David/veylant
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix public repo

Browse Source
This commit is contained in:
David 2026-03-13 13:43:09 +01:00
parent 11cffbcbb5
commit 0ce1752aed
3 changed files with 214 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
.env.example Normal file
View File

@ -0,0 +1,48 @@
# ─────────────────────────────────────────────────────────────────────────────
# Veylant IA — Environment variables
# Copy this file to .env and fill in the values.
# All VEYLANT_* vars override the corresponding key in config.yaml.
# ─────────────────────────────────────────────────────────────────────────────
# ── Server ────────────────────────────────────────────────────────────────────
VEYLANT_SERVER_ENV=development
VEYLANT_SERVER_TENANT_NAME=My Organisation
VEYLANT_SERVER_ALLOWED_ORIGINS=http://localhost:3000
# ── Auth (JWT) ────────────────────────────────────────────────────────────────
# Generate: openssl rand -hex 32
VEYLANT_AUTH_JWT_SECRET=change-me-in-production
VEYLANT_AUTH_JWT_TTL_HOURS=24
# ── Database ──────────────────────────────────────────────────────────────────
VEYLANT_DATABASE_URL=postgres://veylant:veylant_dev@localhost:5432/veylant?sslmode=disable
# ── Redis ─────────────────────────────────────────────────────────────────────
VEYLANT_REDIS_URL=redis://localhost:6379
# ── ClickHouse ────────────────────────────────────────────────────────────────
VEYLANT_CLICKHOUSE_DSN=clickhouse://veylant:veylant_dev@localhost:9000/veylant_logs
# ── Cryptography ──────────────────────────────────────────────────────────────
# AES-256-GCM key for prompt encryption. Generate: openssl rand -base64 32
VEYLANT_CRYPTO_AES_KEY_BASE64=
# ── LLM Provider API Keys ─────────────────────────────────────────────────────
VEYLANT_PROVIDERS_OPENAI_API_KEY=sk-...
VEYLANT_PROVIDERS_ANTHROPIC_API_KEY=sk-ant-...
VEYLANT_PROVIDERS_MISTRAL_API_KEY=
VEYLANT_PROVIDERS_AZURE_API_KEY=
VEYLANT_PROVIDERS_AZURE_RESOURCE_NAME=
VEYLANT_PROVIDERS_AZURE_DEPLOYMENT_ID=
# ── SMTP (email notifications) ────────────────────────────────────────────────
VEYLANT_NOTIFICATIONS_SMTP_HOST=smtp.example.com
VEYLANT_NOTIFICATIONS_SMTP_PORT=587
VEYLANT_NOTIFICATIONS_SMTP_USERNAME=alerts@example.com
VEYLANT_NOTIFICATIONS_SMTP_PASSWORD=your-smtp-password
VEYLANT_NOTIFICATIONS_SMTP_FROM=noreply@example.com
VEYLANT_NOTIFICATIONS_SMTP_FROM_NAME=Veylant IA
# ── HashiCorp Vault (production only) ─────────────────────────────────────────
# VAULT_ADDR=https://vault.example.com
# VAULT_TOKEN=

59
.gitignore vendored
View File

@ -1,4 +1,4 @@
# Go
# ─── Go ───────────────────────────────────────────────────────────────────────
bin/
*.exe
*.exe~
@ -9,15 +9,13 @@ bin/
*.out
coverage.out
coverage.html
# Vendor
vendor/
# Go workspace
coverage_internal.out
coverage/
go.work
go.work.sum
vendor/
# Python
# ─── Python ───────────────────────────────────────────────────────────────────
__pycache__/
*.py[cod]
*$py.class
@ -25,20 +23,27 @@ __pycache__/
.venv/
venv/
env/
dist/
*.egg-info/
.pytest_cache/
.mypy_cache/
htmlcov/
.ruff_cache/
# Node / Frontend
# ─── Node / Frontend ──────────────────────────────────────────────────────────
node_modules/
.next/
out/
dist/
*.local
web/dist/
web/.vite/
# Environment & secrets
# ─── web-public (standalone public site — has its own build/deploy) ───────────
web-public/
# ─── Secrets & config ─────────────────────────────────────────────────────────
# Real config lives in config.yaml — use config.yaml.example as the template
config.yaml
.env
.env.*
!.env.example
@ -49,31 +54,37 @@ dist/
secrets/
vault-tokens/
# Docker
.docker/
# ─── Generated proto stubs (regenerated via `make proto`) ─────────────────────
gen/
services/pii/gen/
# Terraform
# ─── Terraform state ──────────────────────────────────────────────────────────
.terraform/
*.tfstate
*.tfstate.*
*.tfplan
.terraform.lock.hcl
# IDE
# ─── Docker ───────────────────────────────────────────────────────────────────
.docker/
# ─── Logs & temp ──────────────────────────────────────────────────────────────
*.log
logs/
tmp/
*.tmp
# ─── Test / scratch files ─────────────────────────────────────────────────────
test_smtp.go
# ─── IDE ──────────────────────────────────────────────────────────────────────
.idea/
.vscode/
*.swp
*.swo
*~
.DS_Store
Thumbs.db
# Generated proto stubs
gen/
services/pii/gen/
# Logs
*.log
logs/
# Coverage reports
coverage/
# ─── Compiled proxy binary ────────────────────────────────────────────────────
proxy

131
config.yaml.example Normal file
View File

@ -0,0 +1,131 @@
server:
port: 8090
shutdown_timeout_seconds: 30
env: development # "production" → fatal on any missing service
tenant_name: "My Organisation"
# CORS: origins allowed to call the proxy from a browser.
# Override in production: VEYLANT_SERVER_ALLOWED_ORIGINS=https://dashboard.example.com
allowed_origins:
- "http://localhost:3000"
database:
url: "postgres://veylant:veylant_dev@localhost:5432/veylant?sslmode=disable"
max_open_conns: 25
max_idle_conns: 5
migrations_path: "migrations"
redis:
url: "redis://localhost:6379"
# Local JWT authentication (email/password).
# MUST be changed in production — use a long random secret.
# Generate: openssl rand -hex 32
# Override: VEYLANT_AUTH_JWT_SECRET=<your-secret>
auth:
jwt_secret: "change-me-in-production"
jwt_ttl_hours: 24
pii:
enabled: true
service_addr: "localhost:50051"
timeout_ms: 100
fail_open: true # set false in production
log:
level: "info" # debug | info | warn | error
format: "json" # json | console
# LLM provider adapters.
# API keys MUST be injected via env vars — never hardcode them here.
# Example: VEYLANT_PROVIDERS_OPENAI_API_KEY=sk-...
# Provider configs can also be managed via the admin API (POST /v1/admin/providers).
providers:
openai:
base_url: "https://api.openai.com/v1"
# api_key: set via VEYLANT_PROVIDERS_OPENAI_API_KEY
timeout_seconds: 30
max_conns: 100
anthropic:
base_url: "https://api.anthropic.com/v1"
version: "2023-06-01"
timeout_seconds: 30
max_conns: 100
# api_key: set via VEYLANT_PROVIDERS_ANTHROPIC_API_KEY
azure:
api_version: "2024-02-01"
timeout_seconds: 30
max_conns: 100
# api_key: set via VEYLANT_PROVIDERS_AZURE_API_KEY
# resource_name: set via VEYLANT_PROVIDERS_AZURE_RESOURCE_NAME
# deployment_id: set via VEYLANT_PROVIDERS_AZURE_DEPLOYMENT_ID
mistral:
base_url: "https://api.mistral.ai/v1"
timeout_seconds: 30
max_conns: 100
# api_key: set via VEYLANT_PROVIDERS_MISTRAL_API_KEY
ollama:
base_url: "http://localhost:11434/v1"
timeout_seconds: 120
max_conns: 10
# Role-based access control for the provider router.
rbac:
# Models accessible to the "user" role (exact match or prefix).
# admin and manager always have unrestricted access.
user_allowed_models:
- "gpt-4o-mini"
- "gpt-3.5-turbo"
- "mistral-small"
# If false (default), auditors receive 403 on /v1/chat/completions.
auditor_can_complete: false
metrics:
enabled: true
path: "/metrics"
# Intelligent routing engine.
routing:
# How long routing rules are cached in memory before a background refresh.
cache_ttl_seconds: 30
# ClickHouse audit log.
# DSN: clickhouse://user:pass@host:9000/database
# Override: VEYLANT_CLICKHOUSE_DSN=clickhouse://...
clickhouse:
dsn: "clickhouse://veylant:veylant_dev@localhost:9000/veylant_logs"
max_conns: 10
dial_timeout_seconds: 5
# Cryptography.
# AES-256-GCM key for encrypting stored prompts.
# MUST be set in production via: VEYLANT_CRYPTO_AES_KEY_BASE64
# Generate: openssl rand -base64 32
crypto:
aes_key_base64: ""
# Rate limiting defaults. Per-tenant overrides stored in the rate_limit_configs table.
rate_limit:
default_tenant_rpm: 1000
default_tenant_burst: 200
default_user_rpm: 100
default_user_burst: 20
# Email notifications via SMTP.
# Override credentials in production via env vars:
# VEYLANT_NOTIFICATIONS_SMTP_HOST
# VEYLANT_NOTIFICATIONS_SMTP_PORT
# VEYLANT_NOTIFICATIONS_SMTP_USERNAME
# VEYLANT_NOTIFICATIONS_SMTP_PASSWORD
# VEYLANT_NOTIFICATIONS_SMTP_FROM
notifications:
smtp:
host: "smtp.example.com"
port: 587
username: "alerts@example.com"
password: "your-smtp-password"
from: "noreply@example.com"
from_name: "Veylant IA"