openalice-ml-gateway
[Atlas card](https://atlas.blal.pro/repos/openalice-ml-gateway)
Architecture rating
Manifest 100/valid, drift 90, zero circular deps, 0 dead imports, avg complexity 4.52 — strong adoption of shared substrate; minor formatting (23) and 25 missing docstrings.
Valid manifest with table ownership + 6 endpoints, AGENTS.md present, 10 @feature annotations (features 100); weakened by a stub README (only Atlas card link) and 25 missing docstrings.
API-key auth + rate limiting + usage tracking declared in manifest, admin/keys gated, /metrics exposed; but SSRF/injection guards on embed/rerank/NER backend calls and security headers are unverified in evidence.
Dedicated GET /metrics (Prometheus) endpoint exposed and CI-verified; tracing and structured-log evidence absent, and health probe fails (no https endpoint in manifest exposes).
Owns api_keys + usage tables with clean manifest, but NO migrations/ dir in clone and zero evidence of RLS/tenant isolation, FK constraints, or GDPR handling on usage data.
CI green and no cycles, but record_usage is unreferenced (likely dead/unwired usage path), PORT env declared-unused, and no evidence of timeouts/retries/graceful SIGTERM shutdown to upstream embed/rerank/NER backends.
No tests/ dir present in clone and inspector reports no test count; critical paths (auth, rate-limit, usage accounting) appear untested despite green CI.
source · auto-grader-2026-06-16
Ecosystem manifest
.atlas-deps.ymlML Gateway — API key auth, rate limiting, and usage tracking in front of embed/rerank/NER backends.
- openalice-mlhttpvia EMBED_SERVICE_URLProxy /v1/embed and /v1/rerank requests to the BGE-M3 embedding + reranker backend
- openalice-nerhttpvia NER_SERVICE_URLProxy /v1/ner requests to the GLiNER zero-shot NER backend
- ADMIN_KEY
- EMBED_SERVICE_URL
- NER_SERVICE_URL
- BACKEND_API_KEY
- ALICE_ML_KEY
- KEYS_FILE
- USAGE_FILE
- PORT
- http_endpoint: POST /v1/embed
- http_endpoint: POST /v1/rerank
- http_endpoint: POST /v1/ner
- http_endpoint: GET /v1/usage
- http_endpoint: POST /admin/keys
- http_endpoint: GET /metrics
- api_keys
- usage
Atlas grepped the repo's source for env reads (rust env::var · ts process.env · py os.environ · shell $VAR) and diffed against the manifest's consumes_env. Two lists below: stale declarations and undeclared reads.
- PORT
Roadmap · what's planned next
- postgres-backed-stateplanned3%Replace the JSON keys_file + usage_file with a Postgres-backed store so multi-replica deployments + audit logging are possible; current single-process file-flush model can't survive horizontal scale.
- per-key-rotation-and-revokeplanned4%Add POST /admin/keys/{id}/rotate + DELETE /admin/keys/{id} flows so a leaked key can be revoked atomically and a replacement issued with the same caps + permissions.
- streaming-proxy-passthroughplanned4%Switch /v1/embed and /v1/rerank to a streaming response forward so large batch responses don't have to be fully buffered in the gateway — drops p99 latency under heavy load.
- prometheus-detail-metricsplanned9%Expose per-key request / token counters + backend latency histograms on /metrics so Grafana can render a per-tenant usage dashboard without scraping JSON state.
- openai-compatible-surfaceplanned3%Mirror /v1/embed as /v1/embeddings with OpenAI-compatible request/response shape so off-the-shelf SDKs can target the gateway without custom adapters.
Code composition
tokei · loc- Rust95.7%
- JSON2.4%
- TOML1.9%
- Rust95.7%
- JSON2.4%
- TOML1.9%
- Rust95.7%· 887
- JSON2.4%· 22
- TOML1.9%· 18
| Language | % code | code | comments | blanks | files |
|---|---|---|---|---|---|
| Rust | 95.7% | 887 | 56 | 93 | 1 |
| JSON | 2.4% | 22 | 0 | 0 | 2 |
| TOML | 1.9% | 18 | 0 | 1 | 1 |
| Markdown | 0.0% | 0 | 93 | 43 | 2 |
Telemetry ribbon · last 90 days
9 eventsml-gateway/admin
1 feature- ml-gateway.keys.createsrc/main.rs:639Admin endpoint — issue an API key with per-day request limit and per-month token cap.api:POST /admin/keyssince 0.1.0
ml-gateway/embed
1 feature- ml-gateway.embed.proxysrc/main.rs:700Authenticated, rate-limited proxy to the embedding backend (/v1/embed).api:POST /v1/embedsince 0.1.0
ml-gateway/health
1 feature- ml-gateway.health.endpointsrc/main.rs:468GET /health probes the embed-rerank and NER backends with a 3s timeout and returns per-service status + gateway uptime — used by Traefik and the docs site status badge.api:GET /healthsince 0.1.0
ml-gateway/keys
1 feature- ml-gateway.keys.validatesrc/main.rs:8SHA-256 hashed API key store — constant-time bearer comparison, per-endpoint permission allowlist on the key, daily reset of request counters at UTC midnight.since 0.1.0
ml-gateway/metrics
1 feature- ml-gateway.metrics.endpointsrc/main.rs:519GET /metrics emits Prometheus text — uptime + total/active key count + cluster-wide requests/tokens/requests_today; gated by admin key (constant-time hash compare) so SaaS tenants can't enumerate other customers' traffic.api:GET /metricssince 0.1.0
ml-gateway/ner
1 feature- ml-gateway.ner.proxysrc/main.rs:739Authenticated, rate-limited proxy to the NER backend (/v1/ner).api:POST /v1/nersince 0.1.0
ml-gateway/openapi
1 feature- ml-gateway.openapi.specsrc/main.rs:808GET /v1/openapi.json serves the OpenAPI 3.0.3 spec covering /v1/embed, /v1/rerank, /v1/ner, /v1/usage, and /health with BearerAuth security scheme — consumed by client SDK generators + the docs site.api:GET /v1/openapi.jsonsince 0.1.0
ml-gateway/persistence
1 feature- ml-gateway.persistence.background-saversrc/main.rs:7595-second background task — snapshots keys + usage under read-lock, writes JSON to disk without holding any lock, then clears `dirty` only after a successful write so process death never loses a counter increment (crash-safe write-behind cache).since 0.1.0
ml-gateway/rerank
1 feature- ml-gateway.rerank.proxysrc/main.rs:716Authenticated, rate-limited proxy to the reranker backend (/v1/rerank).api:POST /v1/reranksince 0.1.0
ml-gateway/usage
1 feature- ml-gateway.usage.reportsrc/main.rs:601Per-key usage report — requests today + tokens this month vs configured caps.api:GET /v1/usagesince 0.1.0