Part of #23. Depends on F1.A, F1.B, F2.B, F2.C.
Background
src/routes/models/route.ts:16-24 re-emits every upstream model verbatim. With aliases configured, clients should see only enabled aliases AND only those their key permits.
Goal
/v1/models returns the intersection of (config-enabled aliases) and (caller's allowed_models scope from F2.C auth middleware).
Tasks
Acceptance criteria
curl -H "Authorization: Bearer sk-cap-…" /v1/models reflects config + scope- Hot-reload of config (F1.A) propagates to next request without server restart
- No upstream
/models call required once state.models is populated
File pointers
- Touch:
src/routes/models/route.ts
- Reads from:
src/lib/config-store.ts, request.context.key set by F2.C
Dependencies
Depends on F1.A, F1.B, F2.B, F2.C.
Part of #23. Depends on F1.A, F1.B, F2.B, F2.C.
Background
src/routes/models/route.ts:16-24re-emits every upstream model verbatim. With aliases configured, clients should see only enabled aliases AND only those their key permits.Goal
/v1/modelsreturns the intersection of (config-enabled aliases) and (caller'sallowed_modelsscope from F2.C auth middleware).Tasks
for each alias where enabled && allowed_keys includes "*" || includes key.id) && key.allowed_models matches → emit alias entry with id=alias-name, owned_by, etc.Modelshape:{id, object: "model", created, owned_by}--no-authmode: caller has implicit["*"]scope (synthetic admin key)/v1/modelsparity (if exposed)Acceptance criteria
curl -H "Authorization: Bearer sk-cap-…" /v1/modelsreflects config + scope/modelscall required oncestate.modelsis populatedFile pointers
src/routes/models/route.tssrc/lib/config-store.ts,request.context.keyset by F2.CDependencies
Depends on F1.A, F1.B, F2.B, F2.C.