Fix compute module startup by loading OpenRouter key from Sources

[anand-testcompare]

Why

Compute module replicas were failing to start because the app requires OPENROUTER_API_KEY at FastAPI lifespan startup.

What changed

• Read OpenRouter API key from compute module Sources via SOURCE_CREDENTIALS (supports additionalSecretOpenRouterApiKey and apiKey).
• Keep DSPY_PROVIDER=local as the explicit escape hatch.
• Enable Palantir MCP tools in opencode.jsonc so Foundry source/egress setup can be automated.

Summary by CodeRabbit

• New Features

  • Added OpenCode Palantir integration configuration to control agent behaviors, tool access, Foundry URL/token handling, and discovery-focused agent modes.
  • Added support for resolving OpenRouter API keys from stored credential sources as an alternative to environment variables.

• Improvements

  • Improved error messaging and LLM provider handling (including OpenRouter model name normalization) for clearer configuration feedback.

[railway-app]

🚅 Deployed to the dspy-reference-examples-pr-17 environment in dspy-reference-example

Service	Status	Web	Updated (UTC)
dspy-reference-examples	✅ Success (View Logs)	Web	Feb 14, 2026 at 10:33 pm

[coderabbitai]

Walkthrough

Adds an OpenCode Palantir integration configuration file and extends LLM configuration to load OpenRouter API keys from a SOURCE_CREDENTIALS JSON file (with env fallback), prefixing OpenRouter model names when needed and binding the resolved API key into LLM config.

Changes

Cohort / File(s)	Summary
OpenCode Palantir Integration opencode.jsonc	New configuration defining plugin/model/tool toggles for Palantir, mcp entry for palantir-mcp (local command + FOUNDLY token env), two agents (foundry-librarian, foundry) with detailed tool whitelists/blacklists, and Foundry API URL/token handling.
Credential and Config Handling src/common/config.py	Added internal helpers to read JSON credentials from SOURCE_CREDENTIALS, resolve OPENROUTER_API_KEY from credential sources (with configurable source/field precedence) and environment, updated load_llm_config to use the resolved key and prefix OpenRouter model names with openrouter/ when missing.

Poem

🐇 A little rabbit hops the wire,
Found tokens tucked and keys afire,
Two agents sniff the documentation trail,
Configs aligned — a tidy tale,
Hooray for neat config bits and bytes!

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: loading the OpenRouter API key from Sources to fix compute module startup. It directly addresses the primary objective and is specific to the core fix.
Merge Conflict Detection	✅ Passed	✅ No merge conflicts detected when merging into main

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/openrouter-source-credentials

---

No actionable comments were generated in the recent review. 🎉

🧹 Recent nitpick comments

opencode.jsonc (1)

62-62: Consider whether get_or_create_network_egress_policy belongs in the librarian agent.

The foundry-librarian agent is described as focused on "exploration and context gathering" with write operations disabled. However, get_or_create_network_egress_policy can create network egress policies, not just read them. If the intent is to keep this agent read-only, consider setting this to false for the librarian and keeping it enabled only for the execution agent.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}