From 95e1b342b437112bd8778d3c80d76a3f7864b111 Mon Sep 17 00:00:00 2001
From: alvis <allogn@gmail.com>
Date: Wed, 6 May 2026 10:39:08 +0000
Subject: [PATCH] fix(serving): wire MLflow auth and Host header for
 container-to-container calls

- Pass MLFLOW_ADMIN_PASSWORD as fallback password credential
- Set host_header='localhost' to satisfy MLflow's --allowed-hosts check
  (MLflow rejects Host: mlflow but accepts Host: localhost)
- Default MLFLOW_TRACKING_URI to http://mlflow:5000 in compose so the
  env_file value is not silently overridden to empty

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 infra/docker/docker-compose.yml |  2 +-
 ml/serving/main.py              | 10 +++++++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/infra/docker/docker-compose.yml b/infra/docker/docker-compose.yml
index 05070b4..629bfa1 100644
--- a/infra/docker/docker-compose.yml
+++ b/infra/docker/docker-compose.yml
@@ -71,7 +71,7 @@ services:
     environment:
       LITELLM_URL: ${LITELLM_URL:-http://host.docker.internal:4000}
       OLLAMA_URL: ${OLLAMA_URL:-http://host.docker.internal:11434}
-      MLFLOW_TRACKING_URI: ${MLFLOW_TRACKING_URI:-}
+      MLFLOW_TRACKING_URI: ${MLFLOW_TRACKING_URI:-http://mlflow:5000}
     extra_hosts:
       - "host.docker.internal:host-gateway"
     ports:
diff --git a/ml/serving/main.py b/ml/serving/main.py
index 7f5867f..a48ed86 100644
--- a/ml/serving/main.py
+++ b/ml/serving/main.py
@@ -87,7 +87,15 @@ STATE_DIR = Path(os.getenv("STATE_DIR", "/tmp/oo-serving-state"))
 # is logged at WARNING and never propagates to the caller.
 
 _MLFLOW_URI = os.getenv("MLFLOW_TRACKING_URI", "")
-_mlflow: MLflowClient | None = MLflowClient(tracking_uri=_MLFLOW_URI) if _MLFLOW_URI else None
+_mlflow: MLflowClient | None = (
+    MLflowClient(
+        tracking_uri=_MLFLOW_URI,
+        username=os.getenv("MLFLOW_TRACKING_USERNAME", "admin"),
+        password=os.getenv("MLFLOW_TRACKING_PASSWORD") or os.getenv("MLFLOW_ADMIN_PASSWORD", "password"),
+        host_header="localhost",
+    )
+    if _MLFLOW_URI else None
+)
 _MLFLOW_EXP = "oO/serving"