The Problem
If your Sanctum agent talks to Venice AI (a privacy-first inference provider popular in the Sanctum ecosystem) and Venice goes down, the agent stops working. If you want to use OpenRouter for some models and Venice for others, you need two different API clients. If you want to track credit balances across providers, you're writing custom monitoring code for each one.
Sanctum Router
sanctumos/sanctum-router is an OpenAI-compatible proxy that sits between your agent and its AI providers. From the agent's perspective, it's just another OpenAI endpoint. Behind the scenes, the Router handles:
- Multi-provider routing: Configure multiple backends (Venice, OpenRouter, local Ollama, etc.) and the Router picks the best one based on model availability, health, and cost.
- Automatic failover: If a provider goes unhealthy, traffic shifts to the next candidate. No manual intervention needed.
- Credit monitoring: Provider-specific adapters track credit balances with detailed responses including optional error fields.
- Config API: CRUD providers, check health, estimate costs — all via REST endpoints.
- Docker support: Ships with a Dockerfile and entrypoint, plus
--workers 1docs to prevent duplicate monitoring loops.
Security Audit (20 Issues)
Before the v0.1.8 release, the Router went through its own audit:
- Streaming response lifecycle fix — buffer before returning (issue #1).
- Require
ROUTER_ENCRYPTION_KEYwhen storing provider API keys (issue #2). - Constant-time auth comparison (issue #4).
- Narrowed exception handling, CLI boolean parsing fixes (issues #7, #10, #11, #21).
- Comprehensive
docs/set with routing config semantics, encryption rotation guide, and override session documentation.
The Router also introduced provider_type as a first-class database and API field, enabling queries like "show me all OpenRouter providers" or "what's my Venice credit balance?"