Merge branch 'main' into salmanap/dynamic-models

2026-06-26 15:39:40 +02:00 · 2026-01-16 16:32:16 -08:00 · 2026-01-16 16:32:16 -08:00 · a2572d0d7f
commit a2572d0d7f
parent 34711c6f9d cdc1d7cee2
25 changed files with 472 additions and 160 deletions
--- a/config/arch_config_schema.yaml
+++ b/config/arch_config_schema.yaml
@ -1,4 +1,4 @@
-$schema: "http://json-schema.org/draft-07/schema#"
+$schema: 'http://json-schema.org/draft-07/schema#'
 type: object
 properties:
  version:
@ -109,12 +109,12 @@ properties:
  endpoints:
    type: object
    patternProperties:
-      "^[a-zA-Z][a-zA-Z0-9_]*$":
+      '^[a-zA-Z][a-zA-Z0-9_]*$':
        type: object
        properties:
          endpoint:
            type: string
-            pattern: "^.*$"
+            pattern: '^.*$'
          connect_timeout:
            type: string
          protocol:
@ -143,6 +143,9 @@ properties:
          type: boolean
        base_url:
          type: string
+        passthrough_auth:
+          type: boolean
+          description: "When true, forwards the client's Authorization header to upstream instead of using the configured access_key. Useful for routing to services like LiteLLM that validate their own virtual keys."
        http_host:
          type: string
        provider_interface:
@ -187,6 +190,9 @@ properties:
          type: boolean
        base_url:
          type: string
+        passthrough_auth:
+          type: boolean
+          description: "When true, forwards the client's Authorization header to upstream instead of using the configured access_key. Useful for routing to services like LiteLLM that validate their own virtual keys."
        http_host:
          type: string
        provider_interface:
@ -219,7 +225,7 @@ properties:
  model_aliases:
    type: object
    patternProperties:
-      "^.*$":
+      '^.*$':
        type: object
        properties:
          target:
--- a/config/test_passthrough.yaml
+++ b/config/test_passthrough.yaml
@ -0,0 +1,37 @@
+# Test configuration for passthrough_auth feature
+# This config demonstrates forwarding client's Authorization header to upstream
+# instead of using a configured access_key.
+#
+# Use case: Deploying Plano in front of LiteLLM, OpenRouter, or other LLM proxies
+# that manage their own API key validation.
+#
+# To test:
+#   docker build -t plano-passthrough-test .
+#   docker run -d -p 10000:10000 -v $(pwd)/config/test_passthrough.yaml:/app/arch_config.yaml plano-passthrough-test
+#
+#   curl http://localhost:10000/v1/chat/completions \
+#     -H "Authorization: Bearer sk-your-virtual-key" \
+#     -H "Content-Type: application/json" \
+#     -d '{"model": "gpt-4o", "messages": [{"role": "user", "content": "Hello"}]}'
+
+version: v0.3.0
+
+listeners:
+  - name: llm
+    type: model
+    port: 10000
+
+model_providers:
+  # Passthrough auth example - forwards client's Authorization header
+  # Replace base_url with your LiteLLM or proxy endpoint
+  - model: openai/gpt-4o
+    base_url: 'https://litellm.example.com'
+    passthrough_auth: true
+    default: true
+
+  # Example with both passthrough_auth and access_key (access_key will be ignored)
+  # This configuration will trigger a warning during startup
+  - model: openai/gpt-4o-mini
+    base_url: 'https://litellm.example.com'
+    passthrough_auth: true
+    access_key: 'this-will-be-ignored'