groq-enterprise-rbac

# Groq Enterprise Access Management ## Overview Manage team access to Groq's inference API through API key strategy, model-level routing controls, spending limits, and usage monitoring. Groq uses flat API keys (`gsk_` prefix) with no built-in scoping -- access control is implemented at the application layer. ## Groq Access Model - **API keys** are per-organization, not per-user - **No built-in scopes** -- every key has full API access - **Rate limits** are per-organization, shared across all keys - **Spending limits** are configurable in the Groq Console - **Projects** allow creating isolated API keys with separate limits ## Instructions ### Step 1: API Key Strategy ```typescript // Create separate keys per team/service via Groq Console Projects // Each project gets its own API key and can have independent rate limits // Key naming convention: {team}-{environment}-{purpose} const KEY_REGISTRY = { // Each team gets a separate Groq Project "chatbot-prod": "gsk_...", // Project: chatbot-production "chatbot-staging": "gsk_...", // Project: chatbot-staging "analytics-prod": "gsk_...", // Project: analytics-production "batch-processor": "gsk_...", // Project: batch-processing } as const; ``` ### Step 2: Application-Level Model Access Control ```typescript // Since Groq keys don't have model scoping, implement it in your gateway interface TeamConfig { allowedModels: string[]; maxTokensPerRequest: number; monthlyBudgetUsd: number; r...