fix(serving): wire MLflow auth and Host header for container-to-container calls

- Pass MLFLOW_ADMIN_PASSWORD as fallback password credential
- Set host_header='localhost' to satisfy MLflow's --allowed-hosts check
  (MLflow rejects Host: mlflow but accepts Host: localhost)
- Default MLFLOW_TRACKING_URI to http://mlflow:5000 in compose so the
  env_file value is not silently overridden to empty

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

infra/docker/docker-compose.yml

@@ -71,7 +71,7 @@ services:
     environment:
       LITELLM_URL: ${LITELLM_URL:-http://host.docker.internal:4000}
       OLLAMA_URL: ${OLLAMA_URL:-http://host.docker.internal:11434}
-      MLFLOW_TRACKING_URI: ${MLFLOW_TRACKING_URI:-}
+      MLFLOW_TRACKING_URI: ${MLFLOW_TRACKING_URI:-http://mlflow:5000}
     extra_hosts:
       - "host.docker.internal:host-gateway"
     ports:

ml/serving/main.py

@@ -87,7 +87,15 @@ STATE_DIR = Path(os.getenv("STATE_DIR", "/tmp/oo-serving-state"))
 # is logged at WARNING and never propagates to the caller.
 
 _MLFLOW_URI = os.getenv("MLFLOW_TRACKING_URI", "")
-_mlflow: MLflowClient | None = MLflowClient(tracking_uri=_MLFLOW_URI) if _MLFLOW_URI else None
+_mlflow: MLflowClient | None = (
+    MLflowClient(
+        tracking_uri=_MLFLOW_URI,
+        username=os.getenv("MLFLOW_TRACKING_USERNAME", "admin"),
+        password=os.getenv("MLFLOW_TRACKING_PASSWORD") or os.getenv("MLFLOW_ADMIN_PASSWORD", "password"),
+        host_header="localhost",
+    )
+    if _MLFLOW_URI else None
+)
 _MLFLOW_EXP = "oO/serving"