Version 0.1.0-dev. CRG grade C (achieved 2026-04-04).
The repository contains 19 Elixir modules, 2 Zig FFI parsers, 2 Idris2 ABI
modules, and a growing test suite. The implementation covers the core gateway
pipeline but verification is catching up. See STATE.adoc for the full picture.
The MVP is a narrow HTTP verb governance prefilter. It is NOT a general-purpose API gateway, load balancer, or TLS terminator. The scope is intentionally constrained so that every claim can be backed by an executed test.
-
Policy loading: Read a YAML policy file (DSL v1) at startup and on reload.
-
Policy validation: Reject malformed policies before compilation.
-
Policy compilation: Compile validated policy into dual ETS tables (exact O(1) + regex O(r) + global O(1)).
-
Trust extraction: Read trust level from
X-Trust-Levelheader (stripped for non-trusted proxies). -
Verb governance: For each request, lookup the policy rule for (path, verb) and evaluate
rank(trust) >= rank(exposure). -
Allow/deny: Forward allowed requests to a single configured backend via HTTP. Deny with 403 or stealth response.
-
Stealth mode: Return configurable status codes (e.g. 404) instead of 403 to hide endpoint existence.
-
Rate limiting: Per-client token bucket with trust-level-based quotas.
-
Health/readiness probes:
/health,/readyendpoints. -
Structured logging: JSON-formatted access decisions with telemetry.
-
Atomic policy reload: Swap to new policy tables without downtime.
-
No GraphQL or gRPC governance (handlers exist but are stubs; not MVP scope)
-
No multi-backend load balancing
-
No TLS termination
-
No dynamic trust scoring or control plane
-
No plugin system
-
No web UI dashboard
-
No distributed clustering
-
No Kubernetes operator
Each claim above must have at least one passing test:
| Claim | Test File |
|---|---|
Policy loading |
|
Policy validation |
|
Policy compilation |
|
Trust extraction |
|
Verb governance |
|
Allow/deny decisions |
|
Stealth mode |
|
Rate limiting |
|
Health/readiness |
|
Structured logging |
Telemetry events emitted (verified by integration) |
Atomic policy reload |
|
Request sanitization |
|
Trust spoofing prevention |
|
No atom exhaustion |
|
No crash on arbitrary input |
|
-
✓ Reconcile contradictory status docs so the repo has one truthful current-state story.
-
✓ Add real security tests for request sanitization, header handling, SSRF resistance, and capability-token validation.
-
✓ Add end-to-end tests for request lifecycle, policy hot reload, and upstream proxy behavior.
-
✓ Remove
tests/fuzz/placeholder.txtand add real property-based fuzz tests. -
✓ Define the supported MVP narrowly enough that it can be proven.
-
✓ Benchmark routing, policy evaluation, and rate limiting.
test/benchmark_test.exs. -
✓ Add concurrency and failure-mode tests for rate limiter, circuit breaker, and reload paths.
test/concurrency_test.exs. -
✓ Tighten operator documentation around what protocols and trust sources are actually supported.
docs/SUPPORTED-FEATURES.md. -
✓ Keep the runtime role constrained to prefiltering before origin-side enforcement.
docs/SCOPED-DEPLOYMENT.md.
-
✓ Use the gateway in front of selected API routes first, not the whole application surface. See
docs/SCOPED-DEPLOYMENT.md. -
✓ Add release criteria that require executed tests rather than topology percentages. See
docs/RELEASE-CRITERIA.md. -
✓ Mark older design-only documents as historical where they no longer reflect the codebase.
ROADMAP-v2.md,IMPLEMENTATION-ROADMAP.md,TOPOLOGY.mdupdated.
-
❏ Truthful status docs
-
❏ Request/path/verb governance solid
-
❏ Capability checks and proxy path exercised end to end
-
❏ Security and concurrency tests in place
-
❏ Benchmarks documented
-
❏ Route-scoped production guidance ready