Skip to content

feat: Provider-agnostic LLM abstraction to support OpenAI, Bedrock, and Ollama #15

Description

@Nanle-code

Overview

The LLM enhancement layer is hardcoded to Anthropic Claude, blocking teams on OpenAI, AWS Bedrock, or self-hosted models from using AI-powered findings enhancement. A provider abstraction removes this vendor lock-in.

Proposed Abstraction

export interface LLMProvider {
  name: string;
  complete(prompt: string, systemPrompt?: string): Promise<string>;
}

export interface LLMProviderConfig {
  provider: 'anthropic' | 'openai' | 'bedrock' | 'ollama' | 'custom';
  model?: string;
  apiKey?: string;
  baseUrl?: string;        // for Ollama / self-hosted
  region?: string;         // for AWS Bedrock
  customProvider?: LLMProvider;
}

Provider Targets

Provider Default Model
Anthropic claude-sonnet-4-20250514
OpenAI gpt-4o
AWS Bedrock anthropic.claude-3-5-sonnet
Ollama llama3 (localhost:11434)

Config File Support

{
  "llm": {
    "provider": "openai",
    "model": "gpt-4o",
    "apiKey": "${OPENAI_API_KEY}"
  }
}

Env variable interpolation supported in config values.

CLI Flags

chainproof scan contracts/ --llm-provider openai --llm-model gpt-4o --api-key sk-...

Acceptance Criteria

  • LLMProvider interface and LLMProviderConfig type exported from core
  • Anthropic, OpenAI, and Ollama provider implementations
  • AWS Bedrock provider behind optional peer dependency
  • customProvider field in ScanConfig
  • --llm-provider and --llm-model CLI flags
  • Config file llm block with env var interpolation
  • Full backward compatibility with existing --api-key and ANTHROPIC_API_KEY
  • Providers are lazy-loaded — no SDK imported if provider not used

Metadata

Metadata

Assignees

Labels

GrantFox OSSIssue tracked in GrantFox OSSMaybe RewardedIssue may be eligible for a GrantFox rewardOfficial CampaignCampaign: Official CampaignenhancementNew feature or request

Type

No type
No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions