Speedshop OpenRouter Coding Agent Guardrail
Create and update opinionated OpenRouter guardrail for trying new models in coding agents.
What This Guardrail Enforces
- Only thinking/reasoning models. Models must expose OpenRouter
reasoningorinclude_reasoningsupport. - Only models with at least 128k context. Coding agents need room for large repositories and long-running sessions.
- Only models with prompt cache. Coding agents become unusably expensive without this.
- Only US-based inference. Rule of law and security concerns in other jurisdictions.
- Minimum latency/throughput. No likes a slow coding agent.
- No OpenAI-provided or Anthropic models by default. OpenAI OSS models can pass when served by an allowed non-OpenAI provider.
Important
This action does not attach API keys to a guardrail. You still need to do that in OpenRouter.
Use the shared workflow
Call this workflow from another repo:
name: Update OpenRouter Guardrail on: schedule: - cron: '0 6 * * *' workflow_dispatch: concurrency: group: update-openrouter-guardrail cancel-in-progress: true jobs: update: uses: speedshop/openrouter-us-only-cached-guardrail/.github/workflows/guardrail.yml@main with: guardrail_name: ${{ vars.OPENROUTER_GUARDRAIL_NAME }} include_openai: "false" include_google: "true" include_anthropic: "false" upload_artifacts: "false" secrets: OPENROUTER_PROVISIONING_KEY: ${{ secrets.OPENROUTER_PROVISIONING_KEY }}
Inputs
| Input | Required | Default | Description |
|---|---|---|---|
guardrail_name |
No | US Cached Models Only |
Guardrail name |
min_throughput_p50 |
No | 50 |
Minimum throughput (p50, tok/sec) |
max_latency_p50 |
No | 2000 |
Maximum latency (p50, ms) |
include_openai |
No | false |
Include the OpenAI provider |
include_google |
No | true |
Include Google models and providers |
include_anthropic |
No | false |
Include Anthropic models and provider |
upload_artifacts |
No | false |
Upload endpoint-report.csv |
Secrets
| Secret | Required | Description |
|---|---|---|
OPENROUTER_PROVISIONING_KEY |
Yes | OpenRouter key |
Action inputs
| Input | Required | Default | Description |
|---|---|---|---|
provisioning_key |
Yes | — | OpenRouter key |
guardrail_name |
No | US Cached Models Only |
Guardrail name |
include_openai |
No | false |
Include the OpenAI provider |
include_google |
No | true |
Include Google models and providers |
include_anthropic |
No | false |
Include Anthropic models and provider |
upload_artifacts |
No | false |
Upload endpoint-report.csv |
Secrets and vars
- Add
OPENROUTER_PROVISIONING_KEYas a secret:- Settings > Secrets and variables > Actions
- Get the key from https://openrouter.ai/settings/keys
- (Optional) Add
OPENROUTER_GUARDRAIL_NAMEas a variable:- Settings > Secrets and variables > Actions
Local use
Run the scripts to test or debug:
./scripts/fetch-providers.sh OPENROUTER_PROVISIONING_KEY="your-key-here" ./scripts/fetch-cached-models.sh export OPENROUTER_PROVISIONING_KEY="your-key-here" ./scripts/update-guardrail.sh
Performance filter
The model list is also filtered by endpoint performance (p50 over the last 30 minutes). Only endpoints from US providers count, and endpoint tags with explicit non-US region suffixes, such as /eu, are excluded.
- Minimum throughput: 50 tok/sec
- Maximum latency: 2000 ms
Override with env vars:
OPENROUTER_MIN_THROUGHPUT_P50OPENROUTER_MAX_LATENCY_P50
Available models output
If you are curious what this repo allows right now, check the artifacts from the scheduled workflow in this repo: Demo Update OpenRouter Guardrail.
Contributing
This is a personal tool. You can fork it.