version: "3.8"

services:
  # ── Vulnerable LiteLLM (v1.61.0 — health endpoint leaks API keys) ──
  litellm-vuln:
    build: ./litellm-vuln
    container_name: litellm-cve-11203-vuln
    ports:
      - "4000:4000"
    volumes:
      - ./litellm_config.yaml:/app/config.yaml
    environment:
      LITELLM_MASTER_KEY: sk-litellm-master-key
    restart: unless-stopped

  # ── Fixed LiteLLM (v1.63.14+ — sanitizes API keys from health output) ─
  litellm-fixed:
    image: ghcr.io/berriai/litellm:v1.83.10-stable
    container_name: litellm-cve-11203-fixed
    ports:
      - "4001:4000"
    volumes:
      - ./litellm_config.yaml:/app/config.yaml
    environment:
      LITELLM_MASTER_KEY: sk-litellm-master-key
    profiles:
      - fixed
    restart: unless-stopped