feat(rust): add lossless encrypted inference transport#87
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (2)
🚧 Files skipped from review as they are similar to previous changes (2)
📝 WalkthroughWalkthroughThe Rust SDK adds a lossless encrypted inference transport for raw HTTP requests and responses, including SSE decryption, route and header validation, retry handling, and public request/response types. Typed chat completion helpers now use this transport, and SDK documentation and tests cover the new behavior. ChangesLossless encrypted inference transport
Estimated code review effort: 4 (Complex) | ~60 minutes Sequence Diagram(s)sequenceDiagram
participant Caller
participant OpenSecretClient
participant InferenceEndpoint
Caller->>OpenSecretClient: Raw inference request
OpenSecretClient->>InferenceEndpoint: Encrypted request with sanitized headers
InferenceEndpoint-->>OpenSecretClient: Encrypted JSON or SSE response
OpenSecretClient-->>Caller: Decrypted response bytes or typed chunks
Possibly related PRs
Poem
🚥 Pre-merge checks | ✅ 4✅ Passed checks (4 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
Deploying opensecret-sdk with
|
| Latest commit: |
4a1ecf0
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://d6da0fb5.opensecret-sdk.pages.dev |
| Branch Preview URL: | https://codex-maple-agent-read-permi.opensecret-sdk.pages.dev |
Summary
send_inference_requestAPI for lossless encrypted inference transportContract and security
The transport does not parse or rewrite request JSON, including
stream,stream_options, provider-specific fields, large integers, or whitespace. It preserves the final OpenSecret status, safe headers, decrypted non-streaming bytes, and SSE framing (including[DONE]).API-key access remains restricted to an exact inference allowlist: models, model catalog, chat completions, embeddings, speech, and transcriptions. Account and conversation routes cannot be reached through this API. Credential, session, representation, integrity, and hop-by-hop headers are removed at the trust boundary.
Compatibility
Existing typed callers keep their current signatures and behavior:
stream: falsestream: trueand usage chunksError::ApiValidation
cargo fmt --all -- --checkcargo clippy --all-targets --all-features -- -D warningsRUSTDOCFLAGS="-D warnings" cargo doc --no-deps --all-featurescargo package --allow-dirtyverifies the 3.4.0 packageRelease order
After this merges, publish
opensecret3.4.0. The dependentmaple-proxy0.1.12 and Maple changes are already validated locally against this branch and will follow in dependency order.Summary by CodeRabbit
send_inference_request, enabling raw HTTP request/response passthrough.