Show HN: I built an OSS alternative to Azure OpenAI services (github.com)
Azure OpenAI services was born out of companies needing enhanced security and access control for using different GPT models. I want to build an OSS version of Azure OpenAI services that people could self host in their own infrastructure.
"How can I track LLM spend per API key?"
"Can I create a development OpenAI API key with limited access for Bob?"
"Can I see my LLM spend breakdown by models and endpoints?"
"Can I create 100 OpenAI API keys that my students could use in a classroom setting?"
These are questions that BricksLLM helps you answer.
BricksLLM is an API gateway that let you create API keys with rate limit, cost control and ttl that could be used to access all OpenAI and Anthropic endpoints with out of box analytics.
When I first started building with OpenAI APIs, I was constantly worried about API keys being comprised since vanilla OpenAI API keys would grant you unlimited access to all of their models. There are stories of people losing thousands of dollars and the existence of a black market for stolen OpenAI API keys.
This is why I started building a proxy for ourselves that allows for the creation of API keys with rate limits and cost controls. I built BricksLLM in Go since that was the language I used to build performative ads exchanges that scaled to thousands of requests per second at my previous job. A lot of developer tools in LLM ops are built with Python which I believe might be suboptimal in terms of performance and compute resource efficiency.
One of the challenges building this platform is to get accurate token counts for different OpenAI and Anthropic models. LLM providers are not exactly transparent with the way how they count prompt and completion tokens. In addition to user input, OpenAI and Anthropic pad prompt inputs with additional instructions or phrases that contribute to the final token counts. For example, Anthropic's actual completion token consumption is consistently 4 more than the token count of the completion output.
The latency of the gateway hovers around 50ms. Half of the latency comes from the tokenizer. If I start utilizing Go routines, might be able to lower the latency of the gateway to 30ms.
BricksLLM is not an observability platform, but we do provide integration with Datadog so you can get more insights regarding what is going on inside the proxy. Compared to other tools in the LLMOps space, I believe that BricksLLM has the most comprehensive features when it comes to access control.
Let me know what you guys think.
63 comments
[ 3.0 ms ] story [ 138 ms ] threadThe whole point of using Azure OpenAI over plain OpenAI is the fact that your data doesn't get donated to OpenAI for training (this solves "compliance" for enterprise customers that need it), which you're not solving (because you obviously can't run the OpenAI models in your own data center).
The OpenAI API also allows opting out of training the OpenAI for training. If you are referring to something else with data, happy to learn.
https://help.openai.com/en/articles/5722486-how-your-data-is...
"API
OpenAI does not use data submitted to and generated by our API to train OpenAI models or improve OpenAI’s service offering. In order to support the continuous improvement of our models, you can fill out this form to opt-in to share your data with us. "
Source: https://openai.com/enterprise-privacy
https://mitta.ai uses these API calls, has an Open Source code base for inspection, a strong user privacy policy, and doesn't store data in transit, other than documents that are uploaded. I'm working on TTLs for the files stored, so there is no data left behind (other than what might be stored by the user in the DB).
https://techcrunch.com/2023/03/01/addressing-criticism-opena...
They said only if they opt in not that they wouldn’t do it.
And they used to and could change those terms again after the market matures and developers have deeply integrated application investments.
Plenty of companies have followed this strategy in the past.
Let’s not oversimplify the situation as it was a recent change as well…
> We will only use Customer Content as necessary to provide you with the Services, comply with applicable law, and enforce OpenAI Policies. We will not use Customer Content to develop or improve the Services.
[0]: https://openai.com/policies/business-terms
> “Services” means any services for businesses and developers we make available for purchase or use, along with any of our associated software, tools, developer services, documentation, and websites, but excluding any Third Party Offering.
Of course it's still language, and one can quibble with any language, but it's reasonably restrictive.
At the end of the day you can’t blindly trust your data is safe, even with a solid contract (bad actors exist, after all). So whatever you do, do it at your own risk.
I can understand preferring the Azure endpoints, but let’s be accurate about what the policies are.
The value proposition of Azure OpenAI to the enterprise is that it's bound by the Enterprise Agreement for not just data-use, but data access writ-large. I don't want my data to be accessible for *any reason* by a vendor that isn't covered explicitly in the EA.
While OpenAI says they delete your data after 30-days I have no contract or agreement in place that ensures that, or that within those 30-days they don't have carte blanche to my data for whatever else they may want to do with it.
The Azure OpenAI agreement *explicitly* states they only store my data for 30-days and can *only* access it if they suspect abuse of the service according to the ToC and our EA, which is no different than for other Azure services on my tenant. IIRC that's only after notifying me as well, and cannot exfiltrate that data even if they access it.
My comment is not dissing on the author, I'm just pointing out what most folks get from Azure is compliance (and maybe safety), and an OSS cannot solve that (unless they're running some other models in owned infrastructure or on-prem).
Let alone if you are a SaaS your customers may demand it.
To be fair, this doesn't prevent problems. Paperwork doesn't plug any security gaps in any cloud provider.
Everyone gets popped eventually. It's your job to show you operated from a commercially reasonable security posture (and potentially your third party dependency graph, depending on regulatory and cyber insurance requirements).
(i report to a CISO, and we report to a board, thoughts and opinions are my own)
That sounds like an interesting role. How did you get there? Did you start as a security analyst and work your way up?
Be interesting to people who can provide you opportunity, and ask whenever an opportunity presents itself. If you don’t ask, the answer is default no. Being genuinely curious and desiring to help doesn't hurt either.
They may be tedious as fuck to implement and make what should be simple work take forever, but there are plenty of compliance checklists out there that really do give you security.
I have done work with government and defence. Ad hominem stuff is really pointless.
Even beyond enterprise thought people seem to think that the only thing their data is good for as far as OpenAI is concerned is for training-datasets, but that's just not the case.
The authors of this have built something great, but it doesn't protect you from any of those non-training use-cases.
By the way, I saw this after a quick glance poking through the code. This isn't encryption, it is hashing. Not sure where or how it is used but it is worth a rename at least: https://github.com/bricks-cloud/BricksLLM/blob/main/internal...
This isn’t really feasible to implement if your app runs on lambda or edge functions, you’d need a persistent server.
Here’s a diagram I drew of a simple approach that came to mind: https://gist.github.com/b0o/a73af0c1b63fccf3669fa4b00ac4be52
It would be awesome to see this functionality built into BricksLLM.
https://aws.amazon.com/about-aws/whats-new/2023/11/amazon-be...
https://github.com/BerriAI/litellm
Any comparison or contrast you would point out?
* Litellm is declarative and it let you define everything in yaml * Bricks is not declarative and you control everything via API
* Litellm does not have an UI * Bricks has a non open source UI
* Litellm is written in python * Bricks is written in Golang
* Litellm does not persist rate limits. Therefore can't accurately rate limit across distributed instances * Bricksllm let you create API keys with accurate rate limits and spend limits that work across distributed instances
* Litellm provides high level spend metrics on API keys * Bricks provides granular spend, request and latency metrics breakdown by model and custom id
* Litellm is not compatible with OpenAI SDK. You have to adopt Litellm python client * Bricks is designed to be compatible with OpenAI SDK
* Litellm only supports OpenAI completion and embedding * Bricks supports almost all OpenAI endpoints except image and audio
* Litellm has exact request caching * Bricks does not have caching as for now
* Litellm has OpenTelemetry integration * Bricks has statsd integration
* Litellm supports orchestration of API calls. When this API call fails, use this model or call this API endpoint instead * Bricks does not support orchestration of API calls since I believe that it is something that the client should handle
- LiteLLM Proxy IS Exactly Compatible with the OpenAI SDK
``` import openai
client = openai.OpenAI( api_key="anything", # proxy key - if set base_url="http://0.0.0.0:8000" # proxy url )
# request sent to model set on litellm proxy,
response = client.chat.completions.create(model="gpt-3.5-turbo", messages = [ { "role": "user", "content": "this is a test request, write a short poem" } ])
print(response)
``` Docs - https://docs.litellm.ai/docs/proxy/quick_start
Demo: https://gptcache.ashishb.net/