Summary

Redacts --openai-restricted-api header values from the OpenAI frontend startup log while preserving the configured header names and the internal values used for request authentication.

The restriction values are shared secrets for protected API groups. The current startup log prints RestrictionDict() directly, which includes both the header key and the expected value. In deployments where stdout/container logs are available to operators or log aggregation readers, this can disclose the same value required to access restricted endpoints such as model listing and model load/unload.

Changes

• Add RestrictedFeatures.RedactedRestrictionDict() for log-safe reporting.
• Use the redacted view in the FastAPI frontend restriction startup log.
• Add coverage that confirms the auth dictionary still contains the real values while the logging view does not expose them.

Verification

python -m py_compile python\openai\openai_frontend\frontend\fastapi\middleware\api_restriction.py python\openai\openai_frontend\frontend\fastapi_frontend.py python\openai\tests\test_openai_restricted_apis.py

git diff --check

lightweight direct check:
redaction verification passed

I could not run the focused pytest target in this local environment because the test conftest imports the tritonserver Python package, which is not installed here.