Authentication
- Bearer Token Middleware:
auth_middlewareadded to Axum viaaxum::middleware::from_fn. Protected and public routers are now separated inmain.rs. - Webhook Routes Stay Public:
/webhook/messagesand/webhook/messages/bulkare internal Docker network calls — intentionally excluded from auth requirements. - Bot Auth Interceptor: Global Axios interceptor added to
discord-bot/src/index.ts— automatically injectsAuthorization: Bearer <API_KEY>on every Rust backend call. Resolved all 401 errors on backfill and slash commands.
LocalAI
- Separate Docker Compose Stack: LocalAI lives in its own
infrastructure/localai/docker-compose.ymlwith[cpu]and[gpu]profiles — optional and independent from the main stack. - Host Port 8088: Port 8080 was occupied on RS4000; LocalAI's host binding moved to 8088. The Rust backend still reaches it at
http://localai:8080/v1over the Docker network — unaffected. - External Network Join: LocalAI joins
infrastructure_secondbrain-networkas an external network so all services can communicate without configuration changes.
Discord Bot
- Historical Backfill:
backfill.tsfetches up to 2,000 messages per tracked channel from Discord history on bot startup and bulk-inserts via/webhook/messages/bulk.ON CONFLICT DO NOTHINGmakes it safe to run on every restart.
Integrations & Extensions
- AliExpress Stubs:
/api/shop/aliexpress(product parse) and/api/shop/track(package tracking) added as protected endpoints — ready for full implementation in a future phase. - Plugin Architecture:
/api/pluginslists available plugins. Dynamic loading is stubbed and ready for Phase 7. - Git Safety:
.gguf,.bin,.onnx, and*.gguf.partialmodel binary files added to.gitignoreand removed from git history.
Status
System is fully operational and in active testing. All six phases complete.