--- phase: 02-tier-1-2-providers plan: 01 subsystem: providers tags: [providers, yaml, detection, tier-1] requires: [pkg/providers/schema.go, pkg/providers/loader.go, pkg/providers/registry.go] provides: [google-ai provider, vertex-ai provider, aws-bedrock provider, xai provider, upgraded openai provider, upgraded anthropic provider] affects: [pkg/providers/definitions (embedded)] tech_stack: added: [] patterns: [dual-location provider YAML, go:embed definitions] key_files: created: - providers/google-ai.yaml - providers/vertex-ai.yaml - providers/aws-bedrock.yaml - providers/xai.yaml - pkg/providers/definitions/google-ai.yaml - pkg/providers/definitions/vertex-ai.yaml - pkg/providers/definitions/aws-bedrock.yaml - pkg/providers/definitions/xai.yaml modified: - providers/openai.yaml - providers/anthropic.yaml - pkg/providers/definitions/openai.yaml - pkg/providers/definitions/anthropic.yaml decisions: - "AWS Bedrock uses empty verify URL — SigV4 signing deferred to Phase 5 verification engine" - "Anthropic api03/admin01 patterns use exact {93}AA suffix per TruffleHog reference" - "OpenAI legacy T3BlbkFJ middle-segment pattern retained for historical key detection" metrics: duration: ~3 min completed: 2026-04-05 tasks: 2 files: 12 requirements: [PROV-01] --- # Phase 02 Plan 01: Tier 1 High-Confidence Provider YAMLs Summary Defined 6 Tier 1 LLM provider YAML specs (2 upgraded, 4 new) with distinctive prefix regexes and verify endpoints; registry now loads 24 providers total (was 20). ## What Was Built **Task 1 — Upgrade OpenAI and Anthropic YAMLs** (commit c0d3add) - OpenAI: added `sk-svcacct-` service-account pattern and legacy `sk-...T3BlbkFJ...` middle-segment pattern. Keywords extended with `sk-svcacct-`, `sk-none-`, `t3blbkfj`. Total 3 patterns. - Anthropic: added mandatory `AA` trailing suffix to api03 pattern (93-char body) and added new `sk-ant-admin01-` admin-key pattern. Total 2 patterns. - Synced to `pkg/providers/definitions/` for `go:embed`. **Task 2 — New Providers** (commit d74200b) - `google-ai.yaml`: `AIzaSy[A-Za-z0-9_\-]{33}` — Gemini API key pattern, verify via `generativelanguage.googleapis.com/v1/models?key={KEY}`. - `vertex-ai.yaml`: Same `AIzaSy` pattern at medium confidence, verify via aiplatform Bearer token. - `aws-bedrock.yaml`: `ABSK[A-Za-z0-9+/]{109,269}={0,2}` high-confidence long-token, plus `AKIA[0-9A-Z]{16}` medium fallback. Verify URL intentionally empty (SigV4 deferred). - `xai.yaml`: `xai-[0-9a-zA-Z_]{80}` — Grok 80-character token. ## Verification Results - `go test ./pkg/providers/... -count=1 -v` → PASS (5 tests). - Registry runtime load reports 24 providers including: openai (3 patterns), anthropic (2), google-ai (1), vertex-ai (1), aws-bedrock (2), xai (1). - All regex patterns compile under Go RE2. - Dual-location diff check passed for all 12 files. ## Deviations from Plan None — plan executed exactly as written. ## Known Stubs - AWS Bedrock `verify.url` is empty and `valid_status`/`invalid_status` are empty arrays. This is intentional: Bedrock requires AWS SigV4 signing which will be implemented in Phase 5 (verification engine). Noted in decisions. ## Commits - c0d3add — feat(02-01): upgrade OpenAI and Anthropic provider YAMLs - d74200b — feat(02-01): add Google AI, Vertex AI, AWS Bedrock, xAI providers ## Self-Check: PASSED - FOUND: providers/google-ai.yaml - FOUND: providers/vertex-ai.yaml - FOUND: providers/aws-bedrock.yaml - FOUND: providers/xai.yaml - FOUND: pkg/providers/definitions/google-ai.yaml - FOUND: pkg/providers/definitions/vertex-ai.yaml - FOUND: pkg/providers/definitions/aws-bedrock.yaml - FOUND: pkg/providers/definitions/xai.yaml - FOUND commit: c0d3add - FOUND commit: d74200b