AI Provider Routing
Route extraction and assisted workflows through workspace-configured encrypted provider keys.
AI calls use provider configuration owned by the organization.
The app should not assume one hard-coded provider for every workspace. Provider selection starts from available, valid keys and can honor workspace defaults.
Routing principles
| Principle | Reason |
|---|---|
| BYOK first | Firms keep control of provider access and cost exposure. |
| Encrypted storage | API keys are sensitive workspace secrets. |
| Runtime validation | Provider configuration must be checked before calls run. |
| Structured errors | Provider failures must be visible enough for retry and support. |
| Bounded prompts | Long documents are chunked before extraction. |
Cloudflare fallback
Cloudflare routing can use AI Gateway when available and fall back to native Workers AI when Gateway access is unavailable but Workers AI is permitted.
Fallbacks should be explicit and observable. A slower or failing model should not silently make documents look complete when extraction did not succeed.