Routing security and audit controls
The gateway is designed around official upstream trust, tenant isolation, bearer key authentication, audit logs, fallback evidence, and explicit proxy risk approval.
Bearer key gate
OpenAI-compatible model endpoints require Authorization: Bearer srly-... and must not expose model usage to anonymous browser requests.
Proxy risk boundary
Non-official gateway routing requires allow_proxy_router=true, proxy risk acknowledgement, risk reason, network boundary, audit owner, and credential custody details.
Rollback posture
Risk events, upstream health, ledger actions, and key changes should be auditable and reversible through documented rollback notes.