Separate credentials
ThrottleProxy keys authenticate callers to the proxy and are stripped before the upstream request.
AI application operations
ThrottleProxy can place workspace authentication, exact destination policy, queue and resource limits, and sanitized lifecycle evidence around a reviewed AI API integration. Provider authentication remains a separate explicit concern.
Practical boundaries
ThrottleProxy keys authenticate callers to the proxy and are stripped before the upstream request.
Use one public provider hostname or an explicit one-level wildcard rather than arbitrary user-supplied URLs.
Queue, concurrency, request size, response size, idle, and absolute-duration caps protect shared resources.
Local traffic shaping does not bypass provider quotas, contracts, or availability.
Use redacted stage, status, and timing context rather than prompts, response bodies, tokens, or query values.
Validate one non-sensitive workflow before expanding destinations or traffic volume.
The implemented diagnostic path is designed to retain safe lifecycle metadata rather than raw request or response bodies.
No. Proxy credentials are stripped upstream. Provider authentication requires a separate explicit mechanism that is not connected today.
No. Queueing can shape local bursts, but provider quotas, errors, latency, and availability remain authoritative.
Use one workspace key, one exact public host, and non-sensitive test traffic.