scaffold: project skeleton, schema, healthz/readyz, CI
Initial project structure for neuronetz-gateway per scope-docs/SPEC.md: - Python 3.12 / FastAPI / SQLAlchemy 2.0 (async) / Redis / Postgres stack managed by uv. Multi-stage non-root Dockerfile, prod + dev compose files (ollama service is NEVER published in either), Caddyfile + systemd unit, justfile, GitHub Actions CI (ruff, mypy --strict, pytest, bandit, pip-audit). - Pydantic-Settings config covering every env var from SPEC §7, including the MODEL_DISCOVERY_* keys for the dynamic-discovery feature (§4.6). - Alembic 0001_initial creates the full gateway schema (8 tables, 3 enums, notify_key_revoked() trigger), incl. allow_all_models on tenant_limits and key_limits for the per-tenant auto-grant toggle. - Working /healthz, /readyz (fail-closed when deps unreachable), and a Prometheus /metrics stub. Sanitizing error handlers that attach X-Request-ID to every response and never leak upstream internals. - SPEC + AGENT_PROMPT included under scope-docs/ (source of truth).
This commit is contained in:
Stephan Berbig
60
justfile
Normal file
60
justfile
Normal file
@@ -0,0 +1,60 @@
|
||||
# neuronetz-gateway — task runner.
|
||||
#
|
||||
# Requires `just` (https://github.com/casey/just) and `uv`
|
||||
# (https://github.com/astral-sh/uv) on the host.
|
||||
#
|
||||
# just # list available targets
|
||||
# just dev # run postgres + redis + gateway locally (dev stack)
|
||||
# just test # run the test suite with coverage
|
||||
# just lint # ruff check
|
||||
# just typecheck # mypy --strict
|
||||
# just migrate # apply alembic migrations against DATABASE_URL
|
||||
|
||||
set dotenv-load := true
|
||||
|
||||
# uv runs commands inside the project's managed environment.
|
||||
uv := "uv"
|
||||
|
||||
# Show the list of targets (default).
|
||||
default:
|
||||
@just --list
|
||||
|
||||
# Sync dependencies into the local uv-managed virtualenv (incl. dev extras).
|
||||
install:
|
||||
{{uv}} sync --extra dev
|
||||
|
||||
# Run the dev stack: postgres + redis + gateway (no caddy, no ollama).
|
||||
dev:
|
||||
docker compose -f docker-compose.dev.yml up --build
|
||||
|
||||
# Run the test suite with coverage.
|
||||
test:
|
||||
{{uv}} run pytest
|
||||
|
||||
# Lint with ruff.
|
||||
lint:
|
||||
{{uv}} run ruff check .
|
||||
|
||||
# Static type checking (strict).
|
||||
typecheck:
|
||||
{{uv}} run mypy --strict src
|
||||
|
||||
# Apply database migrations to head.
|
||||
migrate:
|
||||
{{uv}} run alembic upgrade head
|
||||
|
||||
# Security lint.
|
||||
bandit:
|
||||
{{uv}} run bandit -q -r src
|
||||
|
||||
# Dependency vulnerability audit.
|
||||
audit:
|
||||
{{uv}} run pip-audit
|
||||
|
||||
# Bring the FULL production stack up (caddy + gateway + postgres + redis + ollama).
|
||||
compose-up:
|
||||
docker compose up -d --build
|
||||
|
||||
# Tear the production stack down.
|
||||
compose-down:
|
||||
docker compose down
|
||||
Reference in New Issue
Block a user