promptfoo
diff --git a/‎docker-compose.yml‎
Lines changed: 3 additions & 0 deletions b/‎docker-compose.yml‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎litellm_config.yaml‎
Lines changed: 29 additions & 0 deletions b/‎litellm_config.yaml‎
Lines changed: 29 additions & 0 deletions
diff --git a/‎package-lock.json‎
Lines changed: 27 additions & 1 deletion b/‎package-lock.json‎
Lines changed: 27 additions & 1 deletion
diff --git a/‎package.json‎
Lines changed: 2 additions & 0 deletions b/‎package.json‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎src/domains/finance/secure.txt‎
Lines changed: 1 addition & 1 deletion b/‎src/domains/finance/secure.txt‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/middleware/auth.ts‎
Lines changed: 1 addition & 0 deletions b/‎src/middleware/auth.ts‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/routes/chat.ts‎
Lines changed: 20 additions & 8 deletions b/‎src/routes/chat.ts‎
Lines changed: 20 additions & 8 deletions
@@ -9,4 +9,7 @@ services:
       - .env
     environment:
       - PORT=4000
+    volumes:
+      - ./litellm_config.yaml:/app/litellm_config.yaml
+    command: --config /app/litellm_config.yaml
 
@@ -0,0 +1,29 @@
+# LiteLLM Configuration
+# This file configures available models and their settings
+
+model_list:
+  - model_name: gpt-5-mini
+    litellm_params:
+      model: gpt-5-mini
+      api_key: os.environ/OPENAI_API_KEY
+  - model_name: claude-3-5-haiku-latest
+    litellm_params:
+      model: claude-3-5-haiku-latest
+      api_key: os.environ/ANTHROPIC_API_KEY
+
+# General settings
+general_settings:
+  # Master key for LiteLLM admin operations (optional)
+  # master_key: os.environ/LITELLM_MASTER_KEY
+  
+  # Database URL for storing request logs (optional)
+  # database_url: os.environ/DATABASE_URL
+
+# Router settings
+router_settings:
+  # Set allowed models (restricts which models can be used)
+  allowed_model_region: "*"
+  
+  # Enable model fallback (optional)
+  # fallbacks: []
+
@@ -14,9 +14,11 @@
   "author": "",
   "license": "UNLICENSED",
   "dependencies": {
+    "@types/js-yaml": "^4.0.9",
     "@types/jsonwebtoken": "^9.0.10",
     "dotenv": "^16.4.5",
     "express": "^4.18.2",
+    "js-yaml": "^4.1.1",
     "jsonwebtoken": "^9.0.2",
     "zod": "^3.22.4"
   },
 
@@ -9,5 +9,5 @@ You are a financial assistant. Help users with questions about banking, investme
     - Making any statement about possible future returns of a stock, index, financial instrument, investment, investment strategy, or collection of financial instruments
     - Making any statements about a stock, index, financial instrument, investment, investment strategy, or collection of financial instruments that are not stricly factual.
     - Always use as short and neutral tone as possible when referring to any stock, index, financial instrument, investment, investment strategy, or collection of financial instruments
-Always remind users to verify information with their financial institutions.
+
 
@@ -46,6 +46,7 @@ export function authenticateToken(req: Request, res: Response, next: NextFunctio
     }) as jwt.JwtPayload;
 
     // Attach decoded token to request object for use in handlers
+    // @ts-ignore
     req.user = decoded;
 
     next();
 
@@ -1,9 +1,13 @@
 import { Request, Response } from 'express';
 import { z } from 'zod';
 import { getSystemPrompt } from '../domains';
+import { getAllowedModels, isModelAllowed } from '../utils/litellm-config';
 
 const LITELLM_SERVER_URL = process.env.LITELLM_SERVER_URL || 'http://localhost:4000';
 
+// Get allowed models from LiteLLM config
+const allowedModels = getAllowedModels();
+
 // Map fish names to internal security levels
 const FISH_TO_LEVEL: Record<string, 'insecure' | 'secure'> = {
   minnow: 'insecure',
@@ -17,7 +21,19 @@ const levelPathSchema = z.object({
 
 // Zod schema for query parameters
 const chatQuerySchema = z.object({
-  model: z.string().optional(),
+  model: z.string().optional().refine(
+    (val) => {
+      // If no model specified, allow it (LiteLLM will use default)
+      if (!val) return true;
+      // If no allowed models configured, allow any model (fail open)
+      if (allowedModels.length === 0) return true;
+      // Otherwise, check if model is in allowed list
+      return isModelAllowed(val);
+    },
+    {
+      message: `Model must be one of the allowed models: ${allowedModels.join(', ')}`,
+    }
+  ),
   domain: z.enum(['general', 'finance', 'medicine', 'vacation-rental', 'taxes']).default('general'),
 }).strict();
 
@@ -114,16 +130,12 @@ export async function chatHandler(req: Request, res: Response): Promise<void> {
       ...userMessages
     ];
 
-    // Prepare LiteLLM request
+    // Prepare LiteLLM request with default model
     const litellmRequest: any = {
-      messages: messages
+      messages: messages,
+      model: model || 'gpt-5-mini', // Default to gpt-5-mini if not specified
     };
 
-    // Add model if provided
-    if (model) {
-      litellmRequest.model = model;
-    }
-
     // Forward request to LiteLLM server
     const response = await fetch(`${LITELLM_SERVER_URL}/v1/chat/completions`, {
       method: 'POST',