Initial Commit

Author: cecil-the-coder

.dockerignore

@@ -0,0 +1,99 @@
+# Git
+.git
+.gitignore
+
+# Documentation
+*.md
+docs/
+
+# IDE files
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+
+# OS files
+.DS_Store
+Thumbs.db
+
+# Go build artifacts
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+cortex
+Cortex
+cortex-*
+
+# Test files
+*.test
+coverage.out
+*.prof
+
+# Temporary files
+*.tmp
+*.temp
+
+# CI/CD
+.github/
+.gitlab-ci.yml
+.travis.yml
+
+# Local development
+config.json
+config-*.json
+.env
+.env.local
+*.key
+*.pem
+ssl/
+
+# Logs
+*.log
+logs/
+
+# Local databases
+*.db
+*.sqlite
+*.sqlite3
+
+# Cache
+.cache/
+tmp/
+
+# Docker
+Dockerfile*
+docker-compose*.yml
+.dockerignore
+
+# Scripts not needed in container
+scripts/
+Makefile
+
+# Examples not needed in production
+examples/
+
+# Tests not needed in runtime
+tests/
+*_test.go
+
+# Build artifacts
+build/
+dist/
+out/
+
+# Package files
+*.tar.gz
+*.zip
+*.7z
+
+# Local development tools
+air.toml
+.air.toml
+.watch.toml
+
+# Coverage reports
+coverage.html
+coverage.xml

.env.auth.template

@@ -0,0 +1,120 @@
+# Cortex Authentication Environment Variables Template
+# Copy this file to .env and customize the values
+
+# Database Configuration
+DB_DRIVER=postgres
+DB_DSN=postgres://router_user:secure_password@localhost/go_llm_router?sslmode=disable
+DB_MAX_OPEN_CONNS=25
+DB_MAX_IDLE_CONNS=5
+DB_CONN_MAX_LIFETIME=1h
+
+# Redis Configuration (Optional but recommended for production)
+REDIS_ENABLED=true
+REDIS_ADDR=localhost:6379
+REDIS_PASSWORD=
+REDIS_DB=1
+REDIS_POOL_SIZE=10
+
+# Admin API Configuration
+ADMIN_ENABLED=true
+ADMIN_LISTEN_ADDRESS=0.0.0.0:8081
+
+# TLS/SSL Configuration
+TLS_ENABLED=false
+TLS_CERT_FILE=/etc/ssl/certs/router.crt
+TLS_KEY_FILE=/etc/ssl/private/router.key
+TLS_MIN_VERSION=1.2
+
+# Authentication Configuration
+AUTH_JWT_SECRET=your-very-secure-random-secret-key-change-this-in-production
+AUTH_TOKEN_EXPIRY=1h
+AUTH_REFRESH_TOKEN_EXPIRY=168h
+AUTH_SESSION_EXPIRY=8h
+AUTH_BCRYPT_COST=12
+
+# Initial User Configuration (for first-time setup)
+ADMIN_DEFAULT_USER=admin
+ADMIN_DEFAULT_PASSWORD=change-this-password
+ADMIN_DEFAULT_ROLE=super_admin
+
+# CORS Configuration
+CORS_ALLOWED_ORIGINS=https://admin.example.com,https://app.example.com
+CORS_ALLOWED_METHODS=GET,POST,PUT,PATCH,DELETE,OPTIONS
+CORS_ALLOWED_HEADERS=Content-Type,Authorization,X-API-Key
+CORS_EXPOSED_HEADERS=X-RateLimit-*
+CORS_MAX_AGE=86400
+CORS_CREDENTIALS=true
+
+# Content Security Policy
+CSP_DEFAULT_SRC='self'
+CSP_SCRIPT_SRC='self' 'unsafe-inline'
+CSP_STYLE_SRC='self' 'unsafe-inline'
+CSP_IMG_SRC='self' data:
+CSP_FONT_SRC='self'
+CSP_CONNECT_SRC='self'
+CSP_FRAME_ANCESTORS='none'
+CSP_FORM_ACTION='self'
+
+# Rate Limiting Configuration
+RATE_LIMIT_ENABLED=true
+RATE_LIMIT_STORE=redis
+RATE_LIMIT_BURST_MULTIPLIER=3
+RATE_LIMIT_CLEANUP_INTERVAL=5m
+
+# Security Headers
+SECURITY_X_CONTENT_TYPE_OPTIONS=nosniff
+SECURITY_X_FRAME_OPTIONS=DENY
+SECURITY_X_XSS_PROTECTION="1; mode=block"
+SECURITY_STRICT_TRANSPORT_SECURITY="max-age=31536000; includeSubDomains"
+
+# Audit Logging Configuration
+AUDIT_ENABLED=true
+AUDIT_LOG_ALL_REQUESTS=false
+AUDIT_LOG_FAILED_AUTH=true
+AUDIT_LOG_ADMIN_ACTIONS=true
+AUDIT_RETENTION_DAYS=90
+
+# User Management Configuration
+USERS_DEFAULT_AUTO_CREATED_ROLE=support
+USERS_PASSWORD_MIN_LENGTH=8
+USERS_PASSWORD_REQUIRE_UPPERCASE=true
+USERS_PASSWORD_REQUIRE_LOWERCASE=true
+USERS_PASSWORD_REQUIRE_NUMBERS=true
+USERS_PASSWORD_REQUIRE_SPECIAL=true
+USERS_PASSWORD_MAX_AGE_DAYS=90
+USERS_PASSWORD_PREVENT_REUSE=5
+
+# Two-Factor Authentication Configuration
+TFA_ISSUER=Cortex
+TFA_BACKUP_CODES_COUNT=10
+TFA_BACKUP_CODE_LENGTH=8
+
+# API Key Configuration
+API_KEYS_DEFAULT_ROLE=viewer
+API_KEYS_DEFAULT_EXPIRY=720h
+API_KEYS_MAX_EXPIRY=8760h
+API_KEYS_MAX_KEYS_PER_USER=50
+API_KEYS_AUTO_ROTATE=false
+API_KEYS_WARNING_DAYS=7
+
+# Logging Configuration
+LOG_LEVEL=info
+LOG_FORMAT=json
+LOG_OUTPUT=stdout
+AUDIT_LOG_OUTPUT=/var/log/Cortex/audit.log
+
+# Monitoring and Metrics
+METRICS_ENABLED=true
+METRICS_PORT=9090
+METRICS_PATH=/metrics
+
+# Health Check Configuration
+HEALTH_ENABLED=true
+HEALTH_PORT=8080
+HEALTH_PATH=/health
+
+# Production Security Settings (set these to true in production)
+PRODUCTION_SECURITY=false
+PRODUCTION_CORS_STRICT=false
+PRODUCTION_RATE_LIMIT_STRICT=false
+PRODUCTION_AUDIT_STRICT=false

.env.example

@@ -0,0 +1,10 @@
+# LLM Provider API Keys
+ANTHROPIC_API_KEY=sk-ant-xxxxxxxxxxxxxxxxxxxxx
+OPENAI_API_KEY=sk-xxxxxxxxxxxxxxxxxxxxx
+OPENROUTER_API_KEY=sk-or-xxxxxxxxxxxxxxxxxxxxx
+
+# Router API Key (for authenticating requests to the proxy)
+ROUTER_API_KEY=your-secure-api-key-here
+
+# Optional: HTTP Proxy URL
+# PROXY_URL=http://proxy.example.com:8080