spec-reviewer

This specification contains multiple high-risk design choices that create supply-chain and data-exfiltration exposure if implemented without changes. Immediate concerns: (1) Storing API keys in plaintext (~/.codemie/litellm-config.json) — critical risk; (2) Programmatically running exec('npm install -g litellm') from the CLI with no integrity/version pinning — supply-chain/install-time remote code execution risk; (3) Direct network calls with no timeouts/retries and no input validation — resilience and potential leakage problems; (4) Use of console.log for errors and direct instantiation of third-party client in CLI — poor observability and architectural issues. I assess low probability that this spec is intentionally malicious, but it prescribes behaviors that materially increase the chance of compromise. Recommend blocking implementation until: credential storage uses encrypted CredentialStore, runtime installs are removed or replaced by explicit install flows with pinned versions and integrity checks, provider is integrated via ProviderRegistry/adapter pattern, fetch() calls include timeout/retry and HTTPS enforcement, input validation is added, and structured logging is used.