Skip to content

feat(provider): allow scoped LLM provider injection (#243)#249

Open
rodboev wants to merge 1 commit into
NVIDIA:mainfrom
rodboev:pr/provider-injection-243
Open

feat(provider): allow scoped LLM provider injection (#243)#249
rodboev wants to merge 1 commit into
NVIDIA:mainfrom
rodboev:pr/provider-injection-243

Conversation

@rodboev

@rodboev rodboev commented Jul 4, 2026

Copy link
Copy Markdown
Contributor

Summary

Embedding applications can now bind a governed in-process LLM provider for the current scan context. That lets hosts reuse their existing completion API without exporting raw keys, invoking an agent CLI, or monkeypatching SkillSpector internals.

Closes #243

Root cause

Provider selection lived entirely behind SKILLSPECTOR_PROVIDER and the built-in fallback chain. Every public helper routed through _select_active_provider(), but that selector had no scoped override for a provider object that the embedding application already owns.

Diff Notes

  • Add a ContextVar-backed provider binding API in skillspector.providers.
  • Keep the existing env/default provider dispatch when no provider is bound.
  • Keep default-model, LLM availability, and MCP scan accounting paths working for injected providers that own a native chat model but do not expose raw credentials.
  • Cover metadata, active-provider, credential, chat-model, reset, nested-token, availability, and MCP accounting behavior in focused tests.

Scope

This does not add a new provider family, credential store, CLI transport, or graph-level policy. The hook stays in the provider adapter layer, and MCP scan accounting only observes whether a provider is bound for the current context.

Attribution

The upstream issue proposed the ContextVar binding shape; this PR implements that design in the existing provider selector.

Verification

  • .\.venv\Scripts\python.exe -m pytest tests/unit/test_providers.py -k "injected_provider"
  • .\.venv\Scripts\python.exe -m pytest tests/unit/test_providers.py -k "provider_token"
  • .\.venv\Scripts\python.exe -m pytest tests/unit/test_providers.py -k "injected_provider or provider_token"
  • .\.venv\Scripts\python.exe -m pytest tests/unit/test_llm_utils.py -k "injected_provider or llm_available or GetChatModel"
  • .\.venv\Scripts\python.exe -m pytest tests/unit/test_mcp_server.py -k "bound_provider or llm_available"
  • .\.venv\Scripts\python.exe -m pytest tests/unit/test_llm_utils.py tests/unit/test_mcp_server.py -k "injected_provider or bound_provider"
  • .\.venv\Scripts\python.exe -m pytest tests/unit/test_llm_utils.py -k "does_not_fall_back"
  • .\.venv\Scripts\python.exe -m pytest tests/unit/test_providers.py tests/unit/test_llm_utils.py tests/unit/test_mcp_server.py tests/nodes/test_build_context.py
  • uv run ruff check src/ tests/
  • uv run ruff format --check src/ tests/

Signed-off-by: Rod Boev <rod.boev@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[Feature] Let an embedding application inject an LLM provider

1 participant