Claude-code-plugins openrouter-compliance-review

install

source · Clone the upstream repo

git clone https://github.com/jeremylongshore/claude-code-plugins-plus-skills

Claude Code · Install into ~/.claude/skills/

T=$(mktemp -d) && git clone --depth=1 https://github.com/jeremylongshore/claude-code-plugins-plus-skills "$T" && mkdir -p ~/.claude/skills && cp -r "$T/plugins/saas-packs/openrouter-pack/skills/openrouter-compliance-review" ~/.claude/skills/jeremylongshore-claude-code-plugins-openrouter-compliance-review && rm -rf "$T"

manifest: plugins/saas-packs/openrouter-pack/skills/openrouter-compliance-review/SKILL.md

OpenRouter Compliance Review

Overview

OpenRouter is a proxy that routes requests to upstream providers (OpenAI, Anthropic, Google, etc.). Compliance depends on both OpenRouter's data handling and the selected provider's policies. Key considerations: data transit through OpenRouter infrastructure, provider-specific data retention, model selection for regulated data, and audit trail requirements.

Compliance Checklist

COMPLIANCE_CHECKLIST = {
    "data_handling": [
        "Verify OpenRouter does NOT train on your data (confirmed in their privacy policy)",
        "Confirm provider-level data policies (OpenAI, Anthropic, Google each differ)",
        "Document data flow: your app -> OpenRouter -> provider -> OpenRouter -> your app",
        "Identify if prompts contain PII, PHI, or regulated data",
        "Implement PII redaction before sending to API",
    ],
    "access_control": [
        "Use per-service API keys (not shared keys)",
        "Set credit limits per key to isolate blast radius",
        "Rotate keys on a 90-day schedule",
        "Store keys in secrets manager (not .env files in repos)",
        "Enable management keys for programmatic key provisioning",
    ],
    "audit_trail": [
        "Log every API call with generation_id, model, user_id, cost",
        "Hash prompts (SHA-256) instead of logging raw content",
        "Retain audit logs per regulation (90d operational, 7yr financial)",
        "Ship logs to append-only storage (S3, immutable DB)",
    ],
    "provider_selection": [
        "Route regulated data only to compliant providers",
        "Use provider routing to exclude non-compliant providers",
        "Document which models are approved for which data classifications",
        "Test that fallback routing doesn't route to unapproved providers",
    ],
}

Provider Routing for Compliance

import os
from openai import OpenAI

client = OpenAI(
    base_url="https://openrouter.ai/api/v1",
    api_key=os.environ["OPENROUTER_API_KEY"],
    default_headers={"HTTP-Referer": "https://my-app.com", "X-Title": "my-app"},
)

# Route ONLY to specific providers (e.g., Anthropic for SOC2)
response = client.chat.completions.create(
    model="anthropic/claude-3.5-sonnet",
    messages=[{"role": "user", "content": "Analyze this contract..."}],
    max_tokens=2048,
    extra_body={
        "provider": {
            "order": ["Anthropic"],        # Only Anthropic's infrastructure
            "allow_fallbacks": False,       # Do NOT fall back to other providers
        },
    },
)

# Verify which provider actually served the request
print(f"Served by: {response.model}")  # Should match anthropic/claude-3.5-sonnet

Data Classification Matrix

Classification	Allowed Providers	Controls
Public	Any (including `:free` )	Standard logging
Internal	Tier 1 (OpenAI, Anthropic, Google)	Audit logging, key limits
Confidential	Anthropic, OpenAI (API-only)	PII redaction, no free models
Restricted/PHI	BYOK only or self-hosted	Full audit, encryption at rest

BYOK for Data Sovereignty

# Bring Your Own Key -- requests go directly to provider
# OpenRouter acts as router only; data doesn't persist on OpenRouter
response = client.chat.completions.create(
    model="openai/gpt-4o",
    messages=[{"role": "user", "content": "Process this..."}],
    max_tokens=1024,
    extra_body={
        "provider": {
            "order": ["OpenAI"],
            "allow_fallbacks": False,
        },
    },
    # With BYOK, configure your provider key in OpenRouter dashboard
    # Data flows: your app -> OpenRouter (routing only) -> OpenAI (your account)
)

Compliance Audit Script

#!/bin/bash
echo "=== OpenRouter Compliance Audit ==="

# 1. Verify API key has credit limit set
echo "1. Key configuration:"
curl -s https://openrouter.ai/api/v1/auth/key \
  -H "Authorization: Bearer $OPENROUTER_API_KEY" | \
  jq '{label: .data.label, limit: .data.limit, is_free_tier: .data.is_free_tier}'

# 2. Check if using free tier (not suitable for regulated data)
IS_FREE=$(curl -s https://openrouter.ai/api/v1/auth/key \
  -H "Authorization: Bearer $OPENROUTER_API_KEY" | jq -r '.data.is_free_tier')
[ "$IS_FREE" = "true" ] && echo "WARNING: Free tier. Not suitable for regulated data."

# 3. Scan for hardcoded keys in source
FOUND=$(grep -r "sk-or-v1-" --include="*.py" --include="*.ts" --include="*.js" . 2>/dev/null | grep -v node_modules | wc -l)
echo "Hardcoded keys found: $FOUND"

Error Handling

Error	Cause	Fix
Request routed to unapproved provider	`allow_fallbacks: true` (default)	Set `allow_fallbacks: false` with explicit `order`
Key exposed in logs	Raw API key logged	Add PII redaction for `sk-or-v1-*` pattern
No audit trail for request	Logging middleware bypassed	Make audit logging a required wrapper
Free model used for regulated data	No model allowlist	Implement model allowlist in client wrapper

Enterprise Considerations

OpenRouter does not train on API data, but upstream providers may have different terms for API vs consumer use
Use
```
provider.order
```
+
```
allow_fallbacks: false
```
to guarantee data only flows to approved providers
BYOK eliminates OpenRouter as a data processor for inference (routing metadata still transits)
Document the data flow diagram for auditors: client -> OpenRouter (routing) -> provider (inference)
Implement client-side PII redaction as defense-in-depth
Consider self-hosted or VPC deployments for restricted/PHI data

References

Examples | Errors
Privacy Policy | Provider Routing