missing_header

Summary

missing auth header `{0}`

Help

the client must sign every admin request

Details

When this fires

The verifier in nanook-auth::signing requires four headers on every admin request: x-nanook-key, x-nanook-timestamp, x-nanook-nonce, x-nanook-signature. The error names which one was absent. This means an unsigned request reached the admin surface, almost always from curl poking at the API directly, a misconfigured reverse proxy stripping headers, or a half-finished custom client.

What to check

• For custom callers, lift the signing logic from crates/nanook-auth/src/signing.rs (Signer::sign) so all four headers are emitted together.
• If a proxy sits in front of the agent, allow-list the x-nanook-* headers so they pass through unchanged.
• For one-off ops, nanook ctl signs every request automatically.