openalice-gateway
Architecture rating
Purpose-built auth/rate-limit/circuit-break gateway; 401 on unauth probe confirms auth enforcement is live, deny.toml guards supply-chain — but no visible SSRF/injection regression tests and CI is currently failing, so guards are unverified.
Manifest valid (100), 0 dead imports, 0 cycles, clean substrate adoption — undercut by env drift (5 declared-unused GATEWAY_URL_* vars) and 4 god modules / 2 duplicate signatures.
Manifest present+valid (100), AGENTS.md and 5 @feature annotations, roadmap 95 — but README excerpt is empty and 55 missing docstrings across modules.
Circuit breaking + rate limiting declared (good resilience posture), zero circular deps — but CI conclusion=failure (2026-06-15), uptime_24h=0%, max complexity 19 and 4 god modules; graceful-shutdown/retry/idempotency unverified by tests.
Health endpoint exists (probed at alice.blal.pro) but no metrics, tracing, or structured-log signal surfaced; 401/down probe and 0% uptime suggest probes aren't wired to a real readiness path.
Stateless proxy: manifest owns zero tables, no migrations dir, no schema/RLS/FK signal — appropriate for a gateway but nothing to evidence, graded conservatively for absence.
No tests directory detected in clone and CI run concluded in failure — zero evidence of coverage on auth/rate-limit/proxy critical paths; the dominant weakness for this repo.
source · auto-grader-2026-06-16
Ecosystem manifest
.atlas-deps.ymlAPI gateway — auth enforcement, rate limiting, circuit breaking, and HTTP/WS reverse proxy for the OpenAlice microservice ecosystem.
- openalice-authhttpvia GATEWAY_URL_AUTHValidate API keys by calling /auth/me on the auth service (fail-closed)
- via GATEWAY_URL_ALICEProxy /alice/* requests to the main OpenAlice service (120s timeout for LLM calls)
- via GATEWAY_URL_A2AProxy /a2a/* requests to the agent-to-agent service
- via GATEWAY_URL_MLProxy /ml/* requests to the ML gateway
- via GATEWAY_URL_PERSONAProxy /persona/* HTTP and /ws/persona WebSocket requests to the persona backend
- via GATEWAY_URL_REGISTRYProxy /registry/* requests to the agent registry
- via GATEWAY_URL_RTProxy /rt/* HTTP and /ws/rt WebSocket requests to the realtime backend
- via GATEWAY_URL_SOCIALProxy /social/* requests to the social API backend
- via GATEWAY_URL_VOICEProxy /voice/* HTTP and /ws/voice WebSocket requests to the voice backend
- SHARED_JWT_SECRET
- GATEWAY_JWT_SECRET
- GATEWAY_PORT
- GATEWAY_BIND
- GATEWAY_RATE_LIMIT
- GATEWAY_ANON_RATE_LIMIT
- GATEWAY_URL_AUTH
- GATEWAY_URL_SOCIAL
- GATEWAY_URL_VOICE
- GATEWAY_URL_RT
- GATEWAY_URL_PERSONA
- GATEWAY_URL_A2A
- GATEWAY_URL_ML
- GATEWAY_URL_ALICE
- GATEWAY_URL_REGISTRY
- docker_image: openalice-gateway
- http_endpoint: https://alice.blal.pro/api/*
Atlas grepped the repo's source for env reads (rust env::var · ts process.env · py os.environ · shell $VAR) and diffed against the manifest's consumes_env. Two lists below: stale declarations and undeclared reads.
- GATEWAY_URL_A2A
- GATEWAY_URL_ALICE
- GATEWAY_URL_ML
- GATEWAY_URL_REGISTRY
- GATEWAY_URL_SOCIAL
Roadmap · what's planned next
- circuit-breaker-tuningin progress23%Tune the circuit-breaker thresholds per upstream (auth fail-closed, others fail-open) and expose breaker state on /metrics so operators can spot failing backends before users do.
- per-route-rate-limitingplanned2%Replace the global GATEWAY_RATE_LIMIT / GATEWAY_ANON_RATE_LIMIT pair with per-route + per-tenant rate buckets so noisy /ml/* callers can't starve cheap /social/* traffic.
- jwt-auth-enforcementdone100%Validate SHARED_JWT_SECRET-signed bearer tokens and proxy /auth/me checks to openalice-auth so every backend can trust the gateway's identity assertions and skip its own JWT machinery.
- mandatory-single-entry-pointdone100%Make the gateway the only public ingress so backend services never expose their own ports to the internet — direct-service exposure is treated as a deployment misconfiguration.
Code composition
tokei · loc- Rust96.4%
- TOML3.6%
- Rust96.4%
- TOML3.6%
- Rust96.4%· 2,041
- TOML3.6%· 76
| Language | % code | code | comments | blanks | files |
|---|---|---|---|---|---|
| Rust | 96.4% | 2,041 | 83 | 246 | 10 |
| TOML | 3.6% | 76 | 54 | 9 | 2 |
| Markdown | 0.0% | 0 | 8 | 3 | 1 |
Telemetry ribbon · last 90 days
5 eventsgateway/auth
1 feature- gateway.auth.middlewaresrc/auth.rs:39Authenticate via JWT > session > API key, fall through to anonymous; exempt paths bypass.since 0.1.0
gateway/proxy
2 features- gateway.proxy.forwardsrc/proxy.rs:16HTTP reverse proxy with auth, rate-limit, circuit breaker, and prefix-stripped backend forward.since 0.1.0
- gateway.proxy.wssrc/ws_proxy.rs:15Bidirectional WebSocket proxies for /ws/rt, /ws/voice, /ws/persona — bridge browser to internal services.since 0.1.0
gateway/ratelimit
1 feature- gateway.ratelimit.token-bucketsrc/ratelimit.rs:5Per-user token-bucket rate limiter (separate user/anon caps) using DashMap.since 0.1.0
gateway/resilience
1 feature- gateway.circuit.breakersrc/circuit_breaker.rs:8Per-backend circuit breaker (Closed/Open/HalfOpen) — short-circuit failing services with 503.since 0.1.0