Merge dev into main #17

Merged
jimmy merged 6 commits from dev into main 2026-03-02 03:56:51 +08:00
9 changed files with 193 additions and 1 deletions
Showing only changes of commit ed4090a910 - Show all commits
+30
View File
@@ -0,0 +1,30 @@
# cc-connect (Phase 1)
Mobile bridge service for interacting with coding agents through chat, with LiteLLM as model gateway.
## Scope
- LiteLLM remains the unified cloud-model endpoint.
- cc-connect remains the chat/mobile bridge.
- Start with a single platform (Discord) for lower operational risk.
## Files
- `config.example.toml`: non-secret template.
- `docker-compose.yml`: optional always-on service shape.
## Setup (NAS)
1. Copy template and fill secrets locally:
- `cp cc-connect/config.example.toml cc-connect/config.toml`
- create `cc-connect/.env` with platform token(s)
2. Keep secrets local only (`.env` is gitignored).
3. Start service:
- `docker compose -f cc-connect/docker-compose.yml up -d`
## Security defaults
- Single platform enabled.
- Confirm/permission-gated command mode.
- Keep shell/file-write capabilities disabled initially.
- Restrict users/channels with explicit allowlists.
## Notes
- This repo only includes templates and orchestration shape.
- Exact runtime keys/fields can vary by cc-connect release; adjust `config.toml` to your installed version.
+27
View File
@@ -0,0 +1,27 @@
# cc-connect config template
# Keep one platform enabled at a time for minimal attack surface.
# This template starts with Discord only.
[service]
name = "nas-cc-connect"
log_level = "info"
[bridge]
provider = "litellm"
base_url = "http://host.docker.internal:4005"
model = "claude-arch"
request_timeout_sec = 30
[platform.discord]
enabled = true
bot_token = ""
allowed_user_ids = []
allowed_channel_ids = []
[security]
# Conservative defaults for initial rollout.
permission_mode = "confirm"
allow_yolo_mode = false
allow_shell = false
allow_file_write = false
max_session_minutes = 30
+22
View File
@@ -0,0 +1,22 @@
services:
cc-connect:
image: chenhg5/cc-connect:latest
container_name: cc-connect
restart: unless-stopped
labels:
- "com.centurylinklabs.watchtower.enable=true"
env_file:
- path: .env
required: false
volumes:
- ./config.toml:/app/config.toml:ro
command:
- "--config"
- "/app/config.toml"
extra_hosts:
- "host.docker.internal:host-gateway"
logging:
driver: json-file
options:
max-size: "10m"
max-file: "3"
+3
View File
@@ -44,6 +44,9 @@ CORS_ORIGINS = os.environ.get("CORS_ORIGINS", "https://nas.jimmygan.com,https://
# Chat Summary
CHAT_SUMMARY_DB = os.environ.get("CHAT_SUMMARY_DB", "/app/data/chat-summarizer/chat_summary.db")
# LiteLLM
LITELLM_URL = os.environ.get("LITELLM_URL", "http://127.0.0.1:4005")
# OpenClaw
OPENCLAW_GATEWAY_TOKEN = os.environ.get("OPENCLAW_GATEWAY_TOKEN", "")
+3 -1
View File
@@ -6,7 +6,7 @@ from fastapi.responses import JSONResponse
from slowapi import Limiter
from slowapi.util import get_remote_address
from slowapi.errors import RateLimitExceeded
from routers import docker_router, gitea, files, terminal, system, auth, chat_summary, security, passkey, totp
from routers import docker_router, gitea, files, terminal, system, auth, chat_summary, security, passkey, totp, litellm
import auth as auth_module
from rbac import require_page, require_write
@@ -179,6 +179,8 @@ app.include_router(files.router, prefix="/api/files",
dependencies=[Depends(_inject_user), Depends(require_page("files")), Depends(require_write())])
app.include_router(system.router, prefix="/api/system",
dependencies=[Depends(_inject_user), Depends(require_page("dashboard"))])
app.include_router(litellm.router, prefix="/api/litellm",
dependencies=[Depends(_inject_user), Depends(require_page("dashboard"))])
app.include_router(chat_summary.router, prefix="/api/chat-summary",
dependencies=[Depends(_inject_user), Depends(require_page("chat-digest"))])
app.include_router(security.router, prefix="/api/security",
+40
View File
@@ -0,0 +1,40 @@
import time
import httpx
from fastapi import APIRouter
from config import LITELLM_URL
router = APIRouter()
@router.get("/health")
async def litellm_health():
timeout = httpx.Timeout(2.0)
checks = ("/health", "/v1/models")
last_error = None
async with httpx.AsyncClient(timeout=timeout) as client:
for path in checks:
url = f"{LITELLM_URL.rstrip('/')}{path}"
started = time.perf_counter()
try:
response = await client.get(url)
latency_ms = round((time.perf_counter() - started) * 1000, 1)
if response.is_success:
return {
"ok": True,
"status": "up",
"latency_ms": latency_ms,
"endpoint": path,
"http_status": response.status_code,
}
last_error = f"{path} returned {response.status_code}"
except Exception as exc:
last_error = str(exc)
return {
"ok": False,
"status": "down",
"latency_ms": None,
"endpoint": None,
"error": last_error or "health check failed",
}
+10
View File
@@ -0,0 +1,10 @@
# Copy to .env on NAS and fill real values.
ANTHROPIC_API_KEY=
OPENAI_API_KEY=
GEMINI_API_KEY=
# Optional gateway auth key for internal clients.
LITELLM_MASTER_KEY=
# Host bind port for docker-compose mapping.
LITELLM_PORT=4005
+30
View File
@@ -0,0 +1,30 @@
model_list:
- model_name: claude-arch
litellm_params:
model: anthropic/claude-sonnet-4-6
api_key: os.environ/ANTHROPIC_API_KEY
timeout: 30
max_retries: 1
- model_name: codex-exec
litellm_params:
model: openai/gpt-4.1
api_key: os.environ/OPENAI_API_KEY
timeout: 30
max_retries: 1
- model_name: gemini-large
litellm_params:
model: gemini/gemini-1.5-pro
api_key: os.environ/GEMINI_API_KEY
timeout: 30
max_retries: 1
general_settings:
# Optional - leave empty in .env to disable gateway auth.
master_key: os.environ/LITELLM_MASTER_KEY
router_settings:
timeout: 30
num_retries: 1
retry_after: 1
+28
View File
@@ -0,0 +1,28 @@
services:
litellm:
image: ghcr.io/berriai/litellm:main-latest
container_name: litellm
restart: unless-stopped
labels:
- "com.centurylinklabs.watchtower.enable=true"
env_file:
- path: .env
required: false
environment:
- LITELLM_MASTER_KEY=${LITELLM_MASTER_KEY:-}
ports:
- "127.0.0.1:${LITELLM_PORT:-4005}:4005"
volumes:
- ./config:/config:ro
command:
- "--config"
- "/config/litellm.yaml"
- "--host"
- "0.0.0.0"
- "--port"
- "4005"
logging:
driver: json-file
options:
max-size: "10m"
max-file: "3"