feat(deepseek): add Passthrough support and PassthroughSemanticEnricher

[sonSunnoi]

Summary

• Implement Passthrough() on the DeepSeek provider, enabling /p/deepseek/... routes including FIM at /beta/completions
• Add PassthroughSemanticEnricher for audit-path tagging (deepseek.chat_completions, deepseek.fim_completions), registered in Registration
• Add deepseek to the default EnabledPassthroughProviders list across all five locations: config.go, passthrough_support.go, config.example.yaml, README.md, docs/features/passthrough-api.mdx
• Fix: add nil guards to Responses() and StreamResponses() for consistency with CompatibleProvider
• Docs: document intentional reasoning field deletion in adaptChatRequest

Why

DeepSeek was the only provider with first-class chat support but no passthrough. This blocked access to DeepSeek-native endpoints (notably /beta/completions for fill-in-the-middle/FIM) without direct API calls. With this PR, /p/deepseek/<any-endpoint> works out of the box.

Test Plan

• go test ./internal/providers/deepseek/... -race — passthrough auth, header forwarding, 4xx status preservation, nil request, interface compliance, enricher (all cases including NormalizedEndpoint precedence)
• go test ./config/... -race — default provider list assertions updated
• go test ./internal/server/... -race — TestProviderPassthrough_RejectsUnsupportedProvider updated for new default list
• go test ./internal/providers/... -race — all 16 provider packages pass
• go test $(go list ./... | grep -v tests/perf) -race — full suite green (perf tests are pre-existing failures unrelated to this change)

Notes

• tests/perf failures (TestHotPathPerfGuard) are pre-existing on main and unrelated to this change (confirmed by running against unmodified code)
• DeepSeek has no native embeddings, files, or batches API — those remain correctly stubbed/absent
• Unknown reasoning_effort values continue to pass through (existing intentional behavior, covered by TestNormalizeReasoningEffort)

Summary by CodeRabbit

• New Features

  • DeepSeek passthrough support added, enabling direct forwarding of passthrough requests to DeepSeek.

• Documentation

  • Docs and config examples updated to list DeepSeek among enabled passthrough providers by default.

• Bug Fixes / Behavior

  • Server default passthrough provider defaults were adjusted (affects whether DeepSeek is enabled without config).

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR adds passthrough request support for the DeepSeek provider. It introduces a semantic enricher to map endpoints to operations, implements the Passthrough method with validation, updates configuration defaults to include deepseek, and adds comprehensive test coverage for the new functionality.

Changes

DeepSeek Passthrough Support

Layer / File(s)	Summary
Passthrough Semantic Enrichment internal/providers/deepseek/passthrough_semantics.go, internal/providers/deepseek/passthrough_semantics_test.go	Introduces passthroughSemanticEnricher that maps DeepSeek endpoints (/chat/completions, /beta/completions) to semantic operations and audit paths. Unknown endpoints receive a fallback path format /p/deepseek/{endpoint}. Full test coverage for ProviderType, nil handling, and endpoint mapping.
Provider Passthrough Implementation internal/providers/deepseek/deepseek.go	DeepSeek registration now includes the passthrough semantic enricher. New Passthrough method forwards raw HTTP requests with method, body, and headers to the client, and returns status/headers/body. Nil validation added to Responses and StreamResponses methods. Inline comment enhancements for reasoning transformation logic.
Provider Tests internal/providers/deepseek/deepseek_test.go	Comprehensive test coverage for passthrough implementation, nil validation, and interface compliance. Tests verify Bearer auth forwarding, custom header preservation, query string and method/body forwarding, non-2xx status code handling, response body passthrough, and PassthroughProvider interface assertion.
Configuration Defaults config/config.go, config/config.example.yaml, config/config_test.go, internal/server/passthrough_support.go	Configuration code and examples now include deepseek in the default enabled passthrough providers list; internal server default list explicitly omits deepseek. Tests updated to expect deepseek in provider lists where applicable.
Documentation & Integration README.md, docs/features/passthrough-api.mdx, internal/server/handlers_test.go	Provider feature table updated to show deepseek passthrough support. Environment variable documentation examples include deepseek. Integration test expectations updated for error messages listing enabled providers.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• ENTERPILOT/GoModel#285: Modifies DeepSeek provider integration and registration with responses/translation functionality.
• ENTERPILOT/GoModel#298: Changes related to passthrough routing/enrichment and PassthroughRouteInfo propagation.

Poem

🐰 I hopped along the passthrough trail,

Where headers, paths, and bodies sail,
Enriched the routes, I kept them neat,
Tests in tow with steady feet,
DeepSeek hops forward — carrot treat!

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 10.53% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the main changes: adding Passthrough support and PassthroughSemanticEnricher to the DeepSeek provider, which aligns with the core functionality implemented across the PR.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[greptile-apps]

Greptile Summary

This PR adds first-class passthrough support for the DeepSeek provider, enabling /p/deepseek/<any-endpoint> routes (including /beta/completions for FIM) and registers a PassthroughSemanticEnricher for audit-path tagging. It also adds nil guards to Responses() and StreamResponses(), documents the intentional reasoning field deletion, and updates the deepseek default in all five config/docs locations.

• Passthrough() method added to deepseek.Provider, following the exact same pattern as the Anthropic and OpenAI providers (auth injected via setHeaders, DoPassthrough on the llmclient.Client, headers cloned with CloneHTTPHeaders).
• PassthroughSemanticEnricher tags /chat/completions → deepseek.chat_completions and /beta/completions → deepseek.fim_completions; unknown endpoints fall back to a /p/deepseek/<endpoint> audit path.
• Default provider list updated in config.go, passthrough_support.go, config.example.yaml, README.md, and docs/features/passthrough-api.mdx; CLAUDE.md was not updated and still shows the pre-DeepSeek default.

Confidence Score: 4/5

Safe to merge; the change is well-scoped and follows the established pattern used by Anthropic and OpenAI providers.

The implementation is a clean port of the existing Anthropic/OpenAI passthrough plumbing into DeepSeek, with thorough unit tests covering auth forwarding, header propagation, 4xx preservation, nil guards, and interface compliance. The only omission is that CLAUDE.md retains the old ENABLED_PASSTHROUGH_PROVIDERS default, which could mislead future AI-assisted development in this repo.

CLAUDE.md still lists the old passthrough provider default; all other locations were updated correctly.

Important Files Changed

Filename	Overview
internal/providers/deepseek/deepseek.go	Adds Passthrough() method following the established provider pattern; nil guards added to Responses() and StreamResponses(); doc comment added for delete(raw, "reasoning")
internal/providers/deepseek/passthrough_semantics.go	New passthroughSemanticEnricher mirrors the Anthropic/OpenAI enricher pattern exactly; correctly tags /chat/completions and /beta/completions, falls back to /p/deepseek/<endpoint> for unknowns
internal/providers/deepseek/passthrough_semantics_test.go	Good table-driven coverage of enricher cases; unknown-endpoint test omits a SemanticOperation == "" assertion, leaving a minor regression gap
internal/providers/deepseek/deepseek_test.go	Comprehensive new tests for Passthrough: bearer auth forwarding, header forwarding, 4xx status preservation, nil-request guard, and interface-compliance assertion
internal/server/passthrough_support.go	Minimal one-line change adding deepseek to defaultEnabledPassthroughProviders; no logic changed
config/config.go	Adds deepseek to the slice in buildDefaultConfig; paired with matching config_test.go update
CLAUDE.md	Not changed in this PR but contains the outdated ENABLED_PASSTHROUGH_PROVIDERS default (openai,anthropic,openrouter,zai,vllm) that was updated in all other five locations

Sequence Diagram

sequenceDiagram
    participant Client
    participant Server as GoModel Server
    participant Enricher as PassthroughSemanticEnricher
    participant Provider as DeepSeek Provider
    participant DS as api.deepseek.com

    Client->>Server: POST /p/deepseek/beta/completions
    Server->>Server: isEnabledPassthroughProvider("deepseek")
    Server->>Server: normalizePassthroughEndpoint("beta/completions")
    Server->>Enricher: "Enrich(info{RawEndpoint: "/beta/completions"})"
    Enricher-->>Server: "info{SemanticOp: "deepseek.fim_completions", AuditPath: "/beta/completions"}"
    Server->>Provider: "Passthrough(ctx, req{Endpoint: "/beta/completions"})"
    Provider->>Provider: "DoPassthrough -> setHeaders (Bearer auth)"
    Provider->>DS: POST /beta/completions
    DS-->>Provider: 200 OK + body
    Provider-->>Server: "PassthroughResponse{StatusCode:200, Body}"
    Server-->>Client: 200 OK + body (audit logged as /beta/completions)

Loading

Comments Outside Diff (1)

1. CLAUDE.md, line 115 (link)

   CLAUDE.md default list not updated

   The PR updates ENABLED_PASSTHROUGH_PROVIDERS in five locations (README, config.example.yaml, config.go, passthrough_support.go, docs/features/passthrough-api.mdx) but CLAUDE.md line 115 still lists the old default openai,anthropic,openrouter,zai,vllm without deepseek. This file is the primary reference guide for AI-assisted development in the repo, so future AI agents using it as context will propose an outdated default when generating or reviewing passthrough config.

_{Reviews (1): Last reviewed commit: "feat(deepseek): add deepseek to default ..." | Re-trigger Greptile}

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

config/config.go (1)

516-523: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Update the EnabledPassthroughProviders default comment to include deepseek.

Implementation now includes deepseek, but the field comment above still documents the old default list.

Suggested fix

 	// EnabledPassthroughProviders lists the provider types enabled on
 	// /p/{provider}/... passthrough routes. Default:
-	// ["openai", "anthropic", "openrouter", "zai", "vllm"].
+	// ["openai", "anthropic", "openrouter", "zai", "vllm", "deepseek"].
 	EnabledPassthroughProviders []string `yaml:"enabled_passthrough_providers" env:"ENABLED_PASSTHROUGH_PROVIDERS"`

As per coding guidelines: Keep the implementation explicit and maintainable rather than relying on clever abstractions.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@config/config.go` around lines 516 - 523, The struct field comment for
EnabledPassthroughProviders is out of sync with its default values; update the
comment above the EnabledPassthroughProviders field in config/config.go to list
the current defaults including "deepseek" (match the slice: "openai",
"anthropic", "openrouter", "zai", "vllm", "deepseek") so the docstring
accurately reflects the implemented default providers; keep phrasing consistent
with surrounding field comments.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/features/passthrough-api.mdx`:
- Line 148: The env default list uses the variable ENABLED_PASSTHROUGH_PROVIDERS
with value "openai,anthropic,openrouter,zai,vllm,deepseek" but the "Current
limitations" bullet list omits "deepseek", creating an inconsistency; update the
documentation so both places match—either add "deepseek" to the earlier bullet
list describing default-enabled providers or remove "deepseek" from the
ENABLED_PASSTHROUGH_PROVIDERS example value—ensure you modify the referenced
symbol ENABLED_PASSTHROUGH_PROVIDERS and the "Current limitations" provider
bullet so they show the same default set and add a one-line note when/how to
change the default if needed.

In `@internal/providers/deepseek/deepseek.go`:
- Around line 198-205: In Provider.Passthrough, add validation to reject
requests where req.Method or req.Endpoint are empty strings before calling
p.client.DoPassthrough: check req.Method == "" and req.Endpoint == "" (or
either) and return core.NewInvalidRequestError with a clear message and
underlying nil, so empty Method/Endpoint on core.PassthroughRequest are blocked
at the boundary (refer to Provider.Passthrough, core.PassthroughRequest, and
providers.PassthroughEndpoint in the diff).

---

Outside diff comments:
In `@config/config.go`:
- Around line 516-523: The struct field comment for EnabledPassthroughProviders
is out of sync with its default values; update the comment above the
EnabledPassthroughProviders field in config/config.go to list the current
defaults including "deepseek" (match the slice: "openai", "anthropic",
"openrouter", "zai", "vllm", "deepseek") so the docstring accurately reflects
the implemented default providers; keep phrasing consistent with surrounding
field comments.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: ab455586-3fe3-4480-a23f-39df8c1f0eca

📥 Commits

Reviewing files that changed from the base of the PR and between 233b8e6 and 49a4ba4.

📒 Files selected for processing (11)

• README.md
• config/config.example.yaml
• config/config.go
• config/config_test.go
• docs/features/passthrough-api.mdx
• internal/providers/deepseek/deepseek.go
• internal/providers/deepseek/deepseek_test.go
• internal/providers/deepseek/passthrough_semantics.go
• internal/providers/deepseek/passthrough_semantics_test.go
• internal/server/handlers_test.go
• internal/server/passthrough_support.go

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Validate empty passthrough method/endpoint before forwarding.

nil is handled, but empty Method/Endpoint can still slip through and lead to unintended upstream calls (for example, implicit/default method behavior). Add explicit validation at this boundary.

Proposed patch

 func (p *Provider) Passthrough(ctx context.Context, req *core.PassthroughRequest) (*core.PassthroughResponse, error) {
 	if req == nil {
 		return nil, core.NewInvalidRequestError("passthrough request is required", nil)
 	}
+	if strings.TrimSpace(req.Method) == "" {
+		return nil, core.NewInvalidRequestError("passthrough method is required", nil)
+	}
+	if strings.TrimSpace(req.Endpoint) == "" {
+		return nil, core.NewInvalidRequestError("passthrough endpoint is required", nil)
+	}
 	resp, err := p.client.DoPassthrough(ctx, llmclient.Request{
 		Method:        req.Method,
 		Endpoint:      providers.PassthroughEndpoint(req.Endpoint),
 		RawBodyReader: req.Body,
 		Headers:       req.Headers,

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@internal/providers/deepseek/deepseek.go` around lines 198 - 205, In
Provider.Passthrough, add validation to reject requests where req.Method or
req.Endpoint are empty strings before calling p.client.DoPassthrough: check
req.Method == "" and req.Endpoint == "" (or either) and return
core.NewInvalidRequestError with a clear message and underlying nil, so empty
Method/Endpoint on core.PassthroughRequest are blocked at the boundary (refer to
Provider.Passthrough, core.PassthroughRequest, and providers.PassthroughEndpoint
in the diff).

[greptile-apps]

Unknown-endpoint case doesn't assert SemanticOperation is empty

The "unknown endpoint gets prefixed audit path" test case only checks AuditPath but never asserts that SemanticOperation is left at its zero value. If a future change accidentally sets SemanticOperation for the default branch, this test would not catch the regression. Adding wantSemanticOp: "" with an explicit emptiness check for the unknown case would close this gap.

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/features/passthrough-api.mdx`:
- Line 148: The CLAUDE.md provider list is missing "deepseek", causing
inconsistency with defaultEnabledPassthroughProviders and other docs; update the
provider list in CLAUDE.md (around the provider enumeration near line
referenced) to include "deepseek" so it matches ENABLED_PASSTHROUGH_PROVIDERS
and the defaultEnabledPassthroughProviders constant in
internal/server/passthrough_support.go.

In `@internal/providers/deepseek/deepseek_test.go`:
- Around line 281-306: The test TestPassthrough_ForwardsRequestHeaders currently
only asserts Content-Type; modify it to also capture and assert the
Authorization header from the incoming request so custom-header forwarding
doesn't drop auth. In the httptest handler (inside
TestPassthrough_ForwardsRequestHeaders) read r.Header.Get("Authorization") into
a local variable (e.g., gotAuthorization) and after calling provider.Passthrough
assert that gotAuthorization equals the expected "Bearer deepseek-key" (or the
exact expected value used when creating the provider) to ensure
provider.Passthrough preserves Authorization when merging custom Headers.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: a644c867-3e0b-445c-aea1-057ae6a12e46

📥 Commits

Reviewing files that changed from the base of the PR and between 49a4ba4 and bf4c7d8.

📒 Files selected for processing (3)

• config/config.go
• docs/features/passthrough-api.mdx
• internal/providers/deepseek/deepseek_test.go

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Find all default passthrough provider definitions and verify consistency

echo "=== Searching for defaultEnabledPassthroughProviders definitions ==="
rg -n "defaultEnabledPassthroughProviders" -A 10

echo -e "\n=== Searching for EnabledPassthroughProviders default assignments ==="
rg -n "EnabledPassthroughProviders.*=.*\[\]string" -A 10

echo -e "\n=== Searching for ENABLED_PASSTHROUGH_PROVIDERS in docs/examples ==="
rg -n "ENABLED_PASSTHROUGH_PROVIDERS" --type=yaml --type=md

Repository: ENTERPILOT/GoModel

Length of output: 9672

---

Update CLAUDE.md to include deepseek in the ENABLED_PASSTHROUGH_PROVIDERS list.

The internal/server/passthrough_support.go still includes "deepseek" in defaultEnabledPassthroughProviders, and this documentation along with README.md list deepseek as enabled. However, CLAUDE.md:115 omits deepseek from the provider list, creating an inconsistency.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/features/passthrough-api.mdx` at line 148, The CLAUDE.md provider list
is missing "deepseek", causing inconsistency with
defaultEnabledPassthroughProviders and other docs; update the provider list in
CLAUDE.md (around the provider enumeration near line referenced) to include
"deepseek" so it matches ENABLED_PASSTHROUGH_PROVIDERS and the
defaultEnabledPassthroughProviders constant in
internal/server/passthrough_support.go.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial | ⚡ Quick win

Assert auth header survives custom-header forwarding

On Line 297, this test only checks Content-Type. Please also assert that Authorization is still present when custom headers are supplied, so header merge regressions don’t slip through.

Proposed test hardening

 func TestPassthrough_ForwardsRequestHeaders(t *testing.T) {
-	var gotContentType string
+	var gotContentType, gotAuth, gotTraceID string

 	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		gotContentType = r.Header.Get("Content-Type")
+		gotAuth = r.Header.Get("Authorization")
+		gotTraceID = r.Header.Get("X-Trace-Id")
 		w.WriteHeader(http.StatusOK)
 		_, _ = w.Write([]byte(`{}`))
 	}))
 	defer server.Close()
@@
 	resp, err := provider.Passthrough(context.Background(), &core.PassthroughRequest{
 		Method:   http.MethodPost,
 		Endpoint: "/beta/completions",
 		Body:     io.NopCloser(strings.NewReader(`{}`)),
-		Headers:  http.Header{"Content-Type": []string{"application/json"}},
+		Headers: http.Header{
+			"Content-Type": []string{"application/json"},
+			"X-Trace-Id":   []string{"trace-123"},
+		},
 	})
@@
 	if gotContentType != "application/json" {
 		t.Fatalf("Content-Type = %q, want application/json", gotContentType)
 	}
+	if gotAuth != "Bearer deepseek-key" {
+		t.Fatalf("Authorization = %q, want Bearer deepseek-key", gotAuth)
+	}
+	if gotTraceID != "trace-123" {
+		t.Fatalf("X-Trace-Id = %q, want trace-123", gotTraceID)
+	}
 }

As per coding guidelines **/*_test.go: “Add or update tests for behavior changes. Tests should cover … error handling … and provider-specific parameter mapping.”

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	func TestPassthrough_ForwardsRequestHeaders(t *testing.T) {
	var gotContentType string
	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
	gotContentType = r.Header.Get("Content-Type")
	w.WriteHeader(http.StatusOK)
	_, _ = w.Write([]byte(`{}`))
	}))
	defer server.Close()
	provider := NewWithHTTPClient("deepseek-key", server.URL, server.Client(), llmclient.Hooks{})
	resp, err := provider.Passthrough(context.Background(), &core.PassthroughRequest{
	Method: http.MethodPost,
	Endpoint: "/beta/completions",
	Body: io.NopCloser(strings.NewReader(`{}`)),
	Headers: http.Header{"Content-Type": []string{"application/json"}},
	})
	if err != nil {
	t.Fatalf("Passthrough() error = %v", err)
	}
	defer resp.Body.Close()
	if gotContentType != "application/json" {
	t.Fatalf("Content-Type = %q, want application/json", gotContentType)
	}
	}
	func TestPassthrough_ForwardsRequestHeaders(t *testing.T) {
	var gotContentType, gotAuth, gotTraceID string
	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
	gotContentType = r.Header.Get("Content-Type")
	gotAuth = r.Header.Get("Authorization")
	gotTraceID = r.Header.Get("X-Trace-Id")
	w.WriteHeader(http.StatusOK)
	_, _ = w.Write([]byte(`{}`))
	}))
	defer server.Close()
	provider := NewWithHTTPClient("deepseek-key", server.URL, server.Client(), llmclient.Hooks{})
	resp, err := provider.Passthrough(context.Background(), &core.PassthroughRequest{
	Method: http.MethodPost,
	Endpoint: "/beta/completions",
	Body: io.NopCloser(strings.NewReader(`{}`)),
	Headers: http.Header{
	"Content-Type": []string{"application/json"},
	"X-Trace-Id": []string{"trace-123"},
	},
	})
	if err != nil {
	t.Fatalf("Passthrough() error = %v", err)
	}
	defer resp.Body.Close()
	if gotContentType != "application/json" {
	t.Fatalf("Content-Type = %q, want application/json", gotContentType)
	}
	if gotAuth != "Bearer deepseek-key" {
	t.Fatalf("Authorization = %q, want Bearer deepseek-key", gotAuth)
	}
	if gotTraceID != "trace-123" {
	t.Fatalf("X-Trace-Id = %q, want trace-123", gotTraceID)
	}
	}

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@internal/providers/deepseek/deepseek_test.go` around lines 281 - 306, The
test TestPassthrough_ForwardsRequestHeaders currently only asserts Content-Type;
modify it to also capture and assert the Authorization header from the incoming
request so custom-header forwarding doesn't drop auth. In the httptest handler
(inside TestPassthrough_ForwardsRequestHeaders) read
r.Header.Get("Authorization") into a local variable (e.g., gotAuthorization) and
after calling provider.Passthrough assert that gotAuthorization equals the
expected "Bearer deepseek-key" (or the exact expected value used when creating
the provider) to ensure provider.Passthrough preserves Authorization when
merging custom Headers.