Gateway

Use https://proxy.orionslock.com/{provider}/... such as /openai/v1/chat/completions or /anthropic/v1/messages.

X-Pulse-Key authenticates to Pulse. Authorization is forwarded as the upstream provider key unless a virtual key or key pool is configured.

Required for gateway requests. Missing key returns MISSING_PULSE_KEY. Invalid Pulse key returns INVALID_PULSE_KEY.

Invalid upstream provider credentials are surfaced separately as UPSTREAM_AUTH_FAILED or upstream provider errors.

Optional POST retry key. Duplicates return a replayed response when captured or a stable conflict/fingerprint response.

Metadata headers are captured and propagated to logs for attribution.

Optional end-user attribution header for tenant-side analytics.

Streaming responses are passed through while Pulse captures bounded chunks for cost, trace, and response-side checks.

Fallback chains only run after policy gates pass and are explicit; Pulse does not silently reroute to unrelated providers.

X-Pulse-Base-URL is allowed only for approved custom hosts and is protected by SSRF guards.

MISSING_PULSE_KEY, INVALID_PULSE_KEY, STALE_TIMESTAMP, BODY_TOO_LARGE, RATE_LIMITED, IDEMPOTENCY_CONFLICT, BUDGET_EXCEEDED, GOVERNOR_BLOCKED, THREATPRINT_BLOCKED, OUTPUT_FIREWALL_BLOCKED, UPSTREAM_AUTH_FAILED, UPSTREAM_ERROR, FINALIZE_DEGRADED.