feat: add LiteLLM gateway scaffold and dashboard health probe
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 2m11s
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 2m11s
Introduce a localhost-only LiteLLM service template and expose a protected dashboard health endpoint for operational visibility, while adding cc-connect mobile bridge templates with conservative defaults. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -0,0 +1,30 @@
|
|||||||
|
# cc-connect (Phase 1)
|
||||||
|
|
||||||
|
Mobile bridge service for interacting with coding agents through chat, with LiteLLM as model gateway.
|
||||||
|
|
||||||
|
## Scope
|
||||||
|
- LiteLLM remains the unified cloud-model endpoint.
|
||||||
|
- cc-connect remains the chat/mobile bridge.
|
||||||
|
- Start with a single platform (Discord) for lower operational risk.
|
||||||
|
|
||||||
|
## Files
|
||||||
|
- `config.example.toml`: non-secret template.
|
||||||
|
- `docker-compose.yml`: optional always-on service shape.
|
||||||
|
|
||||||
|
## Setup (NAS)
|
||||||
|
1. Copy template and fill secrets locally:
|
||||||
|
- `cp cc-connect/config.example.toml cc-connect/config.toml`
|
||||||
|
- create `cc-connect/.env` with platform token(s)
|
||||||
|
2. Keep secrets local only (`.env` is gitignored).
|
||||||
|
3. Start service:
|
||||||
|
- `docker compose -f cc-connect/docker-compose.yml up -d`
|
||||||
|
|
||||||
|
## Security defaults
|
||||||
|
- Single platform enabled.
|
||||||
|
- Confirm/permission-gated command mode.
|
||||||
|
- Keep shell/file-write capabilities disabled initially.
|
||||||
|
- Restrict users/channels with explicit allowlists.
|
||||||
|
|
||||||
|
## Notes
|
||||||
|
- This repo only includes templates and orchestration shape.
|
||||||
|
- Exact runtime keys/fields can vary by cc-connect release; adjust `config.toml` to your installed version.
|
||||||
@@ -0,0 +1,27 @@
|
|||||||
|
# cc-connect config template
|
||||||
|
# Keep one platform enabled at a time for minimal attack surface.
|
||||||
|
# This template starts with Discord only.
|
||||||
|
|
||||||
|
[service]
|
||||||
|
name = "nas-cc-connect"
|
||||||
|
log_level = "info"
|
||||||
|
|
||||||
|
[bridge]
|
||||||
|
provider = "litellm"
|
||||||
|
base_url = "http://host.docker.internal:4005"
|
||||||
|
model = "claude-arch"
|
||||||
|
request_timeout_sec = 30
|
||||||
|
|
||||||
|
[platform.discord]
|
||||||
|
enabled = true
|
||||||
|
bot_token = ""
|
||||||
|
allowed_user_ids = []
|
||||||
|
allowed_channel_ids = []
|
||||||
|
|
||||||
|
[security]
|
||||||
|
# Conservative defaults for initial rollout.
|
||||||
|
permission_mode = "confirm"
|
||||||
|
allow_yolo_mode = false
|
||||||
|
allow_shell = false
|
||||||
|
allow_file_write = false
|
||||||
|
max_session_minutes = 30
|
||||||
@@ -0,0 +1,22 @@
|
|||||||
|
services:
|
||||||
|
cc-connect:
|
||||||
|
image: chenhg5/cc-connect:latest
|
||||||
|
container_name: cc-connect
|
||||||
|
restart: unless-stopped
|
||||||
|
labels:
|
||||||
|
- "com.centurylinklabs.watchtower.enable=true"
|
||||||
|
env_file:
|
||||||
|
- path: .env
|
||||||
|
required: false
|
||||||
|
volumes:
|
||||||
|
- ./config.toml:/app/config.toml:ro
|
||||||
|
command:
|
||||||
|
- "--config"
|
||||||
|
- "/app/config.toml"
|
||||||
|
extra_hosts:
|
||||||
|
- "host.docker.internal:host-gateway"
|
||||||
|
logging:
|
||||||
|
driver: json-file
|
||||||
|
options:
|
||||||
|
max-size: "10m"
|
||||||
|
max-file: "3"
|
||||||
@@ -44,6 +44,9 @@ CORS_ORIGINS = os.environ.get("CORS_ORIGINS", "https://nas.jimmygan.com,https://
|
|||||||
# Chat Summary
|
# Chat Summary
|
||||||
CHAT_SUMMARY_DB = os.environ.get("CHAT_SUMMARY_DB", "/app/data/chat-summarizer/chat_summary.db")
|
CHAT_SUMMARY_DB = os.environ.get("CHAT_SUMMARY_DB", "/app/data/chat-summarizer/chat_summary.db")
|
||||||
|
|
||||||
|
# LiteLLM
|
||||||
|
LITELLM_URL = os.environ.get("LITELLM_URL", "http://127.0.0.1:4005")
|
||||||
|
|
||||||
# OpenClaw
|
# OpenClaw
|
||||||
OPENCLAW_GATEWAY_TOKEN = os.environ.get("OPENCLAW_GATEWAY_TOKEN", "")
|
OPENCLAW_GATEWAY_TOKEN = os.environ.get("OPENCLAW_GATEWAY_TOKEN", "")
|
||||||
|
|
||||||
|
|||||||
@@ -6,7 +6,7 @@ from fastapi.responses import JSONResponse
|
|||||||
from slowapi import Limiter
|
from slowapi import Limiter
|
||||||
from slowapi.util import get_remote_address
|
from slowapi.util import get_remote_address
|
||||||
from slowapi.errors import RateLimitExceeded
|
from slowapi.errors import RateLimitExceeded
|
||||||
from routers import docker_router, gitea, files, terminal, system, auth, chat_summary, security, passkey, totp
|
from routers import docker_router, gitea, files, terminal, system, auth, chat_summary, security, passkey, totp, litellm
|
||||||
import auth as auth_module
|
import auth as auth_module
|
||||||
from rbac import require_page, require_write
|
from rbac import require_page, require_write
|
||||||
|
|
||||||
@@ -179,6 +179,8 @@ app.include_router(files.router, prefix="/api/files",
|
|||||||
dependencies=[Depends(_inject_user), Depends(require_page("files")), Depends(require_write())])
|
dependencies=[Depends(_inject_user), Depends(require_page("files")), Depends(require_write())])
|
||||||
app.include_router(system.router, prefix="/api/system",
|
app.include_router(system.router, prefix="/api/system",
|
||||||
dependencies=[Depends(_inject_user), Depends(require_page("dashboard"))])
|
dependencies=[Depends(_inject_user), Depends(require_page("dashboard"))])
|
||||||
|
app.include_router(litellm.router, prefix="/api/litellm",
|
||||||
|
dependencies=[Depends(_inject_user), Depends(require_page("dashboard"))])
|
||||||
app.include_router(chat_summary.router, prefix="/api/chat-summary",
|
app.include_router(chat_summary.router, prefix="/api/chat-summary",
|
||||||
dependencies=[Depends(_inject_user), Depends(require_page("chat-digest"))])
|
dependencies=[Depends(_inject_user), Depends(require_page("chat-digest"))])
|
||||||
app.include_router(security.router, prefix="/api/security",
|
app.include_router(security.router, prefix="/api/security",
|
||||||
|
|||||||
@@ -0,0 +1,40 @@
|
|||||||
|
import time
|
||||||
|
import httpx
|
||||||
|
from fastapi import APIRouter
|
||||||
|
from config import LITELLM_URL
|
||||||
|
|
||||||
|
router = APIRouter()
|
||||||
|
|
||||||
|
|
||||||
|
@router.get("/health")
|
||||||
|
async def litellm_health():
|
||||||
|
timeout = httpx.Timeout(2.0)
|
||||||
|
checks = ("/health", "/v1/models")
|
||||||
|
|
||||||
|
last_error = None
|
||||||
|
async with httpx.AsyncClient(timeout=timeout) as client:
|
||||||
|
for path in checks:
|
||||||
|
url = f"{LITELLM_URL.rstrip('/')}{path}"
|
||||||
|
started = time.perf_counter()
|
||||||
|
try:
|
||||||
|
response = await client.get(url)
|
||||||
|
latency_ms = round((time.perf_counter() - started) * 1000, 1)
|
||||||
|
if response.is_success:
|
||||||
|
return {
|
||||||
|
"ok": True,
|
||||||
|
"status": "up",
|
||||||
|
"latency_ms": latency_ms,
|
||||||
|
"endpoint": path,
|
||||||
|
"http_status": response.status_code,
|
||||||
|
}
|
||||||
|
last_error = f"{path} returned {response.status_code}"
|
||||||
|
except Exception as exc:
|
||||||
|
last_error = str(exc)
|
||||||
|
|
||||||
|
return {
|
||||||
|
"ok": False,
|
||||||
|
"status": "down",
|
||||||
|
"latency_ms": None,
|
||||||
|
"endpoint": None,
|
||||||
|
"error": last_error or "health check failed",
|
||||||
|
}
|
||||||
@@ -0,0 +1,10 @@
|
|||||||
|
# Copy to .env on NAS and fill real values.
|
||||||
|
ANTHROPIC_API_KEY=
|
||||||
|
OPENAI_API_KEY=
|
||||||
|
GEMINI_API_KEY=
|
||||||
|
|
||||||
|
# Optional gateway auth key for internal clients.
|
||||||
|
LITELLM_MASTER_KEY=
|
||||||
|
|
||||||
|
# Host bind port for docker-compose mapping.
|
||||||
|
LITELLM_PORT=4005
|
||||||
@@ -0,0 +1,30 @@
|
|||||||
|
model_list:
|
||||||
|
- model_name: claude-arch
|
||||||
|
litellm_params:
|
||||||
|
model: anthropic/claude-sonnet-4-6
|
||||||
|
api_key: os.environ/ANTHROPIC_API_KEY
|
||||||
|
timeout: 30
|
||||||
|
max_retries: 1
|
||||||
|
|
||||||
|
- model_name: codex-exec
|
||||||
|
litellm_params:
|
||||||
|
model: openai/gpt-4.1
|
||||||
|
api_key: os.environ/OPENAI_API_KEY
|
||||||
|
timeout: 30
|
||||||
|
max_retries: 1
|
||||||
|
|
||||||
|
- model_name: gemini-large
|
||||||
|
litellm_params:
|
||||||
|
model: gemini/gemini-1.5-pro
|
||||||
|
api_key: os.environ/GEMINI_API_KEY
|
||||||
|
timeout: 30
|
||||||
|
max_retries: 1
|
||||||
|
|
||||||
|
general_settings:
|
||||||
|
# Optional - leave empty in .env to disable gateway auth.
|
||||||
|
master_key: os.environ/LITELLM_MASTER_KEY
|
||||||
|
|
||||||
|
router_settings:
|
||||||
|
timeout: 30
|
||||||
|
num_retries: 1
|
||||||
|
retry_after: 1
|
||||||
@@ -0,0 +1,28 @@
|
|||||||
|
services:
|
||||||
|
litellm:
|
||||||
|
image: ghcr.io/berriai/litellm:main-latest
|
||||||
|
container_name: litellm
|
||||||
|
restart: unless-stopped
|
||||||
|
labels:
|
||||||
|
- "com.centurylinklabs.watchtower.enable=true"
|
||||||
|
env_file:
|
||||||
|
- path: .env
|
||||||
|
required: false
|
||||||
|
environment:
|
||||||
|
- LITELLM_MASTER_KEY=${LITELLM_MASTER_KEY:-}
|
||||||
|
ports:
|
||||||
|
- "127.0.0.1:${LITELLM_PORT:-4005}:4005"
|
||||||
|
volumes:
|
||||||
|
- ./config:/config:ro
|
||||||
|
command:
|
||||||
|
- "--config"
|
||||||
|
- "/config/litellm.yaml"
|
||||||
|
- "--host"
|
||||||
|
- "0.0.0.0"
|
||||||
|
- "--port"
|
||||||
|
- "4005"
|
||||||
|
logging:
|
||||||
|
driver: json-file
|
||||||
|
options:
|
||||||
|
max-size: "10m"
|
||||||
|
max-file: "3"
|
||||||
Reference in New Issue
Block a user