feat: Layer 1 — Proxy & Observability via native Albus integration#2
Open
rafaelsandroni wants to merge 14 commits intoguardion-v2from
Open
feat: Layer 1 — Proxy & Observability via native Albus integration#2rafaelsandroni wants to merge 14 commits intoguardion-v2from
rafaelsandroni wants to merge 14 commits intoguardion-v2from
Conversation
Captures the MVP architecture for replacing the custom guardionAuth middleware with native Albus integration pointing at Guard API. Includes Guard API contract, gateway changes, env var additions, and known limitations. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Step-by-step plan for replacing the custom guardionAuth middleware with native Albus integration: 5 files changed, env var additions, path substitutions, and integration smoke test. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…ow use native VK resolution Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…ults Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Also removes debug console.log('headers', headers) from uploadLogsToControlPlane.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Verifies auth, proxy (inline + config slug), virtual key resolution, log telemetry, header translation, and Bearer auth against a running Guard API. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Documents two issues found during integration testing: - PORTKEY_CLIENT_AUTH not configured in Guard API causes telemetry 401s - GET /v2/integrations/ endpoint not implemented causes 404 noise Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…onfig Inline JSON config in x-guardion-config is treated as a slug by the gateway (fetched from Guard API /v2/configs/:slug), not parsed as inline routing config. Use x-guardion-virtual-key header for direct VK routing in tests. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Rewrite rootHtmlHandler with full Guardion header support (virtual key, config slug, policy routing modes), streaming, guardrail results panel, cURL preview, and example prompts - Move playground route before authN middleware so it's publicly accessible - Fix dev:node script to load .env via --env-file flag - Update integration tests to use groq-prod virtual key and correct URLs - Test telemetry ingestion endpoint directly instead of log viewer Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Fix backslash escaping in generateCurl() that caused SyntaxError, preventing sendRequest from being defined - Add /favicon.ico route before auth to avoid 401 on browser auto-request Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
guardionAuthmiddleware (src/middlewares/guardion/) — replaced by native Albus integration. The gateway's existingfetchApiKeyDetails,fetchOrganisationConfig, andfetchOrganisationGuardrailfunctions work correctly onceALBUS_BASEPATHpoints at Guard API.isGuardionAuthbypass in authN (was never set),guardionprovider VK short-circuit in helpers.tsGUARD_LOGS_PATHandGUARD_ANALYTICS_PATHenv vars replace hardcoded paths incontrolPlane.ts(private-deployment branch only)console.logfromuploadLogsToControlPlaneGuard API Contract
The gateway now calls these endpoints natively (no mapping layer):
GET /v2/api-keys/self/details— authenticationGET /v2/virtual-keys/:slug— LLM provider key resolutionGET /v2/configs/:slug— dynamic routing configGET /v2/guardrails/:slug— guardrail definitionsPOST $GUARD_LOGS_PATH/POST $GUARD_ANALYTICS_PATH— telemetry ingestionRequired Environment Variables
Test plan
npm run build)elsebranch incontrolPlane.ts(CONTROL_PLANE_BASEPATH/dp/metrics) untouched🤖 Generated with Claude Code