From d50f83ac2d39a3ae91616d6012924133c6c94acb Mon Sep 17 00:00:00 2001 From: salvacybersec Date: Sun, 5 Apr 2026 14:42:38 +0300 Subject: [PATCH] docs(03-03): complete tier 5 infrastructure/gateway providers plan --- .../03-tier-3-9-providers/03-03-SUMMARY.md | 92 +++++++++++++++++++ 1 file changed, 92 insertions(+) create mode 100644 .planning/phases/03-tier-3-9-providers/03-03-SUMMARY.md diff --git a/.planning/phases/03-tier-3-9-providers/03-03-SUMMARY.md b/.planning/phases/03-tier-3-9-providers/03-03-SUMMARY.md new file mode 100644 index 0000000..a1e6b92 --- /dev/null +++ b/.planning/phases/03-tier-3-9-providers/03-03-SUMMARY.md @@ -0,0 +1,92 @@ +--- +phase: 03-tier-3-9-providers +plan: 03 +subsystem: providers +tags: [providers, gateway, infrastructure, tier5] +requires: [PROV-02, PROV-10] +provides: [PROV-05] +affects: [pkg/providers, pkg/engine] +tech_stack_added: [] +patterns: [dual-location YAML, keyword-only detection, high-confidence prefix regex] +key_files_created: + - providers/openrouter.yaml + - providers/litellm.yaml + - providers/cloudflare-ai.yaml + - providers/vercel-ai.yaml + - providers/portkey.yaml + - providers/helicone.yaml + - providers/martian.yaml + - providers/kong.yaml + - providers/bricksai.yaml + - providers/aether.yaml + - providers/notdiamond.yaml + - pkg/providers/definitions/openrouter.yaml + - pkg/providers/definitions/litellm.yaml + - pkg/providers/definitions/cloudflare-ai.yaml + - pkg/providers/definitions/vercel-ai.yaml + - pkg/providers/definitions/portkey.yaml + - pkg/providers/definitions/helicone.yaml + - pkg/providers/definitions/martian.yaml + - pkg/providers/definitions/kong.yaml + - pkg/providers/definitions/bricksai.yaml + - pkg/providers/definitions/aether.yaml + - pkg/providers/definitions/notdiamond.yaml +key_files_modified: [] +decisions: + - "Use tight sk-or-v1-[a-f0-9]{64} regex for OpenRouter high-confidence matches, with broader sk-or- fallback at medium confidence" + - "Use tight sk-helicone-[a-z0-9]{7}-... regex matching Helicone's documented 4-group format" + - "LiteLLM uses low-confidence sk- regex (format is user-defined per deployment); rely primarily on keyword anchors like LITELLM_MASTER_KEY" + - "Cloudflare Workers AI uses low-confidence generic token regex with high entropy (4.5) since CF tokens share format with non-AI tokens" + - "5 providers (Martian, Kong, BricksAI, Aether, Not Diamond) use keyword-only detection — no documented public key formats" +metrics: + tasks_completed: 2 + files_created: 22 + commits: 2 +--- + +# Phase 03 Plan 03: Tier 5 Infrastructure/Gateway Providers Summary + +Added 11 Tier 5 infrastructure/gateway provider YAMLs (OpenRouter, LiteLLM, Cloudflare Workers AI, Vercel AI Gateway, Portkey, Helicone, Martian, Kong, BricksAI, Aether, Not Diamond) using documented prefix regex where available and keyword-only detection otherwise, satisfying PROV-05. + +## What Was Built + +- **High-confidence prefix regex** for providers with documented key formats: + - OpenRouter: `sk-or-v1-[a-f0-9]{64}` (high) + `sk-or-[A-Za-z0-9]{40,}` (medium) + - Helicone: `sk-helicone-[a-z0-9]{7}-[a-z0-9]{7}-[a-z0-9]{7}-[a-z0-9]{7}` (high) +- **Low-confidence patterns** with strong keyword anchors: + - LiteLLM: generic `sk-` with `LITELLM_MASTER_KEY` / `LITELLM_PROXY_API_KEY` keywords + - Cloudflare Workers AI: generic 40-char token with CF env-var keywords +- **Keyword-only detection** (no patterns field) for 5 providers without documented public key formats: Martian, Kong, BricksAI, Aether, Not Diamond. Relies on the Aho-Corasick keyword pre-filter established in plan 01-02. +- **Verify endpoints** populated where the provider exposes an auth-check route (OpenRouter, Cloudflare, Portkey, Helicone); empty stubs for others. + +## Tasks Completed + +| Task | Name | Commit | +| ---- | ------------------------------------------------------------------- | ------- | +| 1 | OpenRouter, LiteLLM, Cloudflare, Vercel, Portkey, Helicone YAMLs | a9ee75e | +| 2 | Martian, Kong, BricksAI, Aether, Not Diamond YAMLs | c8d326c | + +## Verification Results + +- `go test ./pkg/providers/... -count=1` — PASS +- `go test ./pkg/engine/... -count=1` — PASS +- `grep -l 'tier: 5' providers/*.yaml | wc -l` — 11 +- All 22 files dual-located (providers/ + pkg/providers/definitions/) and byte-identical. +- OpenRouter `sk-or-v1-` prefix present; Helicone `sk-helicone-` prefix present; LiteLLM `LITELLM_MASTER_KEY` keyword present. +- Martian, Kong, BricksAI, Aether, Not Diamond all omit `patterns:` field (verified via `grep -L`). + +## Deviations from Plan + +None — plan executed exactly as written. + +## Known Stubs + +Verify endpoints for LiteLLM, Vercel AI Gateway, Martian, Kong, BricksAI, Aether, and Not Diamond are intentionally empty (no public verification endpoint). These satisfy schema requirements and will be wired by Phase 5 verification engine only if/when endpoints become documented. This matches the keyword-only detection strategy — presence, not liveness, is what these providers assert. + +## Self-Check: PASSED + +- FOUND: providers/openrouter.yaml, providers/litellm.yaml, providers/cloudflare-ai.yaml, providers/vercel-ai.yaml, providers/portkey.yaml, providers/helicone.yaml +- FOUND: providers/martian.yaml, providers/kong.yaml, providers/bricksai.yaml, providers/aether.yaml, providers/notdiamond.yaml +- FOUND: all 11 mirrored files under pkg/providers/definitions/ +- FOUND: commit a9ee75e +- FOUND: commit c8d326c