Add SurrealDB backend and v1 proxy API

.cargo/config.toml

@@ -0,0 +1,21 @@
+# Cargo workspace configuration
+# Reference: https://doc.rust-lang.org/cargo/reference/config.html
+
+[alias]
+# Run the full check suite that CI runs locally
+check-all = "clippy --all-targets --all-features -- -D warnings"
+
+# Build a release binary
+build-release = "build --release --locked"
+
+# Run with debug logging
+run-dev = "run -- "
+
+
+[profile.dev]
+# Faster incremental builds during development.
+incremental = true
+
+[profile.test]
+# Slightly faster test compilation.
+incremental = true

.dockerignore

@@ -0,0 +1,37 @@
+# Build artifacts
+target/
+
+# Environment files — never include secrets in the image
+.env
+.env.*
+!.env.example
+
+# Version control
+.git/
+.github/
+
+# Editor and IDE metadata
+.vscode/
+.idea/
+*.iml
+.DS_Store
+
+# Rust toolchain overrides (resolved at build time in CI)
+rust-toolchain
+rust-toolchain.toml
+
+# Documentation source (not needed in the runtime image)
+docs/
+*.md
+!README.md
+
+# Claude / AI tooling
+.claude/
+.agents/
+skills/
+skills-lock.json
+CLAUDE.md
+
+# Misc
+Dockerfile
+.dockerignore

.env.example

@@ -0,0 +1,77 @@
+# -----------------------------------------------------------------------------
+# Server
+# -----------------------------------------------------------------------------
+
+# Host address the server binds to.
+# Use 0.0.0.0 to accept connections on all interfaces, 127.0.0.1 for localhost only.
+# Default: 0.0.0.0
+SERVER_HOST=0.0.0.0
+
+# Port the server listens on.
+# Default: 3000
+SERVER_PORT=3000
+
+
+# -----------------------------------------------------------------------------
+# HTTP Client (outbound to LLM providers)
+# -----------------------------------------------------------------------------
+
+# Maximum idle time before closing a pooled connection, in seconds.
+# Default: 90
+HTTP_POOL_IDLE_TIMEOUT_SECS=90
+
+# Maximum number of idle connections kept per host.
+# Default: 32
+HTTP_POOL_MAX_IDLE_PER_HOST=32
+
+# Timeout for establishing a TCP connection, in seconds.
+# Default: 10
+HTTP_CONNECT_TIMEOUT_SECS=10
+
+# Timeout for the entire request (including streaming body), in seconds.
+# Increase this for providers with slow first-token latency.
+# Default: 300
+HTTP_TIMEOUT_SECS=300
+
+
+# -----------------------------------------------------------------------------
+# Logging
+# -----------------------------------------------------------------------------
+
+# Log output format.
+# Options: json | compact | pretty
+#   json    - Structured JSON; best for production and log aggregators.
+#   compact - Single-line; best for development terminals.
+#   pretty  - Multi-line with full context; best for debugging.
+# Default: compact (debug builds) | json (release builds)
+LOG_FORMAT=pretty
+
+# Tracing filter directive (tracing-subscriber EnvFilter syntax).
+# Format:  <target>=<level>,...
+# Levels:  error | warn | info | debug | trace
+# Default: valymux=debug,tower_http=debug,info (debug) | valymux=info,warn (release)
+RUST_LOG=valymux=debug,tower_http=debug,info
+
+
+# -----------------------------------------------------------------------------
+# SurrealDB
+# -----------------------------------------------------------------------------
+
+# WebSocket or HTTP endpoint for your SurrealDB instance.
+# Examples:
+#   ws://localhost:8000       (local, unencrypted)
+#   wss://your-instance.surreal.cloud  (Surreal Cloud, TLS)
+SURREAL_URL=ws://localhost:8000
+
+# Namespace and database within the SurrealDB instance.
+SURREAL_NAMESPACE=main
+SURREAL_DATABASE=main
+
+# Credentials for the SurrealDB root user or a scoped user with write access.
+SURREAL_USERNAME=your_username
+SURREAL_PASSWORD=your_password
+
+# 32-byte (256-bit) encryption key, hex-encoded, for encrypting provider secrets
+# at rest. Generate with:
+#   openssl rand -hex 32
+SURREAL_ENCRYPTION_KEY=replace_with_64_hex_characters_generated_via_openssl_rand_hex_32

.github/CODEOWNERS

@@ -0,0 +1,18 @@
+# CODEOWNERS
+#
+# Each line is a file pattern followed by one or more owners.
+# Owners are automatically requested for review when a PR touches matching paths.
+# The last matching pattern takes precedence.
+#
+# See: https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners
+
+# Current maintainer: @CLoaKY233
+# As the project grows and you accept contributors, add their handles here.
+# Example: * @CLoaKY233 @NewContributor @AnotherMaintainer
+
+# Default owner
+*                           @CLoaKY233
+
+# As you add maintainers, uncomment and update these high-sensitivity areas:
+# crates/surrealdb/src/crypto.rs  @CLoaKY233 @TrustedMaintainer
+# src/rts/extractors.rs           @CLoaKY233 @TrustedMaintainer

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,89 @@
+name: Bug Report
+description: Report a reproducible bug in ValyMux.
+labels: ["bug", "needs-triage"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Before filing a report, please search existing issues to avoid duplicates.
+        Redact any API keys, passwords, or other credentials from logs and config snippets.
+
+  - type: input
+    id: version
+    attributes:
+      label: Version or Commit
+      description: The ValyMux version or full commit SHA you are running.
+      placeholder: "0.0.1 or git rev e.g. acdd483"
+    validations:
+      required: true
+
+  - type: input
+    id: rust_version
+    attributes:
+      label: Rust Toolchain
+      description: Output of `rustc --version`.
+      placeholder: "rustc 1.85.0 (4d91de4e4 2025-02-17)"
+    validations:
+      required: true
+
+  - type: input
+    id: os
+    attributes:
+      label: Operating System
+      description: OS and architecture.
+      placeholder: "Ubuntu 24.04 x86_64 / macOS 14.5 arm64"
+    validations:
+      required: true
+
+  - type: textarea
+    id: description
+    attributes:
+      label: Description
+      description: A clear and concise description of the bug.
+    validations:
+      required: true
+
+  - type: textarea
+    id: reproduce
+    attributes:
+      label: Steps to Reproduce
+      description: Minimal steps that reliably reproduce the issue.
+      placeholder: |
+        1. Set LOG_FORMAT=json and start the server.
+        2. Send a POST to /v1/chat/completions with body ...
+        3. Observe ...
+    validations:
+      required: true
+
+  - type: textarea
+    id: expected
+    attributes:
+      label: Expected Behaviour
+    validations:
+      required: true
+
+  - type: textarea
+    id: actual
+    attributes:
+      label: Actual Behaviour
+    validations:
+      required: true
+
+  - type: textarea
+    id: logs
+    attributes:
+      label: Relevant Log Output
+      description: Paste log output here. Use RUST_LOG=debug for verbose output. Redact credentials.
+      render: text
+
+  - type: textarea
+    id: config
+    attributes:
+      label: Relevant Configuration
+      description: Relevant environment variable values (redact secrets).
+      render: shell
+
+  - type: textarea
+    id: additional
+    attributes:
+      label: Additional Context

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,8 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Security Vulnerability
+    url: https://github.com/CLoaKY233/Valymux/security/advisories/new
+    about: Report a security vulnerability privately via GitHub Security Advisories.
+  - name: General Discussion
+    url: https://github.com/CLoaKY233/Valymux/discussions
+    about: Ask questions or discuss ideas before opening a formal issue.

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -0,0 +1,63 @@
+name: Feature Request
+description: Propose a new feature or improvement for ValyMux.
+labels: ["enhancement", "needs-triage"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Please search existing issues before submitting to avoid duplicates.
+        Feature requests that include a clear problem statement and use case are
+        more likely to be considered and prioritised.
+
+  - type: textarea
+    id: problem
+    attributes:
+      label: Problem Statement
+      description: |
+        Describe the problem or limitation you are experiencing.
+        Focus on the problem, not the solution.
+      placeholder: "When I want to route requests to different providers based on model name, I currently have to..."
+    validations:
+      required: true
+
+  - type: textarea
+    id: solution
+    attributes:
+      label: Proposed Solution
+      description: |
+        Describe the solution you have in mind.
+        If you are unsure about implementation details, a high-level description is fine.
+    validations:
+      required: true
+
+  - type: textarea
+    id: alternatives
+    attributes:
+      label: Alternatives Considered
+      description: Other approaches you have considered and why they are insufficient.
+
+  - type: dropdown
+    id: area
+    attributes:
+      label: Area
+      description: Which part of the codebase does this relate to?
+      options:
+        - Proxy / Request Forwarding
+        - Model Routing
+        - Observability / Metrics / Tracing
+        - Rate Limiting
+        - Prompt Management
+        - Authentication / API Keys
+        - SurrealDB / Persistence
+        - Configuration
+        - Documentation
+        - CI / Developer Experience
+        - Other
+    validations:
+      required: true
+
+  - type: textarea
+    id: additional
+    attributes:
+      label: Additional Context
+      description: Links to related issues, external specifications, or prior art.

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,43 @@
+## Summary
+
+<!-- What does this PR do? One or two sentences. Link the relevant issue if one exists. -->
+
+Closes #
+
+## Type of Change
+
+<!-- Mark the one that applies. -->
+
+- [ ] Bug fix (non-breaking change that fixes an issue)
+- [ ] New feature (non-breaking change that adds functionality)
+- [ ] Breaking change (fix or feature that would cause existing behaviour to change)
+- [ ] Refactor (no behaviour change)
+- [ ] Documentation update
+- [ ] CI / tooling change
+
+## Changes
+
+<!-- Bullet-point list of what changed and why. -->
+
+-
+
+## Testing
+
+<!-- Describe how you tested this. Include commands if relevant. -->
+
+- [ ] `cargo test` passes
+- [ ] `cargo clippy --all-targets --all-features -- -D warnings` passes
+- [ ] `cargo fmt --all -- --check` passes
+- [ ] Manual testing performed (describe below)
+
+## Checklist
+
+- [ ] I have read the [CONTRIBUTING](../CONTRIBUTING.md) guide.
+- [ ] The change is covered by tests or an explanation is provided for why tests are not applicable.
+- [ ] Documentation has been updated where necessary (README, CHANGELOG, inline docs).
+- [ ] No credentials, keys, or sensitive values are present in the diff.
+- [ ] CHANGELOG.md has been updated under `[Unreleased]`.
+
+## Notes for Reviewers
+
+<!-- Anything the reviewer should pay particular attention to. -->

.github/workflows/audit.yml

@@ -0,0 +1,25 @@
+name: Security Audit
+
+on:
+  push:
+    paths:
+      - Cargo.lock
+  schedule:
+    # Run every Monday at 07:00 UTC
+    - cron: "0 7 * * 1"
+  workflow_dispatch:
+
+env:
+  CARGO_TERM_COLOR: always
+
+jobs:
+  audit:
+    name: cargo-audit
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dtolnay/rust-toolchain@stable
+      - run: cargo install cargo-audit --locked
+      - run: cargo audit