patient_llm 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +10 -0
  3. data/README.md +11 -6
  4. data/VERSION +1 -1
  5. data/lib/patient_llm/configuration.rb +20 -0
  6. data/patient_llm.gemspec +1 -1
  7. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 7873a0b7daf57787415d4484495a17f130cbf3a14137613799651aa0007f2d63
4
- data.tar.gz: 728755787c1a52c805ebd70eaf163fae702d55b9525325b101b9dae571ad1652
3
+ metadata.gz: 7ba366158096a79e3180cb63c1a03741d88536fb787b42852f2bcb5dc61b0181
4
+ data.tar.gz: e507e79956d2e3534c5de85646bbfb0973c7253cb4db266ac4c721cea9201cf0
5
5
  SHA512:
6
- metadata.gz: c101043564f214413f1a50b3536d56eff6f611e227013cc26507fd7b8465f1554bb6922de98f736f0712bda809afa2654bf1c366740c8b5ca3e673074e5738d7
7
- data.tar.gz: 80d9a476d5fbe99a96946558a1d847c7faad08250584f9d0b5b452d6faeb906066d64b9c5e822139aed84f22d41c0059e035d59cefc9dc75979b8c4bffb7fd20
6
+ metadata.gz: edfb6fc58609f0b7b7733b9e5729877318f2bbe7bdec15a7aeddff05f0a1d75f1c8c47683a3431154a5267e8f5099c1a0271b4520cc3b56fec4df9e1b3228048
7
+ data.tar.gz: 5075e4c627595ee0d99795726a0071378e6529ca2db9ac11228740781e8e0764d44e44fa624156c30ce4675aa85978f6bdaf93d4693e8068e5305791413cadbf
data/CHANGELOG.md CHANGED
@@ -4,6 +4,16 @@ All notable changes to this project will be documented in this file.
4
4
  The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
5
5
  and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
6
6
 
7
+ ## 0.2.0
8
+
9
+ ### Added
10
+
11
+ - Requires authentication headers to be set up as secrets using `PatientHttp.secret`. This is enforced and an error will be raised if plain text values are included for any of the following headers in the provider configuration: `authorization`, `x-api-key`, `x-goog-api-key`, `api-key`.
12
+
13
+ ### Changed
14
+
15
+ - Requires patient_http version 1.1 or higher.
16
+
7
17
  ## 0.1.0
8
18
 
9
19
  ### Added
data/README.md CHANGED
@@ -27,25 +27,30 @@ Without a handler, `PatientLLM.ask` raises `RuntimeError: No request handler reg
27
27
 
28
28
  ### Configuration
29
29
 
30
- Register your LLM providers with their API base URLs and authentication headers:
30
+ Register your LLM providers with their API base URLs and authentication headers. Authentication headers must be registered using the PatientHttp secrets manager. This ensures that these values are never included in the serialized payloads in the job queue, and are only attached to the request at dispatch time.
31
31
 
32
32
  ```ruby
33
33
  PatientLLM.configure do |config|
34
34
  config.provider :openai,
35
35
  url: "https://api.openai.com",
36
- headers: {"Authorization" => "Bearer #{ENV["OPENAI_API_KEY"]}"}
36
+ headers: {"authorization" => PatientHttp.secret("openai.bearer_token")}
37
37
 
38
38
  config.provider :anthropic,
39
39
  url: "https://api.anthropic.com",
40
- headers: {"x-api-key" => ENV["ANTHROPIC_API_KEY"]},
40
+ headers: {"x-api-key" => PatientHttp.secret("anthropic.api_key")},
41
41
  serializer: :messages
42
42
  end
43
+
44
+ # Register the API keys as secrets with the PatientHttp secrets manager. This example
45
+ # is for the Sidekiq integration, but the pattern is the same for SolidQueue.
46
+ PatientHttp::Sidekiq.configure do |config|
47
+ config.register_secret("openai.bearer_token") { "Bearer #{ENV.fetch("OPENAI_API_KEY")}" }
48
+ config.register_secret("anthropic.api_key") { ENV.fetch("ANTHROPIC_API_KEY") }
49
+ end
43
50
  ```
44
51
 
45
52
  > [!NOTE]
46
- > Authentication headers configured on the provider are re-attached to every request at dispatch time and are persisted in the asynchronous job payload.
47
- >
48
- > You should set up encryption for you job payloads to prevent leaking credentials. See the documentation for [patient_http-sidekiq](https://github.com/bdurand/patient_http-sidekiq#sensitive-data-handling) or [patient_http-solid_queue](https://github.com/bdurand/patient_http-solid_queue#sensitive-data-handling) for details.
53
+ > You can also set up encryption for your job payloads to ensure the entire serialized payload is always encrypted in the job queue. See the documentation for [patient_http-sidekiq](https://github.com/bdurand/patient_http-sidekiq#sensitive-data-handling) or [patient_http-solid_queue](https://github.com/bdurand/patient_http-solid_queue#sensitive-data-handling) for details.
49
54
 
50
55
  ### Creating a Callback Class
51
56
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.1.0
1
+ 0.2.0
data/lib/patient_llm/configuration.rb CHANGED
@@ -1,6 +1,11 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module PatientLLM
4
+ # Headers that must be setup to use the secrets manager. If any of these headers
5
+ # are included in the provider configuration, an error will be raised unless their
6
+ # values are set up as secrets using `PatientHttp.secret`.
7
+ AUTHENTICATION_HEADERS = ["authorization", "x-api-key", "x-goog-api-key", "api-key"].freeze
8
+
4
9
  # Configuration for provider registry.
5
10
  #
6
11
  # @example
@@ -30,6 +35,8 @@ module PatientLLM
30
35
  raise ArgumentError, "Unknown serializer: #{sym.inspect}. Valid options: #{PatientLLM::VALID_SERIALIZERS.map(&:inspect).join(", ")}"
31
36
  end
32
37
 
38
+ ensure_auth_headers_use_secrets!(headers)
39
+
33
40
  @providers[name.to_s] = {
34
41
  url: url,
35
42
  headers: headers,
@@ -46,5 +53,18 @@ module PatientLLM
46
53
  def lookup(name)
47
54
  @providers[name&.to_s]
48
55
  end
56
+
57
+ private
58
+
59
+ def ensure_auth_headers_use_secrets!(headers)
60
+ headers.each do |header_name, header_value|
61
+ normalized_header_name = header_name.to_s.downcase
62
+ next unless AUTHENTICATION_HEADERS.include?(normalized_header_name)
63
+
64
+ if header_value && !header_value.is_a?(PatientHttp::SecretReference)
65
+ raise ArgumentError, "Authentication header #{header_name} must be set up as a secret using `PatientHttp.secret`"
66
+ end
67
+ end
68
+ end
49
69
  end
50
70
  end
data/patient_llm.gemspec CHANGED
@@ -37,7 +37,7 @@ Gem::Specification.new do |spec|
37
37
 
38
38
  spec.required_ruby_version = ">= 3.0"
39
39
 
40
- spec.add_dependency "patient_http"
40
+ spec.add_dependency "patient_http", "~> 1.1"
41
41
  spec.add_dependency "prompt_builder"
42
42
 
43
43
  spec.add_development_dependency "bundler"
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: patient_llm
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Brian Durand
@@ -13,16 +13,16 @@ dependencies:
13
13
  name: patient_http
14
14
  requirement: !ruby/object:Gem::Requirement
15
15
  requirements:
16
- - - ">="
16
+ - - "~>"
17
17
  - !ruby/object:Gem::Version
18
- version: '0'
18
+ version: '1.1'
19
19
  type: :runtime
20
20
  prerelease: false
21
21
  version_requirements: !ruby/object:Gem::Requirement
22
22
  requirements:
23
- - - ">="
23
+ - - "~>"
24
24
  - !ruby/object:Gem::Version
25
- version: '0'
25
+ version: '1.1'
26
26
  - !ruby/object:Gem::Dependency
27
27
  name: prompt_builder
28
28
  requirement: !ruby/object:Gem::Requirement