feat: Initialize FastAPI AI Gateway project structure with authentication, module management, and LLM API routing.

app/api/admin_backend.py

@@ -0,0 +1,90 @@
+from fastapi import APIRouter, Depends, HTTPException
+from sqlalchemy.orm import Session
+from app.core.database import get_db
+from app.core.security import get_current_user
+from app.models.module import Module
+import secrets
+from pydantic import BaseModel
+from datetime import datetime
+from typing import List, Optional
+
+router = APIRouter()
+
+class ModuleCreate(BaseModel):
+    name: str
+    program: Optional[str] = None
+    lob: Optional[str] = None
+    job_code: Optional[str] = None
+
+class ModuleResponse(BaseModel):
+    id: int
+    name: str
+    secret_key: str
+    program: Optional[str]
+    lob: Optional[str]
+    job_code: Optional[str]
+    is_active: bool
+    created_at: datetime
+    last_rotated_at: datetime
+
+    class Config:
+        from_attributes = True
+
+@router.post("/modules", response_model=ModuleResponse)
+def create_module(
+    module_in: ModuleCreate, 
+    db: Session = Depends(get_db),
+    current_user: str = Depends(get_current_user)
+):
+    db_module = db.query(Module).filter(Module.name == module_in.name).first()
+    if db_module:
+        raise HTTPException(status_code=400, detail="Module already exists")
+    
+    new_key = secrets.token_hex(32)
+    db_module = Module(
+        name=module_in.name,
+        secret_key=new_key,
+        program=module_in.program,
+        lob=module_in.lob,
+        job_code=module_in.job_code
+    )
+    db.add(db_module)
+    db.commit()
+    db.refresh(db_module)
+    return db_module
+
+@router.get("/modules", response_model=List[ModuleResponse])
+def get_modules(
+    db: Session = Depends(get_db),
+    current_user: str = Depends(get_current_user)
+):
+    return db.query(Module).all()
+
+@router.post("/modules/{module_id}/rotate", response_model=ModuleResponse)
+def rotate_module_key(
+    module_id: int,
+    db: Session = Depends(get_db),
+    current_user: str = Depends(get_current_user)
+):
+    db_module = db.query(Module).filter(Module.id == module_id).first()
+    if not db_module:
+        raise HTTPException(status_code=404, detail="Module not found")
+    
+    db_module.secret_key = secrets.token_hex(32)
+    db_module.last_rotated_at = datetime.utcnow()
+    db.commit()
+    db.refresh(db_module)
+    return db_module
+
+@router.delete("/modules/{module_id}")
+def delete_module(
+    module_id: int,
+    db: Session = Depends(get_db),
+    current_user: str = Depends(get_current_user)
+):
+    db_module = db.query(Module).filter(Module.id == module_id).first()
+    if not db_module:
+        raise HTTPException(status_code=404, detail="Module not found")
+    db.delete(db_module)
+    db.commit()
+    return {"status": "success"}

app/api/deps.py

@@ -0,0 +1,43 @@
+from fastapi import Security, HTTPException, status, Depends
+from fastapi.security.api_key import APIKeyHeader
+from sqlalchemy.orm import Session
+from app.core.config import settings
+from app.core.database import get_db
+from app.models.module import Module
+from cachetools import TTLCache
+
+api_key_header = APIKeyHeader(name="X-API-Key", auto_error=False)
+
+# Cache keys for 5 minutes, store up to 1000 keys
+# This prevents a Supabase round-trip on every message
+auth_cache = TTLCache(maxsize=1000, ttl=300)
+
+async def get_api_key(
+    api_key_header: str = Security(api_key_header),
+    db: Session = Depends(get_db)
+):
+    if not api_key_header:
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN, 
+            detail="API Key missing"
+        )
+
+    # 1. Fallback to global static key (Admin)
+    if api_key_header == settings.API_KEY:
+        return api_key_header
+    
+    # 2. Check Cache first (VERY FAST)
+    if api_key_header in auth_cache:
+        return api_key_header
+    
+    # 3. Check Database for Module key (Database round-trip)
+    module = db.query(Module).filter(Module.secret_key == api_key_header, Module.is_active == True).first()
+    if module:
+        # Save to cache for next time
+        auth_cache[api_key_header] = True
+        return api_key_header
+
+    raise HTTPException(
+        status_code=status.HTTP_403_FORBIDDEN, 
+        detail="Could not validate credentials or API Key is inactive"
+    )

app/api/endpoints/admin.py

@@ -0,0 +1,66 @@
+from fastapi import APIRouter, Depends, HTTPException, status
+from sqlalchemy.orm import Session
+from app.core.database import get_db
+from app.api.deps import get_api_key
+from app.models.module import Module
+import secrets
+from pydantic import BaseModel
+from datetime import datetime
+
+router = APIRouter()
+
+class ModuleCreate(BaseModel):
+    name: str
+
+class ModuleResponse(BaseModel):
+    id: int
+    name: str
+    secret_key: str
+    is_active: bool
+
+    class Config:
+        from_attributes = True
+
+@router.post("/modules", response_model=ModuleResponse)
+def create_module(
+    module_in: ModuleCreate, 
+    db: Session = Depends(get_db),
+    api_key: str = Depends(get_api_key) # Only global admin key should be allowed here ideally
+):
+    # Check if exists
+    db_module = db.query(Module).filter(Module.name == module_in.name).first()
+    if db_module:
+        raise HTTPException(status_code=400, detail="Module already exists")
+    
+    new_key = secrets.token_hex(32)
+    db_module = Module(
+        name=module_in.name,
+        secret_key=new_key
+    )
+    db.add(db_module)
+    db.commit()
+    db.refresh(db_module)
+    return db_module
+
+@router.post("/modules/{module_id}/rotate", response_model=ModuleResponse)
+def rotate_module_key(
+    module_id: int,
+    db: Session = Depends(get_db),
+    api_key: str = Depends(get_api_key)
+):
+    db_module = db.query(Module).filter(Module.id == module_id).first()
+    if not db_module:
+        raise HTTPException(status_code=404, detail="Module not found")
+    
+    db_module.secret_key = secrets.token_hex(32)
+    db_module.last_rotated_at = datetime.utcnow()
+    db.commit()
+    db.refresh(db_module)
+    return db_module
+
+@router.get("/modules", response_model=list[ModuleResponse])
+def get_modules(
+    db: Session = Depends(get_db),
+    api_key: str = Depends(get_api_key)
+):
+    return db.query(Module).all()

app/api/endpoints/auth.py

@@ -0,0 +1,26 @@
+from fastapi import APIRouter, Depends, HTTPException, status
+from fastapi.security import OAuth2PasswordRequestForm
+from app.core import security
+from app.core.config import settings
+from pydantic import BaseModel
+
+router = APIRouter()
+
+class Token(BaseModel):
+    access_token: str
+    token_type: str
+
+@router.post("/login", response_model=Token)
+async def login(form_data: OAuth2PasswordRequestForm = Depends()):
+    # Simple admin check - in a real app, query a User table
+    if form_data.username == "admin" and form_data.password == settings.ADMIN_PASSWORD:
+        access_token = security.create_access_token(
+            data={"sub": form_data.username}
+        )
+        return {"access_token": access_token, "token_type": "bearer"}
+    
+    raise HTTPException(
+        status_code=status.HTTP_401_UNAUTHORIZED,
+        detail="Incorrect username or password",
+        headers={"WWW-Authenticate": "Bearer"},
+    )

app/api/endpoints/gemini.py

@@ -0,0 +1,54 @@
+from fastapi import APIRouter, Depends, Request
+from app.api.deps import get_api_key
+from app.core.limiter import limiter
+from app.core.config import settings
+from pydantic import BaseModel
+from google import genai
+import asyncio
+
+router = APIRouter()
+
+class LLMRequest(BaseModel):
+    prompt: str
+    context: str = ""
+
+# Shared client instance (global)
+_client = None
+
+def get_gemini_client():
+    global _client
+    if _client is None and settings.GOOGLE_API_KEY and settings.GOOGLE_API_KEY != "your-google-api-key":
+        _client = genai.Client(api_key=settings.GOOGLE_API_KEY, http_options={'api_version': 'v1alpha'})
+    return _client
+
+@router.post("/chat")
+@limiter.limit(settings.RATE_LIMIT)
+async def gemini_chat(
+    request: Request,
+    chat_data: LLMRequest,
+    api_key: str = Depends(get_api_key)
+):
+    client = get_gemini_client()
+    
+    try:
+        if not client:
+             return {
+                "status": "mock",
+                "model": "gemini",
+                "response": f"MOCK: Gemini response to '{chat_data.prompt}'"
+            }
+            
+        # Using the async generation method provided by the new google-genai library
+        # We use await to ensure we don't block the event loop
+        response = await client.aio.models.generate_content(
+            model="gemini-2.0-flash", 
+            contents=chat_data.prompt
+        )
+        
+        return {
+            "status": "success",
+            "model": "gemini",
+            "response": response.text
+        }
+    except Exception as e:
+        return {"status": "error", "detail": str(e)}

app/api/endpoints/openai.py

@@ -0,0 +1,46 @@
+from fastapi import APIRouter, Depends, Request
+from app.api.deps import get_api_key
+from app.core.limiter import limiter
+from app.core.config import settings
+from pydantic import BaseModel
+from openai import AsyncOpenAI
+import asyncio
+
+router = APIRouter()
+
+class LLMRequest(BaseModel):
+    prompt: str
+    context: str = ""
+
+# Initialize Async client
+client = None
+if settings.OPENAI_API_KEY and settings.OPENAI_API_KEY != "your-openai-api-key":
+    client = AsyncOpenAI(api_key=settings.OPENAI_API_KEY)
+
+@router.post("/chat")
+@limiter.limit(settings.RATE_LIMIT)
+async def openai_chat(
+    request: Request,
+    chat_data: LLMRequest,
+    api_key: str = Depends(get_api_key)
+):
+    try:
+        if not client:
+             return {
+                "status": "mock",
+                "model": "openai",
+                "response": f"MOCK: OpenAI response to '{chat_data.prompt}'"
+            }
+
+        # Perform Async call to OpenAI
+        response = await client.chat.completions.create(
+            model="gpt-3.5-turbo",
+            messages=[{"role": "user", "content": chat_data.prompt}]
+        )
+        return {
+            "status": "success",
+            "model": "openai",
+            "response": response.choices[0].message.content
+        }
+    except Exception as e:
+        return {"status": "error", "detail": str(e)}

app/api/endpoints/storyline.py

@@ -0,0 +1,33 @@
+from fastapi import APIRouter, Depends, Request
+from app.api.deps import get_api_key
+from app.core.limiter import limiter
+from app.core.config import settings
+from pydantic import BaseModel
+
+router = APIRouter()
+
+class ChatRequest(BaseModel):
+    prompt: str
+    context: str = ""
+
+@router.post("/chat")
+@limiter.limit(settings.RATE_LIMIT)
+async def story_chat(
+    request: Request,
+    chat_data: ChatRequest,
+    api_key: str = Depends(get_api_key)
+):
+    # This is where you would call your LLM (OpenAI, Anthropic, etc.)
+    # For now, we return a mock response
+    return {
+        "status": "success",
+        "response": f"Processed prompt: {chat_data.prompt}",
+        "metadata": {
+            "characters_received": len(chat_data.prompt),
+            "context_length": len(chat_data.context)
+        }
+    }
+
+@router.get("/health")
+async def health_check():
+    return {"status": "healthy"}

app/api/router.py

@@ -0,0 +1,7 @@
+from fastapi import APIRouter
+from app.api.endpoints import storyline, gemini, openai
+
+api_router = APIRouter()
+api_router.include_router(storyline.router, prefix="/storyline", tags=["storyline"])
+api_router.include_router(gemini.router, prefix="/gemini", tags=["gemini"])
+api_router.include_router(openai.router, prefix="/openai", tags=["openai"])