php-sdk/samples/provisioned-credentials/LiteLLMProvisioner.php at main · agentruntimecontrolprotocol/php-sdk · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
<?php

declare(strict_types=1);

namespace Arcp\Samples\ProvisionedCredentials;

use Arcp\Messages\Permissions\LeaseGranted;
use Arcp\Runtime\Credentials\Credential;
use Arcp\Runtime\Credentials\CredentialProvisioner;
use Arcp\Runtime\JobContext;

/**
 * Reference plug-in sketch for LiteLLM proxy virtual keys.
 *
 * A production implementation would POST to `/key/generate` with
 * max_budget, allowed_models, and expires, then POST `/key/delete` in
 * revoke(). This sample keeps the HTTP client out of core.
 */
final readonly class LiteLLMProvisioner implements CredentialProvisioner
{
    public function __construct(
        private string $endpoint,
        private string $adminToken,
    ) {
    }

    #[\Override]
    public function issue(LeaseGranted $lease, JobContext $ctx): array
    {
        $id = 'litellm_' . substr(hash('sha256', (string) $ctx->jobId), 0, 12);
        return [
            Credential::withLeaseConstraints(
                $id,
                'replace-with-virtual-key-from-' . $this->adminToken,
                rtrim($this->endpoint, '/') . '/v1',
                $lease,
                profile: 'litellm',
            ),
        ];
    }

    #[\Override]
    public function revoke(string $credentialId): void
    {
        // POST /key/delete with the virtual key id.
    }
}