A high-performance Go-based LLM router that provides unified access to multiple LLM providers with intelligent routing, OAuth authentication, and hot-reload capabilities.
- π Core API Support: Standardized interface across all AI providers
- π Health Monitoring: Real-time provider health monitoring with alerting
- π Model Discovery: Automatic model capability detection and catalog
- π Request/Response Conversion: Universal format conversion between providers
- π Provider Extensions: Access to provider-specific features (thinking mode, JSON mode)
- π Performance Benchmarks: Built-in performance monitoring and optimization
- π Comprehensive Testing: Full test coverage with mock providers
- β Multi-Provider Support: Anthropic, OpenAI, Google Gemini, OpenRouter, and more
- β Admin Authentication: JWT tokens, API keys, and Two-Factor Authentication (TFA)
- β Role-Based Access Control: Hierarchical user roles with permission management
- β Enhanced Security: Rate limiting, audit logging, and comprehensive security headers
- β User Management: Complete user lifecycle management with password policies
- β Model Groups: Organize and restrict access to models with aliases
- β Client API Keys: Fine-grained access control with per-key model restrictions
- β OAuth 2.0 Authentication: Automatic token refresh and hybrid auth (OAuth + API keys)
- β Hot-Reload Configuration: Update API keys and OAuth credentials without restart
- β Intelligent Routing: Smart provider selection based on request characteristics
- β Vision Routing: Automatic routing of image content to vision-capable models
- β Unified API: Both Anthropic and OpenAI-compatible endpoints
- β Token Counting: Intelligent routing based on message length and context
- β Tool Support: Function calling support across providers
- β Streaming Support: Server-Sent Events (SSE) for real-time responses
- β Admin API: Management endpoints for configuration and monitoring
- β Enterprise Ready: Production-ready with proper error handling and logging
# Clone the repository
git clone https://github.com/cecil-the-coder/Cortex.git
cd Cortex
# Build the binary
go build -o cortex ./cmd/router
# Or install directly
go install github.com/cecil-the-coder/Cortex@latestCreate config.json:
{
"Providers": [
{
"name": "anthropic",
"authMethod": "api_key",
"APIKEY": "${ANTHROPIC_API_KEY}",
"baseURL": "https://api.anthropic.com/v1",
"models": [
"claude-3-5-sonnet-20241022",
"claude-3-opus-20240229",
"claude-3-haiku-20240307"
]
},
{
"name": "openai",
"authMethod": "api_key",
"APIKEY": "${OPENAI_API_KEY}",
"baseURL": "https://api.openai.com/v1",
"models": [
"gpt-4-turbo-preview",
"gpt-4",
"gpt-3.5-turbo"
]
}
],
"Router": {
"default": "anthropic",
"background": "openai",
"think": "anthropic",
"longContext": "anthropic",
"webSearch": "openai",
"vision": "openai",
"longContextThreshold": 100000
},
"APIKEY": "${ROUTER_API_KEY}",
"HOST": "0.0.0.0",
"PORT": 8080
}export ANTHROPIC_API_KEY="your-anthropic-api-key"
export OPENAI_API_KEY="your-openai-api-key"
export ROUTER_API_KEY="your-router-admin-key"./cortex --config config.jsonTraditional static API key authentication:
{
"name": "anthropic",
"authMethod": "api_key",
"APIKEY": "${ANTHROPIC_API_KEY}",
"baseURL": "https://api.anthropic.com/v1",
"models": ["claude-3-5-sonnet-20241022"]
}Automatic token refresh for enterprise providers:
{
"name": "gemini",
"authMethod": "oauth",
"baseURL": "https://generativelanguage.googleapis.com/v1",
"models": ["gemini-2.0-flash-exp"],
"oauth": {
"client_id": "${GEMINI_CLIENT_ID}",
"client_secret": "${GEMINI_CLIENT_SECRET}",
"access_token": "${GEMINI_ACCESS_TOKEN}",
"refresh_token": "${GEMINI_REFRESH_TOKEN}",
"token_url": "https://oauth2.googleapis.com/token"
}
}Use both OAuth and API keys with automatic fallback:
{
"name": "openrouter",
"authMethod": "hybrid",
"APIKEY": "${OPENROUTER_API_KEY}",
"oauth": {
"client_id": "${OPENROUTER_CLIENT_ID}",
"client_secret": "${OPENROUTER_CLIENT_SECRET}",
"access_token": "${OPENROUTER_ACCESS_TOKEN}",
"refresh_token": "${OPENROUTER_REFRESH_TOKEN}",
"token_url": "https://openrouter.ai/api/v1/auth/oauth/token"
}
}curl -X POST \
-H "Content-Type: application/json" \
-H "x-api-key: YOUR_ROUTER_API_KEY" \
-d '{
"model": "claude-3-5-sonnet-20241022",
"messages": [{"role": "user", "content": "Hello!"}],
"max_tokens": 100
}' \
http://localhost:8080/v1/messagescurl -X POST \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR_ROUTER_API_KEY" \
-d '{
"model": "gpt-4-turbo-preview",
"messages": [{"role": "user", "content": "Hello!"}],
"max_tokens": 100
}' \
http://localhost:8080/v1/chat/completionsBoth APIs support streaming responses:
curl -X POST \
-H "Content-Type: application/json" \
-H "x-api-key: YOUR_ROUTER_API_KEY" \
-d '{
"model": "claude-3-5-sonnet-20241022",
"messages": [{"role": "user", "content": "Hello!"}],
"max_tokens": 100,
"stream": true
}' \
http://localhost:8080/v1/messagesThe router automatically detects image content and routes to vision-capable providers:
curl -X POST \
-H "Content-Type: application/json" \
-H "x-api-key: YOUR_ROUTER_API_KEY" \
-d '{
"model": "claude-3-5-sonnet-20241022",
"messages": [{
"role": "user",
"content": [
{"type": "text", "text": "What do you see in this image?"},
{
"type": "image",
"source": {
"type": "base64",
"media_type": "image/jpeg",
"data": "iVBORw0KGgoAAAANSUhEUgAAAAEAAAAB..."
}
}
]
}],
"max_tokens": 100
}' \
http://localhost:8080/v1/messagesOpenAI format also supported:
curl -X POST \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR_ROUTER_API_KEY" \
-d '{
"model": "gpt-4o",
"messages": [{
"role": "user",
"content": [
{"type": "text", "text": "Analyze this image:"},
{
"type": "image_url",
"image_url": {
"url": "data:image/jpeg;base64,/9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQ" +
"EBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQH/"
}
}
]
}],
"max_tokens": 100
}' \
http://localhost:8080/v1/chat/completionscurl -H "x-api-key: YOUR_ROUTER_API_KEY" \
http://localhost:8080/admin/statuscurl -X POST -H "x-api-key: YOUR_ROUTER_API_KEY" \
http://localhost:8080/admin/reloadcurl -X POST -H "x-api-key: YOUR_ROUTER_API_KEY" \
http://localhost:8080/admin/validate/anthropiccurl -H "x-api-key: YOUR_ROUTER_API_KEY" \
http://localhost:8080/admin/oauth-status/geminicurl -X POST -H "x-api-key: YOUR_ROUTER_API_KEY" \
http://localhost:8080/admin/oauth-refresh/gemini# List all model groups
curl -H "x-api-key: YOUR_ROUTER_API_KEY" \
http://localhost:8080/admin/model-groups
# Create new model group
curl -X POST -H "Content-Type: application/json" \
-H "x-api-key: YOUR_ROUTER_API_KEY" \
-d '{"name": "new-group", "models": [...]}' \
http://localhost:8080/admin/model-groups
# Manage client API keys
curl -H "x-api-key: YOUR_ROUTER_API_KEY" \
http://localhost:8080/admin/client-api-keys| Field | Type | Required | Description |
|---|---|---|---|
name |
string | Yes | Unique provider identifier |
authMethod |
string | No | One of: api_key, oauth, hybrid (default: api_key) |
APIKEY |
string | No | Static API key (for api_key or hybrid auth) |
baseURL |
string | Yes | Provider base URL |
models |
array | Yes | List of supported models |
oauth |
object | No | OAuth configuration (see OAuth section) |
| Field | Type | Required | Description |
|---|---|---|---|
client_id |
string | Yes | OAuth client identifier |
client_secret |
string | Yes | OAuth client secret |
token_url |
string | Yes | OAuth token endpoint |
access_token |
string | No | Current access token |
refresh_token |
string | No | Token for automatic refresh |
expires_at |
string | No | Token expiration (ISO 8601) |
auth_url |
string | No | OAuth authorization URL |
redirect_url |
string | No | OAuth redirect URL |
scopes |
string | No | Required OAuth scopes |
| Field | Type | Description |
|---|---|---|
default |
string | Default provider for requests |
background |
string | Provider for background tasks |
think |
string | Provider for thinking/reasoning tasks |
longContext |
string | Provider for long-context requests |
webSearch |
string | Provider for web-search enhanced requests |
vision |
string | Provider for requests containing image content |
longContextThreshold |
int | Token count threshold for long-context routing |
| Field | Type | Required | Description |
|---|---|---|---|
name |
string | Yes | Unique group identifier |
description |
string | No | Human-readable description |
models |
array | Yes | List of models in the group |
Each model in a group can have:
| Field | Type | Required | Description |
|---|---|---|---|
provider |
string | Yes | Provider name |
model |
string | Yes | Actual model name |
alias |
string | No | User-friendly alias |
| Field | Type | Required | Description |
|---|---|---|---|
apiKey |
string | Yes | Client API key |
allowed_models |
array | No | Specific model permissions |
allowed_model_groups |
array | No | Model group permissions |
description |
string | No | Key description for tracking |
- API Key Only (
api_key): Traditional static API keys - OAuth Only (
oauth): OAuth 2.0 with automatic refresh - Hybrid (
hybrid): OAuth preferred, API key fallback
| Provider | OAuth Support | Auth Methods |
|---|---|---|
| Google Gemini | β Full OAuth | oauth, hybrid |
| OpenRouter | β OAuth + API | oauth, hybrid, api_key |
| Anthropic | β API Key Only | api_key |
| OpenAI | β API Key Only | api_key |
| Cerebras | β API Key Only | api_key |
| Deepseek | β API Key Only | api_key |
| xAI | β API Key Only | api_key |
| Mistral | β API Key Only | api_key |
| Ollama/LM Studio | β API Key Only | api_key |
# Set environment variables
export GEMINI_CLIENT_ID="your-client-id"
export GEMINI_CLIENT_SECRET="your-client-secret"
export GEMINI_ACCESS_TOKEN="your-access-token"
export GEMINI_REFRESH_TOKEN="your-refresh-token"
# Start router with OAuth
./cortex --config config.json
# Check OAuth status
curl -H "x-api-key: $ROUTER_API_KEY" \
http://localhost:8080/admin/oauth-status/geminiFor detailed OAuth setup, see Authentication Guide.
The admin API provides enterprise-grade authentication and authorization features for managing the router and its configuration.
Stateless JSON Web Token authentication with automatic refresh:
# Login and get tokens
curl -X POST http://localhost:8081/admin/v1/auth/login \
-H "Content-Type: application/json" \
-d '{
"username": "admin",
"password": "secure-password"
}'
# Response
{
"access_token": "eyJhbGciOiJIUzI1NiIs...",
"refresh_token": "def502009f8c4b8...",
"user": {
"id": "uuid-here",
"username": "admin",
"role": "super_admin"
}
}
# Use token for API requests
curl -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..." \
http://localhost:8081/admin/v1/statusFor programmatic access and service integration:
# Create API key
curl -X POST http://localhost:8081/admin/v1/users/api-keys \
-H "Authorization: Bearer <jwt-token>" \
-H "Content-Type: application/json" \
-d '{
"name": "Service Key",
"role": "viewer",
"expires_in": 2592000
}'
# Use API key
curl -H "X-API-Key: sk-admin-xyz123..." \
http://localhost:8081/admin/v1/statusEnhanced security with TOTP-based 2FA:
# Setup TFA
curl -X POST http://localhost:8081/admin/v1/auth/tfa/setup \
-H "Authorization: Bearer <jwt-token>"
# Login with TFA
curl -X POST http://localhost:8081/admin/v1/auth/login \
-H "Content-Type: application/json" \
-d '{
"username": "admin",
"password": "secure-password",
"tfa_code": "123456"
}'super_admin
ββ admin
ββ operator
ββ viewer
ββ support
| Role | Permissions | Operations |
|---|---|---|
| super_admin | all |
Complete system access |
| admin | full access |
Manage users, API keys, configuration |
| operator | operational access |
Start/stop/load services, view logs |
| viewer | read access |
View status, metrics, configuration |
| support | support access |
Basic status and health checks |
# Create new user
curl -X POST http://localhost:8081/admin/v1/users \
-H "Authorization: Bearer <admin-token>" \
-H "Content-Type: application/json" \
-d '{
"username": "operator1",
"password": "secure-password",
"email": "[email protected]",
"role": "operator"
}'
# List users
curl -H "Authorization: Bearer <admin-token>" \
http://localhost:8081/admin/v1/users
# Update user role
curl -X PATCH http://localhost:8081/admin/v1/users/user-uuid \
-H "Authorization: Bearer <admin-token>" \
-H "Content-Type: application/json" \
-d '{"role": "viewer"}'# List current user's API keys
curl -H "Authorization: Bearer <jwt-token>" \
http://localhost:8081/admin/v1/users/api-keys
# Create API key with restrictions
curl -X POST http://localhost:8081/admin/v1/users/api-keys \
-H "Authorization: Bearer <jwt-token>" \
-H "Content-Type: application/json" \
-d '{
"name": "Production Service",
"description": "Production monitoring service",
"role": "viewer",
"expires_in": 2592000,
"allowed_ips": ["192.168.1.100", "10.0.0.50"]
}'
# Revoke API key
curl -X DELETE http://localhost:8081/admin/v1/users/api-keys/key-uuid \
-H "Authorization: Bearer <jwt-token>"Per-role rate limiting with configurable thresholds:
| Role | Requests/Min | Burst | Hourly Limit |
|---|---|---|---|
| super_admin | 120 | 20 | 7200 |
| admin | 100 | 15 | 6000 |
| operator | 60 | 10 | 3600 |
| viewer | 30 | 5 | 1800 |
| support | 15 | 3 | 900 |
# Check rate limit headers
curl -I http://localhost:8081/admin/v1/status \
-H "Authorization: Bearer <token>"
# Response headers
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 59
X-RateLimit-Reset: 1640995860Comprehensive security headers for web interfaces:
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: "1; mode=block"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: default-src 'self'Comprehensive audit trail for security events:
{
"id": "audit-uuid",
"user_id": "user-uuid",
"action": "user_created",
"resource": "users",
"resource_id": "new-user-uuid",
"ip_address": "192.168.1.100",
"user_agent": "curl/7.68.0",
"created_at": "2023-01-01T12:00:00Z"
}# Run the interactive setup
./setup-auth.sh
# Follow prompts to create:
# - Secure secrets
# - Initial admin user
# - Configuration files
# - SSL certificates# Copy configuration template
# Create your config.json based on the documentation examples
# Set environment variables
export AUTH_JWT_SECRET="your-secure-secret"
export ADMIN_DEFAULT_USER="admin"
export ADMIN_DEFAULT_PASSWORD="secure-password"
# Start router
./cortex --config config.json# Using Docker Compose (create your docker-compose.yml)
docker-compose up -d
# Environment variables for initial admin
export ADMIN_PASSWORD=your-secure-password# Install requirements
pip install requests
# Use the AdminAPIClient (examples will be available soon)
# from examples.admin_api_python import AdminAPIClient
# JWT Authentication
client = AdminAPIClient()
client.authenticate_with_password("admin", "password")
# API Key Authentication
client.authenticate_with_api_key("sk-admin-12345")
# Use the client
status = client.get_status()
users = client.list_users()# JWT authentication (example scripts will be available soon)
# ./examples/admin-api-examples.sh localhost:8080 admin password
# API key authentication (example scripts will be available soon)
# ADMIN_API_KEY=sk-admin-12345 ./examples/admin-api-examples.sh localhost:8080
# Skip TFA setup (example scripts will be available soon)
# SKIP_TFA=true ./examples/admin-api-examples.sh localhost:8080 admin passwordFor comprehensive authentication documentation, see:
- Authentication Guide - Complete authentication system including OAuth, JWT, RBAC, and TFA
- Admin API Usage - Administrative operations and management
- OpenAPI Specification
Model Groups provide enterprise-grade access control by allowing you to organize models into logical groups and restrict client API keys to specific models or groups.
- Model Aliases: Map user-friendly names to actual model names
- Cross-Provider Groups: Combine models from different providers
- Fine-Grained Access: Restrict API keys to specific models or groups
- Hot-Reload Support: Update groups and permissions without restart
- Backward Compatibility: Works alongside existing configurations
{
"ModelGroups": [
{
"name": "basic-models",
"description": "Entry-level models",
"models": [
{
"provider": "anthropic",
"model": "claude-3-haiku-20240307",
"alias": "claude-haiku"
},
{
"provider": "openai",
"model": "gpt-3.5-turbo",
"alias": "gpt35"
}
]
}
],
"ClientAPIKeys": [
{
"apiKey": "sk-basic-client",
"allowed_model_groups": ["basic-models"],
"description": "Basic access only"
}
]
}# Use model alias instead of full model name
curl -X POST \
-H "Content-Type: application/json" \
-H "x-api-key: ${ROUTER_API_KEY}" \
-H "x-client-api-key: sk-basic-client" \
-d '{
"model": "claude-haiku",
"messages": [{"role": "user", "content": "Hello!"}]
}' \
http://localhost:8080/v1/messagesFor comprehensive documentation, see the Getting Started Guide and Core Concepts.
The router supports hot-reload of configuration changes:
- β API key updates
- β OAuth credential updates
- β Provider configuration changes
- β Router configuration changes
- β Environment variable updates
Changes are detected automatically via file system watching:
# Update config file
vim config.json
# Router detects changes and reloads automatically
# No restart requiredForce manual reload via admin API:
curl -X POST -H "x-api-key: YOUR_ROUTER_API_KEY" \
http://localhost:8080/admin/reloadThe router intelligently selects providers based on:
- Token Count: Routes long-context requests to specialized providers
- Vision Content: Routes requests with images to vision-capable providers
- Tools: Routes tool requests to providers with strong tool support
- Thinking Mode: Routes reasoning tasks to appropriate providers
- Background Tasks: Routes lower-priority requests to cost-effective providers
// Example routing decisions
if tokenCount > longContextThreshold {
provider = config.Router.LongContext
} else if hasVisionContent {
provider = config.Router.Vision
} else if hasTools {
provider = config.Router.Think
} else if isBackground {
provider = config.Router.Background
} else {
provider = config.Router.Default
}# Build for current platform
go build -o cortex ./cmd/router
# Build for multiple platforms
go build -o cortex-linux ./cmd/router
GOOS=darwin go build -o cortex-macos ./cmd/router
GOOS=windows go build -o cortex.exe ./cmd/router# Run all tests
go test ./...
# Run specific package tests
go test ./internal/config -v
# Run with coverage
go test -cover ./...# Clone the repository
git clone https://github.com/cecil-the-coder/Cortex.git
cd Cortex
# Install dependencies
go mod download
# Run development server
go run ./cmd/router --config config.jsonThe Phase 3 implementation provides a unified interface for all AI providers:
// Create provider registry with Core API support
registry, err := providers.NewSDKProviderRegistry(cfg)
if err != nil {
log.Fatal(err)
}
// Get provider with Core API capabilities
provider, err := registry.GetProvider("openai")
if err != nil {
log.Fatal(err)
}
// Use standardized Core API (preferred)
if provider.UseCoreAPI() {
// Create standard request
request, _ := types.NewCoreRequestBuilder().
WithModel("gpt-4").
WithMessage(types.ChatMessage{Role: "user", Content: "Hello!"}).
WithMaxTokens(100).
Build()
// Generate response using Core API
response, err := provider.GenerateStandardCompletion(context.Background(), *request)
if err == nil {
fmt.Printf("Response: %s\n", response.Choices[0].Message.Content)
}
} else {
// Fallback to legacy API
// ... existing code continues to work
}// Get real-time health status
health := registry.GetHealthMonitor()
// Check provider health
status, _ := health.GetProviderHealthStatus("openai")
fmt.Printf("OpenAI Healthy: %t, Response Time: %.3fs\n",
status.Healthy, status.ResponseTime)
// Get list of healthy providers
healthy := health.GetHealthyProviders()
unhealthy := health.GetUnhealthyProviders()
// Set up health change notifications
health.AddStatusChangeCallback(func(provider string, oldStatus, newStatus *health.ProviderHealthStatus) {
log.Printf("Provider %s health changed: %t -> %t",
provider, oldStatus.Healthy, newStatus.Healthy)
})// Discover all available models
discovery := registry.GetDiscoveryService()
models, _ := discovery.GetAllModels(context.Background())
// Find models by capability
streamingModels, _ := discovery.GetModelsByCapability(context.Background(), "streaming")
toolModels, _ := discovery.GetModelsByCapability(context.Background(), "tool_calling")
// Filter models by requirements
filter := models.ModelFilter{
Features: []string{"streaming", "tool_calling"},
MinTokens: 8000,
SupportsStreaming: &[]bool{true}[0],
}
filtered := discovery.FilterModels(models, filter)
// Get popular models
popular, _ := discovery.GetPopularModels(context.Background())// Convert legacy requests to standard format
requestConverter := registry.GetRequestConverter()
standardReq, err := requestConverter.ConvertFromLegacy(legacyReq)
// Convert responses between formats
responseConverter := registry.GetResponseConverter()
anthropicResp, _ := responseConverter.ConvertFromStandard(standardResp, converters.FormatLegacy)
openaiResp, _ := responseConverter.ConvertFromStandard(standardResp, converters.FormatOpenAI)// Access provider-specific features
if provider.UseCoreAPI() {
extension, err := provider.GetCoreProviderExtension()
if err == nil {
// Access Anthropic thinking mode
if provider.Name() == "anthropic" {
// Use thinking mode features
}
// Access OpenAI JSON mode
if provider.Name() == "openai" {
// Use JSON mode features
}
}
}The examples/ directory will contain comprehensive examples for:
- Admin API Shell Examples - Complete authentication workflows in bash
- Admin API Python Examples - Python client with comprehensive auth support
- Authentication Configuration - Production-ready auth configuration
- Development Configuration - Development auth settings
- Docker Compose with Auth - Complete Docker setup with authentication
- Environment Variables - Environment configuration template
- Database Schema - PostgreSQL schema for authentication
- Setup Script - Interactive authentication setup
- Redis Configuration - Redis settings for sessions and rate limiting
- Core API Configuration - Complete Phase 3 setup
- Core API Usage - Comprehensive implementation example
Note: Example files are being prepared and will be available soon. For now, refer to the documentation guides for implementation details.
Example configurations for legacy features will be added to the examples/ directory soon.
- Getting Started Guide - Quick start, configuration, and first API call
- Core Concepts - Intelligent routing, health monitoring, and key features
- Authentication Guide - OAuth, API keys, JWT, RBAC, and security setup
- Admin API Usage - Administrative operations and management
- AI Provider Kit Integration - Core API integration details
π examples/ - Comprehensive configuration examples organized by use case
- Authentication Setup - OAuth, API keys, and security configurations
- Model Groups - Intelligent routing and model organization
- Database Integration - Database setup and configuration
- Deployment Examples - Docker, Kubernetes, and production setups
- Setup Guide - Development environment setup
- JWT Secrets: Use cryptographically secure secrets (32+ characters)
- Password Policies: Enforce strong passwords with complexity requirements
- Two-Factor Authentication: Enable TFA for all admin users
- API Key Rotation: Regularly rotate API keys and use expiration
- Session Management: Configure appropriate session timeouts
- Environment Variables: Store sensitive data in environment variables or secrets
- File Permissions: Set config file permissions to 600, secrets to 400
- HTTPS: Always use TLS 1.2+ in production with valid certificates
- Firewall: Restrict admin API access to trusted networks/IP ranges
- Database Security: Use database TLS and proper user permissions
- Audit Logging: Enable comprehensive audit logging for security events
- Rate Limiting: Configure appropriate rate limits per role
- Monitoring: Monitor authentication failures, token refresh events
- Backup Strategy: Regular backups of user data and configurations
- Access Control: Follow principle of least privilege for user roles
- Concurrent Requests: Adjust Go runtime for expected load
- Timeouts: Configure appropriate provider timeouts
- Caching: Implement response caching where appropriate
- Load Balancing: Use multiple provider instances for scaling
Monitor these metrics:
- Request routing success/failure rates
- OAuth token refresh events
- API response times by provider
- Error rates by provider and error type
- Configuration reload events
Common issues and solutions:
- OAuth tokens not refreshing: Check refresh token validity
- Hot-reload not working: Verify file permissions and watcher support
- Provider timeouts: Increase timeout values or check network connectivity
- Authentication failures: Validate API keys and OAuth credentials
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests for new functionality
- Ensure all tests pass
- Submit a pull request
This project is licensed under the MIT License - see the LICENSE file for details.
- π Documentation: docs/
- π Issues: GitHub Issues
- π¬ Discussions: GitHub Discussions
- π Core API Integration: Standardized interface across all AI providers with unified request/response formats
- π Health Monitoring: Real-time provider health tracking with alerting and automatic failover
- π Model Discovery: Automatic model capability detection and intelligent filtering
- π Request/Response Conversion: Universal format conversion between providers and legacy support
- π Provider Extensions: Access to provider-specific features (thinking mode, JSON mode)
- π Performance Benchmarks: Built-in performance monitoring and optimization tools
- π Comprehensive Test Coverage: Full test suite with mock providers and performance benchmarks
- β Model Groups: Organize and restrict access to models with aliases
- β Client API Keys: Fine-grained access control with per-key model restrictions
- β Model Alias Resolution: User-friendly model names with automatic resolution
- β Enhanced Admin API: CRUD operations for model groups and client keys
- β OAuth 2.0 authentication: Automatic token refresh and hybrid auth
- β Hot-reload support: Update groups and permissions without restart
- β Production-ready examples: Enterprise and migration configurations
Detailed release notes will be available in CHANGELOG.md.