Skip to content

6. LLM provider management: write tools (BYOM) #415

Description

@mocha06

Final phase of the milestone. Depends on #411 (read/probe surface).

Tools

MCP CLI
create_llm_provider pipefy ai-provider create
update_llm_provider pipefy ai-provider update
delete_llm_provider pipefy ai-provider delete
set_llm_provider_active_status pipefy ai-provider set-active-status
set_default_llm_provider pipefy ai-provider default set
reset_default_llm_provider pipefy ai-provider default reset

Scope

  • Secret handling: MCP and CLI accept provider configuration only via a local configuration_file_path (JSON), never inline arguments; configuration values are never logged, echoed in errors, or returned. Examples use placeholders only. Create/update tools stay excluded from the remote profile.
  • Update sends a full replacement configuration (API contract); create requires name.
  • Verify and document the recommended update flow against a lab organization before publishing docs: whether a fetched (redacted) configuration can be edited and sent back without re-supplying secrets.
  • Default set/reset are organization-scoped; setting the default requires exactly one of provider_id / system_provider_id.
  • Docs note that provider management requires organization admin permissions and an eligible plan. Deletes require confirmation; CLI writes gated on the access probe.
  • Probe gating contract (raised in the 2. LLM provider discovery: read tools and access probe #411 review): validate_llm_provider_access can return ok: true with a non-null problem — when the API returns partial data alongside GraphQL errors, the probe surfaces the classified error rather than discarding it, and deliberately does not flip ok. Write-gating must therefore treat a clean gate as ok: true and problem absent; a present problem is partial denial and must not be read as full access. As part of this phase, polish the 2. LLM provider discovery: read tools and access probe #411 probe docs/messages (docs/mcp/tools/llm-providers.md, probe docstrings, CLI validate-access) to state this contract explicitly.

Acceptance

  • Full SDK + MCP + CLI parity, docs/parity.md, skills updated end-to-end (validate → create/list provider → set behavior provider ID).
  • Tests assert no configuration content in logs, errors, or tool responses.
  • Write-gating treats a probe with a non-null problem as not-clean (partial denial is never read as full access), and the 2. LLM provider discovery: read tools and access probe #411 probe docs state the clean-gate contract explicitly.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Relationships

None yet

Development

No branches or pull requests

Issue actions