feat(tpsc): Third-Party Services Catalog (CUST-WP-0023)
Introduces TPSC for tracking external service dependencies with GDPR
compliance maturity (CNIL/IAPP CMMI scale), pricing model, ToS, and
data retention information across all repos.
Primary data:
- canon/tpsc/{openai,anthropic,gemini,openrouter}-api.yaml — service definitions
- tpsc.yaml in each repo (llm-connect seeded with 4 services)
State-hub additions:
- Migration j7e8f9a0b1c2: tpsc_catalog + tpsc_snapshots + tpsc_entries
- api/models/tpsc.py, api/schemas/tpsc.py, api/routers/tpsc.py
- /tpsc/catalog/, /tpsc/ingest/, /tpsc/snapshots/, /tpsc/report/gdpr endpoints
- 4 MCP tools: register_service, list_services, ingest_tpsc_tool, get_gdpr_report
- scripts/ingest_tpsc.py + make ingest-tpsc[/-all] targets
- Dashboard: tpsc.md page + docs/tpsc.md
GDPR maturity scale: unknown | non_compliant | initial | developing | defined | managed | certified
Warnings triggered at: unknown, non_compliant, initial
Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
27
canon/tpsc/openrouter-api.yaml
Normal file
27
canon/tpsc/openrouter-api.yaml
Normal file
@@ -0,0 +1,27 @@
|
||||
slug: openrouter-api
|
||||
name: OpenRouter API
|
||||
provider: OpenRouter, Inc.
|
||||
category: llm_routing
|
||||
website_url: https://openrouter.ai
|
||||
pricing_model: usage_based
|
||||
gdpr_maturity: initial
|
||||
gdpr_notes: >
|
||||
OpenRouter is a US-based routing proxy for multiple LLM providers.
|
||||
Privacy policy exists but as of early 2026 no formal DPA or SCCs are
|
||||
publicly available. Requests are forwarded to underlying providers
|
||||
(OpenAI, Anthropic, Google, Mistral, etc.) each with their own data
|
||||
handling. GDPR compliance is therefore dependent on both OpenRouter
|
||||
and the selected downstream model provider. Not recommended for
|
||||
processing personal data in corporate/regulated environments without
|
||||
a signed DPA. Suitable for development, prototyping, model comparison.
|
||||
Reference: https://openrouter.ai/privacy
|
||||
dpa_available: false
|
||||
tos_url: https://openrouter.ai/terms
|
||||
privacy_policy_url: https://openrouter.ai/privacy
|
||||
data_processing_regions:
|
||||
- us
|
||||
data_retention_notes: >
|
||||
Requests forwarded to upstream providers. OpenRouter may log requests
|
||||
for billing and abuse prevention. Retention policy not formally published.
|
||||
Downstream provider retention policies apply per selected model.
|
||||
status: active
|
||||
Reference in New Issue
Block a user