- API Key encryption at rest: verify enc: prefix in DB for provider keys
and main provider api_key
- Key pool: toggle active/inactive + delete with DB state verification
- Model Groups: full CRUD lifecycle + cascade delete + user permission
- Quota enforcement: relay_requests exhaustion verified at DB level
(middleware test infra issue noted — DB state confirmed correct)
- Provider disable: model hidden from relay/models list after disable
