version: "3.8"

services:
  # Vulnerable: LiteLLM v1.82.6 (latest pre-patch)
  # Pinned by digest for long-term reproducibility
  litellm:
    image: ghcr.io/berriai/litellm@sha256:7c311546c25e7bb6e8cafede9fcd3d0d622ac636b5c9418befaa32e85dfb0186
    container_name: litellm-cve
    ports:
      - "4000:4000"
    environment:
      - LITELLM_MASTER_KEY=sk-litellm-master-key
    restart: unless-stopped

  # Fixed: LiteLLM v1.83.7-stable (patched)
  # Pinned by digest for long-term reproducibility
  litellm-fixed:
    image: ghcr.io/berriai/litellm@sha256:af0152ca6dfb6703b35c0d4899effa9ac132bce9a4fbcbe1dc6ef145c100db26
    container_name: litellm-fixed
    ports:
      - "4001:4000"
    environment:
      - LITELLM_MASTER_KEY=sk-litellm-master-key
    profiles:
      - fixed
    restart: unless-stopped