iaurora 1.0.0 → 1.0.2

package/README.md

@@ -24,7 +24,7 @@ Self-hosted. No vendor lock-in. Full source visibility.
 </tr>
 <tr>
   <td><a href="https://github.com/gurveeer/Aurora/pulls"><img src="https://img.shields.io/badge/PRs-Welcome-brightgreen?style=flat-square" alt="PRs Welcome"></a></td>
-  <td><a href="https://discord.gg/gaEB9BQSPH"><img src="https://img.shields.io/badge/Discord-Join-5865F2?style=flat-square&logo=discord&logoColor=white" alt="Discord"></a></td>
+  <td><a href="https://discord.gg/YJPrfR9uh"><img src="https://img.shields.io/badge/Discord-Join-5865F2?style=flat-square&logo=discord&logoColor=white" alt="Discord"></a></td>
   <td></td>
   <td></td>
 </tr>
@@ -38,7 +38,7 @@ Self-hosted. No vendor lock-in. Full source visibility.
 
 ---
 
-## Get running in 30 seconds
+## Start your selfhosted gateway
 
 **Docker**
 
@@ -99,6 +99,76 @@ Aurora sits between your application and AI providers. One API key, one endpoint
 
 ---
 
+## Publish readiness and boundaries
+
+This repository is intended to be published as the **Aurora OSS source tree**. It should contain source code, tests, examples, generated OpenAPI/docs assets, and public documentation only.
+
+**Current review status:** source publish is acceptable after the checks below pass locally. Do not publish any local runtime files, compiled binaries, package tarballs, databases, logs, or machine-specific configuration.
+
+### Repository boundary
+
+Included in the OSS boundary:
+
+- Gateway source under `apps/`, `internal/`, `configuration/`, and supporting packages.
+- Dashboard source under `dashboard-ui/` and minimal embedded dashboard placeholders needed by Go builds.
+- Public config examples under `configs/`, `configuration/`, `helm/`, `.env.template`, and docs.
+- Tests under `test/` and public fixtures with dummy credentials only.
+- CI, release, Docker, Helm, and packaging scripts.
+
+Excluded from the OSS boundary:
+
+- Local environment files: `.env`, `.env.*`, `.aurora.local/`.
+- Runtime data: `data/`, logs, caches, SQLite files, benchmark output, and temporary files.
+- Build/package output: `bin/`, `dist/`, `release/`, `npm/`, `*.exe`, `*.tgz`, archives.
+- User/editor/agent config that may contain private paths or endpoints: `.vscode/`, `.idea/`, `opencode.json`, `.claude/settings.local.json`.
+- Any provider API key, database URL, Redis URL, vector DB token, private certificate/key, or managed API key.
+
+### Leakage review summary
+
+The publish tree was checked for common leakage classes:
+
+- Hardcoded provider keys and service tokens.
+- Live Redis/PostgreSQL/Qdrant connection strings.
+- Private certificates and key material.
+- Local absolute paths and machine-specific `.aurora.local` files.
+- Generated binaries and package archives.
+
+Local secret-bearing files and generated binaries/package artifacts were removed from the publish tree. Remaining credential-like strings found by the review are dummy examples in docs/tests, such as `sk-test-key-12345`, `postgres://user:pass@localhost/...`, or placeholders in `.env.template`.
+
+### Security posture
+
+- Keep `AURORA_MASTER_KEY` unset only for isolated local testing. Set a high-entropy value before exposing the gateway outside localhost.
+- Keep `LOGGING_LOG_BODIES=false` and `LOGGING_LOG_HEADERS=false` unless you explicitly need request debugging and understand the privacy impact.
+- Use `.env.template` as documentation only. Put real values in untracked `.env` files, deployment secrets, or your hosting provider's secret manager.
+- Rotate any credential that was ever present in a local `.env`, `.aurora.local`, package artifact, shell history, or shared archive before public release.
+- Audit logs hash API keys for identification and redact sensitive headers in reader paths, but request/response body logging can still capture sensitive prompts if enabled.
+
+### Pre-publish checklist
+
+Run these from the repository root before creating a fresh GitHub repository:
+
+```bash
+# Verify no local runtime secrets or build artifacts are present
+find . -maxdepth 3 \( -name .env -o -name '.env.*' -o -name '.aurora.local' -o -name '*.exe' -o -name '*.tgz' -o -name '*.pem' -o -name '*.db' \) -print
+
+# Search for common secret patterns. Review every match manually.
+rg -n --hidden -g '!node_modules' -g '!dashboard-ui/node_modules' -g '!*.png' -g '!*.jpg' -g '!*.lock' \
+  '(rediss://|postgres://[^[:space:]"'"'']+:[^[:space:]"'"'']+@|BEGIN (RSA |EC |OPENSSH |)PRIVATE KEY|[A-Z0-9_]*API_KEY\s*=\s*(sk-|gsk_|jina_|eyJ|[A-Za-z0-9_-]{20,}))'
+
+# Build and test source
+pnpm --dir dashboard-ui install
+pnpm --dir dashboard-ui run build
+go test ./apps/... ./internal/...
+```
+
+Expected result for the first command is no output, except intentionally kept public templates. Expected result for the secret search is only placeholders, dummy test keys, or documentation examples.
+
+### If a secret was exposed
+
+If a real key was committed locally, copied into a package artifact, or shared outside your machine, deleting the file is not enough. Revoke and rotate the credential at the provider, purge generated artifacts, and create the public GitHub repository from a clean tree with no inherited history.
+
+---
+
 ## Providers
 
 | Provider | Key | Chat | Embeddings | Files | Batches | Passthrough |
@@ -127,18 +197,18 @@ Aurora sits between your application and AI providers. One API key, one endpoint
 Aurora loads config in order: **defaults → YAML → env vars** (env vars win).
 
 ```bash
-# Copy the template
+# Copy the env template for secrets/runtime values
 cp .env.template .env
 
-# Pick a config profile
-cp configs/editions/oss.example.yaml configs/config.yaml
+# Pick a config profile. Env vars in .env override YAML values.
+export AURORA_CONFIG_PATH=configs/editions/oss.example.yaml
 ```
 
 | Profile | Best for | External services |
 |---|---|---|
 | [`oss.example.yaml`](configs/editions/oss.example.yaml) | First run, individual devs | None |
-| [`oss.local-power.example.yaml`](configs/editions/oss.local-power.example.yaml) | Local power users (cache, metrics, audit) | Redis |
-| [`oss.team.example.yaml`](configs/editions/oss.team.example.yaml) | Small self-hosted teams | PostgreSQL, Redis, Qdrant |
+| [`oss.local-power.example.yaml`](configs/editions/oss.local-power.example.yaml) | Local power users with audit, usage, metrics, exact cache, guardrail examples, token saver examples | Redis |
+| [`oss.team.example.yaml`](configs/editions/oss.team.example.yaml) | Full OSS team profile with Postgres storage, Redis model/exact cache, semantic cache, provider examples, pools, fallback, resilience | PostgreSQL, Redis, Qdrant or another vector store |
 
 **Key settings:**
 
@@ -151,6 +221,9 @@ cp configs/editions/oss.example.yaml configs/config.yaml
 | `METRICS_ENABLED` | `false` | Prometheus metrics |
 | `GUARDRAILS_ENABLED` | `false` | Guardrail workflows |
 | `ENABLE_PASSTHROUGH_ROUTES` | `true` | `/p/{provider}/...` passthrough |
+| `TOKEN_SAVER_ENABLED` | `false` | Optional concise-output/token-saving transforms |
+| `RESPONSE_CACHE_SIMPLE_ENABLED` | `false` unless configured in YAML | Redis exact response cache |
+| `SEMANTIC_CACHE_ENABLED` | `false` unless configured in YAML | Embedding + vector-store semantic response cache |
 
 Full reference: [`configs/config.example.yaml`](configs/config.example.yaml)
 
@@ -207,7 +280,6 @@ Outputs: `bin/aurora-oss.exe`, `release/aurora-oss-windows-amd64.zip`
 ```bash
 go test ./apps/... ./internal/...
 pnpm --dir dashboard-ui run build
-make oss-boundary-check
 ```
 
 ---
@@ -224,7 +296,7 @@ The Enterprise edition is a separate distribution. It cannot be enabled by editi
 
 | | |
 |---|---|
-| [Discord](https://discord.gg/gaEB9BQSPH) | Deployment questions, provider setup, roadmap |
+| [Discord](https://discord.gg/YJPrfR9uh) | Deployment questions, provider setup, roadmap |
 | [GitHub Issues](https://github.com/gurveeer/Aurora/issues) | Bug reports, feature requests |
 | [GitHub Stars](https://github.com/gurveeer/Aurora/stargazers) | Support the project |
 

package/bin/aurora.js

@@ -1,122 +1,105 @@
 #!/usr/bin/env node
-import { spawn } from 'child_process';
+
 import { existsSync } from 'fs';
-import { createRequire } from 'module';
+import { spawnSync } from 'child_process';
 import { resolve, dirname } from 'path';
 import { fileURLToPath } from 'url';
+import { createRequire } from 'module';
 import os from 'os';
 
-const __dirname = dirname(fileURLToPath(import.meta.url));
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
 const require = createRequire(import.meta.url);
-const pkg = require(resolve(__dirname, '..', 'package.json'));
-
-function platformBinaryName() {
-  const ext = os.platform() === 'win32' ? '.exe' : '';
-  return `aurora${ext}`;
-}
 
-function resolveBinary() {
-  const name = platformBinaryName();
+// Try multiple locations for the binary, in priority order
+function findBinary() {
   const candidates = [
-    process.env.AURORA_BINARY_PATH && resolve(process.env.AURORA_BINARY_PATH),
-    resolve(__dirname, name),
-    resolve(__dirname, '..', name),
-    resolve(__dirname, '..', 'bin', name),
-    resolve(os.homedir(), '.aurora', 'bin', name),
-    resolve(os.homedir(), '.cache', 'aurora', name),
-  ].filter(Boolean);
-
-  for (const candidate of candidates) {
-    if (existsSync(candidate)) return candidate;
+    // Downloaded by postinstall to ~/.aurora/bin/
+    resolve(os.homedir(), '.aurora', 'bin', os.platform() === 'win32' ? 'aurora.exe' : 'aurora'),
+    // Bundled alongside the JS wrapper
+    resolve(__dirname, 'aurora.exe'),
+    resolve(__dirname, 'aurora'),
+    // Project-local build
+    resolve(process.cwd(), 'bin', 'aurora-oss.exe'),
+    resolve(process.cwd(), 'bin', 'aurora.exe'),
+    resolve(process.cwd(), 'bin', 'aurora'),
+  ];
+
+  for (const path of candidates) {
+    if (existsSync(path)) {
+      return path;
+    }
   }
   return null;
 }
 
-function suggestInstall() {
-  console.error(`
-Aurora binary not found.
-
-Run:  npx iaurora install
-
-Or build manually (requires Go 1.26.2+):
-  git clone https://github.com/gurveeer/Aurora.git
-  cd Aurora
-  go build -o bin/aurora ./apps/aurora
-  set AURORA_BINARY_PATH to the binary path
-
-`);
-  process.exit(1);
+function printHelp() {
+  console.log(`
+Aurora AI Gateway — CLI
+One API for every LLM provider. Self-hosted, open-source.
+
+USAGE
+  npx iaurora <command>
+
+COMMANDS
+  help         Show this help
+  install      Download the Aurora binary for your platform
+  start        Start the gateway (requires config setup)
+  version      Show version
+
+SETUP
+  1. npx iaurora install         # Download the binary
+  2. cp .env.template .env       # Configure your environment
+  3. npx iaurora start           # Start the gateway
+
+ENVIRONMENT VARIABLES
+  Copy .env.template to .env and set at least:
+  - AURORA_MASTER_KEY            # Gateway security key
+  - AURORA_CONFIG_PATH           # Path to config YAML (e.g. configs/editions/oss.example.yaml)
+  - OPENAI_API_KEY               # At least one provider key
+
+Docs: https://github.com/gurveeer/Aurora#readme
+`.trim());
 }
 
-function run(args) {
-  const binary = resolveBinary();
-  if (!binary) {
-    if (args[0] === 'install' || args[0] === 'download') {
-      downloadBinary(args.slice(1));
-      return;
-    }
-    if (args[0] === '--help' || args[0] === '-h') {
-      printHelp();
-      return;
-    }
-    suggestInstall();
-    return;
-  }
+async function main() {
+  const args = process.argv.slice(2);
+  const cmd = args[0] || 'help';
 
-  if (args[0] === '--help' || args[0] === '-h') {
+  if (cmd === 'help' || cmd === '--help' || cmd === '-h') {
     printHelp();
-    return;
+    process.exit(0);
   }
 
-  const child = spawn(binary, args, {
-    stdio: 'inherit',
-    env: { ...process.env },
-  });
-
-  child.on('exit', (code) => process.exit(code ?? 1));
-  child.on('error', (err) => {
-    console.error('Failed to start binary:', err.message);
-    process.exit(1);
-  });
-}
-
-function printHelp() {
-  console.error(`
-${pkg.name} v${pkg.version}
-
-Usage: npx ${pkg.name} [command] [options]
-
-Commands:
-  start          Start the Aurora gateway server (default)
-  install        Download the Aurora binary for your platform
-  models sync    Sync model registry from upstream
-  models diff    Compare local vs upstream model pricing
-  models show    Show model pricing details
-  --help, -h     Show this help
-  --version, -v  Show version
-
-Environment:
-  AURORA_BINARY_PATH  Path to the Aurora binary (bypasses search)
-  AURORA_CONFIG_PATH  Path to config YAML (default: configs/editions/oss.example.yaml)
-
-Documentation: https://github.com/gurveeer/Aurora
-`);
-  process.exit(0);
-}
+  if (cmd === 'version' || cmd === '--version' || cmd === '-v') {
+    const binary = findBinary();
+    if (binary) {
+      const result = spawnSync(binary, ['-version'], { stdio: 'inherit' });
+      process.exit(result.status ?? 0);
+    }
+    const pkg = require(resolve(__dirname, '..', 'package.json'));
+    console.log(pkg.version);
+    process.exit(0);
+  }
 
-async function downloadBinary(args) {
-  const { downloadAndInstall } = await import('../scripts/npm-postinstall.js');
-  try {
-    await downloadAndInstall({
-      force: args.includes('--force'),
-    });
-    console.error('Binary installed to ~/.aurora/bin/');
-    console.error('Run `npx iaurora start` to launch the server.');
+  if (cmd === 'install') {
+    const { downloadAndInstall } = await import(resolve(__dirname, '..', 'scripts', 'npm-postinstall.js'));
+    await downloadAndInstall({ force: true });
     process.exit(0);
-  } catch (err) {
-    console.error('Download failed:', err.message);
+  }
+
+  const binary = findBinary();
+  if (!binary) {
+    console.error('Aurora binary not found.');
+    console.error('Run `npx iaurora install` to download it, or build it with `go build -o bin/aurora.exe ./apps/aurora`.');
     process.exit(1);
   }
+
+  const result = spawnSync(binary, args, { stdio: 'inherit' });
+  process.exit(result.status ?? 0);
 }
 
-run(process.argv.slice(2));
+main().catch(err => {
+  console.error(err);
+  process.exit(1);
+});

package/config.yaml

@@ -1,6 +1,8 @@
 # Aurora OSS minimal local profile
 # Usage: $env:AURORA_CONFIG_PATH = "configs/editions/oss.example.yaml"; go run ./apps/aurora
-# Goal: start with no external dependencies. Use provider env vars such as OPENAI_API_KEY or GROQ_API_KEY.
+# Goal: start with no external dependencies. Use provider env vars such as OPENAI_API_KEY or GROQ_API_KEY.
+# Config pipeline: defaults -> this YAML -> env vars. Env vars always win.
+# Do not put real provider keys in this file.
 
 edition:
   name: oss
@@ -18,10 +20,11 @@ admin:
   ui_enabled: true
   dashboard_variant: "react"
 
-models:
-  enabled_by_default: true
-  overrides_enabled: true
-  configured_provider_models_mode: "fallback"
+models:
+  enabled_by_default: true
+  overrides_enabled: true
+  keep_only_aliases_at_models_endpoint: false
+  configured_provider_models_mode: "fallback"
 
 storage:
   type: "sqlite"
@@ -47,9 +50,35 @@ guardrails:
   enabled: false
   enable_for_batch_processing: false
 
-cache:
-  model:
-    refresh_interval: 3600
-
-workflows:
-  refresh_interval: 1m
+cache:
+  model:
+    refresh_interval: 3600
+    model_list:
+      url: ""
+      local_path: "data/models.local.json"
+      user_overrides_path: "data/user_pricing.yaml"
+    local:
+      cache_dir: ".cache"
+
+combos:
+  enabled: true
+
+cli_tools:
+  enabled: true
+  apply_enabled: false
+
+token_saver:
+  enabled: false
+  endpoints: ["chat_completions"]
+  apply_streaming: true
+  output:
+    enabled: false
+    profile: "concise"
+    level: "full"
+  on_error: "allow"
+  emit_headers: true
+  audit:
+    enabled: true
+
+workflows:
+  refresh_interval: 1m

package/package.json

@@ -1,5 +1,5 @@
 {
-    "version":  "1.0.0",
+    "version":  "1.0.2",
     "author":  "SantiagoDePolonia",
     "license":  "Apache-2.0",
     "files":  [