Merge dev into main #17

Merged
jimmy merged 6 commits from dev into main 2026-03-02 03:56:51 +08:00
15 changed files with 341 additions and 1 deletions
+30
View File
@@ -0,0 +1,30 @@
# cc-connect (Phase 1)
Mobile bridge service for interacting with coding agents through chat, with LiteLLM as model gateway.
## Scope
- LiteLLM remains the unified cloud-model endpoint.
- cc-connect remains the chat/mobile bridge.
- Start with a single platform (Discord) for lower operational risk.
## Files
- `config.example.toml`: non-secret template.
- `docker-compose.yml`: optional always-on service shape.
## Setup (NAS)
1. Copy template and fill secrets locally:
- `cp cc-connect/config.example.toml cc-connect/config.toml`
- create `cc-connect/.env` with platform token(s)
2. Keep secrets local only (`.env` is gitignored).
3. Start service:
- `docker compose -f cc-connect/docker-compose.yml up -d`
## Security defaults
- Single platform enabled.
- Confirm/permission-gated command mode.
- Keep shell/file-write capabilities disabled initially.
- Restrict users/channels with explicit allowlists.
## Notes
- This repo only includes templates and orchestration shape.
- Exact runtime keys/fields can vary by cc-connect release; adjust `config.toml` to your installed version.
+27
View File
@@ -0,0 +1,27 @@
# cc-connect config template
# Keep one platform enabled at a time for minimal attack surface.
# This template starts with Discord only.
[service]
name = "nas-cc-connect"
log_level = "info"
[bridge]
provider = "litellm"
base_url = "http://host.docker.internal:4005"
model = "claude-arch"
request_timeout_sec = 30
[platform.discord]
enabled = true
bot_token = ""
allowed_user_ids = []
allowed_channel_ids = []
[security]
# Conservative defaults for initial rollout.
permission_mode = "confirm"
allow_yolo_mode = false
allow_shell = false
allow_file_write = false
max_session_minutes = 30
+21
View File
@@ -0,0 +1,21 @@
services:
cc-connect:
image: chenhg5/cc-connect:latest
container_name: cc-connect
restart: unless-stopped
labels:
- "com.centurylinklabs.watchtower.enable=true"
env_file:
- .env
volumes:
- ./config.toml:/app/config.toml:ro
command:
- "--config"
- "/app/config.toml"
extra_hosts:
- "host.docker.internal:host-gateway"
logging:
driver: json-file
options:
max-size: "10m"
max-file: "3"
+4
View File
@@ -44,6 +44,10 @@ CORS_ORIGINS = os.environ.get("CORS_ORIGINS", "https://nas.jimmygan.com,https://
# Chat Summary # Chat Summary
CHAT_SUMMARY_DB = os.environ.get("CHAT_SUMMARY_DB", "/app/data/chat-summarizer/chat_summary.db") CHAT_SUMMARY_DB = os.environ.get("CHAT_SUMMARY_DB", "/app/data/chat-summarizer/chat_summary.db")
# LiteLLM
LITELLM_URL = os.environ.get("LITELLM_URL", "http://127.0.0.1:4005")
LITELLM_HEALTH_API_KEY = os.environ.get("LITELLM_HEALTH_API_KEY", "")
# OpenClaw # OpenClaw
OPENCLAW_GATEWAY_TOKEN = os.environ.get("OPENCLAW_GATEWAY_TOKEN", "") OPENCLAW_GATEWAY_TOKEN = os.environ.get("OPENCLAW_GATEWAY_TOKEN", "")
+3 -1
View File
@@ -6,7 +6,7 @@ from fastapi.responses import JSONResponse
from slowapi import Limiter from slowapi import Limiter
from slowapi.util import get_remote_address from slowapi.util import get_remote_address
from slowapi.errors import RateLimitExceeded from slowapi.errors import RateLimitExceeded
from routers import docker_router, gitea, files, terminal, system, auth, chat_summary, security, passkey, totp from routers import docker_router, gitea, files, terminal, system, auth, chat_summary, security, passkey, totp, litellm
import auth as auth_module import auth as auth_module
from rbac import require_page, require_write from rbac import require_page, require_write
@@ -179,6 +179,8 @@ app.include_router(files.router, prefix="/api/files",
dependencies=[Depends(_inject_user), Depends(require_page("files")), Depends(require_write())]) dependencies=[Depends(_inject_user), Depends(require_page("files")), Depends(require_write())])
app.include_router(system.router, prefix="/api/system", app.include_router(system.router, prefix="/api/system",
dependencies=[Depends(_inject_user), Depends(require_page("dashboard"))]) dependencies=[Depends(_inject_user), Depends(require_page("dashboard"))])
app.include_router(litellm.router, prefix="/api/litellm",
dependencies=[Depends(_inject_user), Depends(require_page("dashboard"))])
app.include_router(chat_summary.router, prefix="/api/chat-summary", app.include_router(chat_summary.router, prefix="/api/chat-summary",
dependencies=[Depends(_inject_user), Depends(require_page("chat-digest"))]) dependencies=[Depends(_inject_user), Depends(require_page("chat-digest"))])
app.include_router(security.router, prefix="/api/security", app.include_router(security.router, prefix="/api/security",
+62
View File
@@ -0,0 +1,62 @@
import time
import httpx
from fastapi import APIRouter
from config import LITELLM_URL, LITELLM_HEALTH_API_KEY
router = APIRouter()
@router.get("/health")
async def litellm_health():
timeout = httpx.Timeout(2.0)
checks = ("/health", "/v1/models")
api_key = (LITELLM_HEALTH_API_KEY or "").strip()
headers = {}
if api_key:
headers = {
"Authorization": f"Bearer {api_key}",
"X-API-Key": api_key,
}
last_error = None
async with httpx.AsyncClient(timeout=timeout) as client:
for path in checks:
url = f"{LITELLM_URL.rstrip('/')}{path}"
started = time.perf_counter()
try:
response = await client.get(url, headers=headers)
latency_ms = round((time.perf_counter() - started) * 1000, 1)
if response.is_success:
return {
"ok": True,
"status": "up",
"latency_ms": latency_ms,
"endpoint": path,
"http_status": response.status_code,
}
if response.status_code == 401 and not api_key:
return {
"ok": True,
"status": "auth_required",
"latency_ms": latency_ms,
"endpoint": path,
"http_status": response.status_code,
}
if response.status_code == 401 and api_key:
last_error = f"{path} returned 401 with configured health auth"
else:
last_error = f"{path} returned {response.status_code}"
except Exception as exc:
last_error = str(exc)
return {
"ok": False,
"status": "down",
"latency_ms": None,
"endpoint": None,
"error": last_error or "health check failed",
}
+2
View File
@@ -21,6 +21,8 @@ services:
- TELEGRAM_CHAT_ID=${TELEGRAM_CHAT_ID:-} - TELEGRAM_CHAT_ID=${TELEGRAM_CHAT_ID:-}
- TELEGRAM_PROXY=${TELEGRAM_PROXY:-} - TELEGRAM_PROXY=${TELEGRAM_PROXY:-}
- CORS_ORIGINS=https://dev.nas.jimmygan.com,https://dev.nas.jimmygan.com:8443 - CORS_ORIGINS=https://dev.nas.jimmygan.com,https://dev.nas.jimmygan.com:8443
- LITELLM_URL=http://litellm:4005
- LITELLM_HEALTH_API_KEY=${LITELLM_HEALTH_API_KEY:-}
volumes: volumes:
- /volume1:/volume1 - /volume1:/volume1
- /volume1/docker/nas-dashboard/ssh/dashboard_terminal:/app/ssh/id_ed25519:ro - /volume1/docker/nas-dashboard/ssh/dashboard_terminal:/app/ssh/id_ed25519:ro
+1
View File
@@ -43,6 +43,7 @@ services:
- TELEGRAM_CHAT_ID=${TELEGRAM_CHAT_ID:-} - TELEGRAM_CHAT_ID=${TELEGRAM_CHAT_ID:-}
- TELEGRAM_PROXY=${TELEGRAM_PROXY:-} - TELEGRAM_PROXY=${TELEGRAM_PROXY:-}
- CORS_ORIGINS=https://nas.jimmygan.com - CORS_ORIGINS=https://nas.jimmygan.com
- LITELLM_HEALTH_API_KEY=${LITELLM_HEALTH_API_KEY:-}
volumes: volumes:
- /volume1:/volume1 - /volume1:/volume1
- /volume1/docker/nas-dashboard/ssh/dashboard_terminal:/app/ssh/id_ed25519:ro - /volume1/docker/nas-dashboard/ssh/dashboard_terminal:/app/ssh/id_ed25519:ro
+3
View File
@@ -9,6 +9,7 @@
import Settings from "./routes/Settings.svelte"; import Settings from "./routes/Settings.svelte";
import ChatSummary from "./routes/ChatSummary.svelte"; import ChatSummary from "./routes/ChatSummary.svelte";
import Security from "./routes/Security.svelte"; import Security from "./routes/Security.svelte";
import LiteLLM from "./routes/LiteLLM.svelte";
import Login from "./routes/Login.svelte"; import Login from "./routes/Login.svelte";
import { onMount } from "svelte"; import { onMount } from "svelte";
import { getToken, checkAuth, setToken, setRefreshToken, currentUser, setCurrentUser, getPreferences, savePreferences } from "./lib/api.js"; import { getToken, checkAuth, setToken, setRefreshToken, currentUser, setCurrentUser, getPreferences, savePreferences } from "./lib/api.js";
@@ -153,6 +154,8 @@
<Settings /> <Settings />
{:else if page === "security" && hasPageAccess("security")} {:else if page === "security" && hasPageAccess("security")}
<Security /> <Security />
{:else if page === "litellm" && hasPageAccess("dashboard")}
<LiteLLM />
{:else} {:else}
<Dashboard /> <Dashboard />
{/if} {/if}
@@ -16,6 +16,7 @@
const defaultLinks = [ const defaultLinks = [
{ id: "dashboard", label: "Overview", icon: "grid" }, { id: "dashboard", label: "Overview", icon: "grid" },
{ id: "litellm", label: "LiteLLM", icon: "bolt" },
{ id: "docker", label: "Docker", icon: "box" }, { id: "docker", label: "Docker", icon: "box" },
{ id: "files", label: "Files", icon: "folder" }, { id: "files", label: "Files", icon: "folder" },
{ id: "terminal", label: "Terminal", icon: "terminal" }, { id: "terminal", label: "Terminal", icon: "terminal" },
@@ -228,6 +229,8 @@
<svg class="w-[18px] h-[18px]" fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="1.8"><path stroke-linecap="round" stroke-linejoin="round" d="M4 6a2 2 0 012-2h2a2 2 0 012 2v2a2 2 0 01-2 2H6a2 2 0 01-2-2V6zm10 0a2 2 0 012-2h2a2 2 0 012 2v2a2 2 0 01-2 2h-2a2 2 0 01-2-2V6zM4 16a2 2 0 012-2h2a2 2 0 012 2v2a2 2 0 01-2 2H6a2 2 0 01-2-2v-2zm10 0a2 2 0 012-2h2a2 2 0 012 2v2a2 2 0 01-2 2h-2a2 2 0 01-2-2v-2z" /></svg> <svg class="w-[18px] h-[18px]" fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="1.8"><path stroke-linecap="round" stroke-linejoin="round" d="M4 6a2 2 0 012-2h2a2 2 0 012 2v2a2 2 0 01-2 2H6a2 2 0 01-2-2V6zm10 0a2 2 0 012-2h2a2 2 0 012 2v2a2 2 0 01-2 2h-2a2 2 0 01-2-2V6zM4 16a2 2 0 012-2h2a2 2 0 012 2v2a2 2 0 01-2 2H6a2 2 0 01-2-2v-2zm10 0a2 2 0 012-2h2a2 2 0 012 2v2a2 2 0 01-2 2h-2a2 2 0 01-2-2v-2z" /></svg>
{:else if icon === "box"} {:else if icon === "box"}
<svg class="w-[18px] h-[18px]" fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="1.8"><path stroke-linecap="round" stroke-linejoin="round" d="M20 7l-8-4-8 4m16 0l-8 4m8-4v10l-8 4m0-10L4 7m8 4v10M4 7v10l8 4" /></svg> <svg class="w-[18px] h-[18px]" fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="1.8"><path stroke-linecap="round" stroke-linejoin="round" d="M20 7l-8-4-8 4m16 0l-8 4m8-4v10l-8 4m0-10L4 7m8 4v10M4 7v10l8 4" /></svg>
{:else if icon === "bolt"}
<svg class="w-[18px] h-[18px]" fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="1.8"><path stroke-linecap="round" stroke-linejoin="round" d="M13 3L4 14h6l-1 7 9-11h-6l1-7z" /></svg>
{:else if icon === "folder"} {:else if icon === "folder"}
<svg class="w-[18px] h-[18px]" fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="1.8"><path stroke-linecap="round" stroke-linejoin="round" d="M3 7v10a2 2 0 002 2h14a2 2 0 002-2V9a2 2 0 00-2-2h-6l-2-2H5a2 2 0 00-2 2z" /></svg> <svg class="w-[18px] h-[18px]" fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="1.8"><path stroke-linecap="round" stroke-linejoin="round" d="M3 7v10a2 2 0 002 2h14a2 2 0 002-2V9a2 2 0 00-2-2h-6l-2-2H5a2 2 0 00-2 2z" /></svg>
{:else if icon === "terminal"} {:else if icon === "terminal"}
+4
View File
@@ -139,6 +139,10 @@ export function savePreferences(data) {
return request("/auth/preferences", { method: "PUT", json: data }); return request("/auth/preferences", { method: "PUT", json: data });
} }
export function getLiteLLMHealth() {
return get("/litellm/health");
}
export function put(path, data) { export function put(path, data) {
return request(path, { method: "PUT", json: data }); return request(path, { method: "PUT", json: data });
} }
@@ -0,0 +1,108 @@
<script>
import { onMount } from "svelte";
import { getLiteLLMHealth } from "../lib/api.js";
let loading = $state(true);
let health = $state(null);
let requestError = $state("");
async function loadHealth() {
loading = true;
requestError = "";
try {
health = await getLiteLLMHealth();
} catch (e) {
requestError = e?.body?.detail || e?.message || "Failed to load LiteLLM health";
health = null;
} finally {
loading = false;
}
}
function statusBadgeClass(status) {
if (status === "up") {
return "bg-emerald-100 text-emerald-700 dark:bg-emerald-900/40 dark:text-emerald-300";
}
if (status === "auth_required") {
return "bg-amber-100 text-amber-700 dark:bg-amber-900/40 dark:text-amber-300";
}
return "bg-rose-100 text-rose-700 dark:bg-rose-900/40 dark:text-rose-300";
}
function valueOrDash(value) {
return value === null || value === undefined || value === "" ? "—" : value;
}
onMount(loadHealth);
</script>
<div class="space-y-6">
<div class="flex items-center justify-between">
<div>
<h1 class="text-2xl font-bold text-surface-900 dark:text-white tracking-tight">LiteLLM</h1>
<p class="text-sm text-surface-400 mt-1">Gateway health and connectivity status</p>
<div class="mt-2 flex flex-wrap items-center gap-2 text-[11px] font-medium">
<span class="px-2 py-0.5 rounded-full bg-emerald-100 text-emerald-700 dark:bg-emerald-900/40 dark:text-emerald-300">up</span>
<span class="px-2 py-0.5 rounded-full bg-amber-100 text-amber-700 dark:bg-amber-900/40 dark:text-amber-300">auth_required</span>
<span class="px-2 py-0.5 rounded-full bg-rose-100 text-rose-700 dark:bg-rose-900/40 dark:text-rose-300">down</span>
</div>
</div>
<button onclick={loadHealth} disabled={loading} class="px-3 py-1.5 text-xs font-medium text-primary-600 bg-primary-50 hover:bg-primary-100 rounded-lg transition-colors disabled:opacity-50 dark:bg-primary-900/30 dark:text-primary-300">
{loading ? "Loading..." : "Refresh"}
</button>
</div>
{#if requestError}
<div class="bg-rose-50 dark:bg-rose-900/20 border border-rose-200 dark:border-rose-700 rounded-xl p-4 shadow-sm">
<p class="text-sm font-medium text-rose-700 dark:text-rose-300">Failed to fetch LiteLLM health</p>
<p class="text-xs text-rose-600 dark:text-rose-400 mt-1">{requestError}</p>
</div>
{/if}
<div class="bg-white dark:bg-surface-800 rounded-xl border border-surface-200 dark:border-surface-700 p-5 shadow-sm">
{#if loading && !health}
<div class="space-y-3">
<div class="h-6 w-36 rounded bg-surface-100 dark:bg-surface-700 animate-pulse"></div>
<div class="grid grid-cols-1 sm:grid-cols-2 gap-3">
{#each Array(6) as _}
<div class="h-16 rounded-lg bg-surface-100 dark:bg-surface-700 animate-pulse"></div>
{/each}
</div>
</div>
{:else if health}
<div class="flex items-center justify-between mb-4">
<h3 class="text-sm font-semibold text-surface-700 dark:text-surface-200">Health Status</h3>
<span class="px-2.5 py-1 text-xs font-semibold rounded-full {statusBadgeClass(health.status)}">{valueOrDash(health.status)}</span>
</div>
<div class="grid grid-cols-1 sm:grid-cols-2 lg:grid-cols-3 gap-3">
<div class="rounded-lg border border-surface-200 dark:border-surface-700 p-3">
<p class="text-xs font-medium text-surface-400 uppercase tracking-wider">OK</p>
<p class="text-sm font-semibold text-surface-800 dark:text-surface-100 mt-1">{String(Boolean(health.ok))}</p>
</div>
<div class="rounded-lg border border-surface-200 dark:border-surface-700 p-3">
<p class="text-xs font-medium text-surface-400 uppercase tracking-wider">Latency</p>
<p class="text-sm font-semibold text-surface-800 dark:text-surface-100 mt-1">{health.latency_ms === null || health.latency_ms === undefined ? "—" : `${health.latency_ms} ms`}</p>
</div>
<div class="rounded-lg border border-surface-200 dark:border-surface-700 p-3">
<p class="text-xs font-medium text-surface-400 uppercase tracking-wider">Endpoint</p>
<p class="text-sm font-semibold text-surface-800 dark:text-surface-100 mt-1">{valueOrDash(health.endpoint)}</p>
</div>
<div class="rounded-lg border border-surface-200 dark:border-surface-700 p-3">
<p class="text-xs font-medium text-surface-400 uppercase tracking-wider">HTTP Status</p>
<p class="text-sm font-semibold text-surface-800 dark:text-surface-100 mt-1">{valueOrDash(health.http_status)}</p>
</div>
<div class="rounded-lg border border-surface-200 dark:border-surface-700 p-3 sm:col-span-2 lg:col-span-2">
<p class="text-xs font-medium text-surface-400 uppercase tracking-wider">Error</p>
<p class="text-sm font-semibold text-surface-800 dark:text-surface-100 mt-1 break-all">{valueOrDash(health.error)}</p>
</div>
</div>
{:else}
<p class="text-sm text-surface-400">No health data available.</p>
{/if}
</div>
</div>
+10
View File
@@ -0,0 +1,10 @@
# Copy to .env on NAS and fill real values.
ANTHROPIC_API_KEY=
OPENAI_API_KEY=
GEMINI_API_KEY=
# Optional gateway auth key for internal clients.
LITELLM_MASTER_KEY=
# Host bind port for docker-compose mapping.
LITELLM_PORT=4005
+30
View File
@@ -0,0 +1,30 @@
model_list:
- model_name: claude-arch
litellm_params:
model: anthropic/claude-sonnet-4-6
api_key: os.environ/ANTHROPIC_API_KEY
timeout: 30
max_retries: 1
- model_name: codex-exec
litellm_params:
model: openai/gpt-4.1
api_key: os.environ/OPENAI_API_KEY
timeout: 30
max_retries: 1
- model_name: gemini-large
litellm_params:
model: gemini/gemini-1.5-pro
api_key: os.environ/GEMINI_API_KEY
timeout: 30
max_retries: 1
general_settings:
# Optional - leave empty in .env to disable gateway auth.
master_key: os.environ/LITELLM_MASTER_KEY
router_settings:
timeout: 30
num_retries: 1
retry_after: 1
+33
View File
@@ -0,0 +1,33 @@
services:
litellm:
image: ghcr.io/berriai/litellm:main-latest
container_name: litellm
restart: unless-stopped
labels:
- "com.centurylinklabs.watchtower.enable=true"
env_file:
- .env
environment:
- LITELLM_MASTER_KEY=${LITELLM_MASTER_KEY:-}
ports:
- "127.0.0.1:${LITELLM_PORT:-4005}:4005"
volumes:
- ./config:/config:ro
networks:
- nas-dashboard_internal
command:
- "--config"
- "/config/litellm.yaml"
- "--host"
- "0.0.0.0"
- "--port"
- "4005"
logging:
driver: json-file
options:
max-size: "10m"
max-file: "3"
networks:
nas-dashboard_internal:
external: true