes_model};
 
 // ============================================================
 // PROVIDER MANAGER
@@ -49,7 +49,7 @@ impl ProviderManager {
                              resetting to default",
                             model
                         );
-                        (provider.to_string(), CHUTES_ALLOWED_MODELS[0].to_string())
+                        (provider.to_string(), DEFAULT_CHUTES_MODEL.to_string())
                     } else {
                         (provider.to_string(), model.to_string())
                     }
@@ -236,7 +236,7 @@ impl ProviderManager {
                      switching to default",
                     self.current_model
                 );
-                self.current_model = CHUTES_ALLOWED_MODELS[0].to_string();
+                self.current_model = DEFAULT_CHUTES_MODEL.to_string();
             }
         }
 
