Skip to main content

VeloxServer: a clean-room, pip-installable HTTP gateway with static, proxy, stream, and AI model routes.

Project description

VeloxServer

VeloxServer is a clean-room, pip-installable HTTP gateway and web server for static sites, reverse proxying, stream proxying, TLS, metrics, authentication, caching, plugin hooks, AI model routes, and AI-assisted deployment repair.

It is configured with TOML, runs from a single command, and is designed to be easy to try, easy to deploy, and easy to extend.

Status: VeloxServer is alpha software. It has production-facing controls, but public internet deployments should still be tested, benchmarked, and reviewed for your environment.

Source repository: awais-akhtar/VeloxServer

Install

PyPI package:

python -m pip install veloxserver

Optional AI features:

python -m pip install "veloxserver[ai-repair]"
python -m pip install "veloxserver[ai-llama]"
python -m pip install "veloxserver[ai-transformers]"

Install from a cloned Git checkout for development:

cd veloxserver
python -m pip install -e ".[ai-repair]"

Verify the command:

veloxserver --version

Quick Start

Linux and macOS:

mkdir -p public
printf '<h1>VeloxServer works</h1>\n' > public/index.html
veloxserver --root public --host 127.0.0.1 --port 8080

Windows PowerShell:

New-Item -ItemType Directory -Force public
Set-Content public/index.html "<h1>VeloxServer works</h1>"
veloxserver --root public --host 127.0.0.1 --port 8080

Open:

http://127.0.0.1:8080/

Run with the included example config:

veloxserver --config examples/veloxserver.toml

Common Commands

Serve static files:

veloxserver --root public --port 8080

Serve static files with gzip, access logs, health, and metrics:

veloxserver --root public --gzip --access-log --health-path /healthz --metrics-path /metrics

Reverse proxy /api/ to an app server:

veloxserver --root public --proxy /api/=http://127.0.0.1:9000

Proxy to Gunicorn through a Unix socket on Linux/macOS:

veloxserver --proxy /=unix:/run/gunicorn.sock

Proxy to Gunicorn, Uvicorn, Node, or any HTTP app through TCP:

veloxserver --proxy /=http://127.0.0.1:8000

Enable TLS and HTTP/2:

veloxserver --root public --tls-certfile certs/fullchain.pem --tls-keyfile certs/privkey.pem --http2

Use worker processes on platforms with SO_REUSEPORT:

veloxserver --root public --workers 4 --shared-zone-path run/zones.sqlite3

Show all CLI options:

veloxserver --help

Configuration

VeloxServer uses TOML. See examples/veloxserver.toml for a larger config.

Minimal static site:

[server]
host = "127.0.0.1"
port = 8080
access_log = true
metrics_path = "/metrics"
health_path = "/healthz"

[admin]
enabled = true
path = "/__veloxserver"
reload_path = "/reload"
status_path = "/status"

[[routes]]
path = "/"
kind = "static"
root = "public"

Reverse proxy with load balancing, retries, and cache controls:

[server]
host = "0.0.0.0"
port = 8080
access_log = true
log_format = "json"
access_log_path = "logs/access.log"
error_log_path = "logs/error.log"

[[routes]]
path = "/api/"
kind = "proxy"
upstreams = ["http://127.0.0.1:9000", "http://127.0.0.1:9001"]
load_balance = "least_connections"
retries = 1
proxy_cache = true
proxy_cache_ttl = 30
proxy_cache_path = "cache/api"
proxy_cache_lock = true
proxy_cache_stale_while_revalidate = 30
proxy_cache_use_stale_on_error = true
proxy_cache_purge = true
proxy_fallback_path = "cache/fallback.html"

Virtual host routing:

[[routes]]
path = "/"
kind = "static"
hosts = ["example.com", "www.example.com"]
root = "/srv/example.com/public"

Custom error pages:

[server]
error_pages = { 404 = "errors/404.html", 500 = "errors/500.html" }

AI Deployment Assistant

VeloxServer can inspect a project path and generate a deployment bundle with:

  • veloxserver.toml
  • systemd service file
  • Dockerfile
  • run scripts
  • deployment README
  • AI error repair settings

Linux/macOS:

veloxserver ai-deploy --project /home/sammy/myprojectdir --domain example.com --write

Windows PowerShell:

veloxserver ai-deploy --project C:\Users\sammy\myprojectdir --domain example.com --write

Ask OpenAI to review the deployment plan:

Linux/macOS:

export OPENAI_API_KEY="..."
veloxserver ai-deploy --project /home/sammy/myprojectdir --domain example.com --use-openai --write

Windows PowerShell:

$env:OPENAI_API_KEY = "..."
veloxserver ai-deploy --project C:\Users\sammy\myprojectdir --domain example.com --use-openai --write

Generated files are written to:

<project>/.veloxserver/generated/

More details: docs/ai-deployment-assistant.md.

AI Error Repair

AI error repair watches server errors such as 500, 502, 503, and 504, sends bounded and redacted diagnostic context to the configured OpenAI API, and writes repair suggestions into the project.

Install the optional dependency:

python -m pip install "veloxserver[ai-repair]"

Enable it in config:

[ai_error_repair]
enabled = true
project_path = "/home/sammy/myprojectdir"
log_path = "logs/ai-repair.log"
suggestions_path = ".veloxserver/repair-suggestions"
model = "gpt-4.1-mini"
api_key_env = "OPENAI_API_KEY"
statuses = [500, 502, 503, 504]
apply = false
context_files = ["veloxserver.toml", "pyproject.toml", "requirements.txt"]

Run with CLI flags:

Linux/macOS:

export OPENAI_API_KEY="..."
veloxserver --config veloxserver.toml --ai-error-repair --ai-error-repair-project /home/sammy/myprojectdir

Windows PowerShell:

$env:OPENAI_API_KEY = "..."
veloxserver --config veloxserver.toml --ai-error-repair --ai-error-repair-project C:\Users\sammy\myprojectdir

By default, VeloxServer writes suggestions only. Guarded file changes require explicit opt-in:

veloxserver --config veloxserver.toml --ai-error-repair --ai-error-repair-apply

More details: docs/ai-error-repair.md.

AI Model Routes

VeloxServer can expose local models through a browser chat UI and OpenAI-style API endpoints.

[[routes]]
path = "/ai/"
kind = "ai"
ai_backend = "auto"
ai_model_path = "models/local-model.gguf"
ai_model_name = "local-assistant"
ai_system_prompt = "You are the local assistant for this VeloxServer deployment."
ai_max_tokens = 512
ai_temperature = 0.7
ai_context_window = 4096
ai_chat_enabled = true
ai_api_enabled = true

Open the chat UI:

http://127.0.0.1:8080/ai/

List models:

curl http://127.0.0.1:8080/ai/v1/models

Chat completion:

Linux/macOS:

curl -X POST http://127.0.0.1:8080/ai/v1/chat/completions \
  -H "Content-Type: application/json" \
  -d '{"messages":[{"role":"user","content":"Hello"}]}'

Windows PowerShell:

curl.exe -X POST http://127.0.0.1:8080/ai/v1/chat/completions `
  -H "Content-Type: application/json" `
  -d "{\"messages\":[{\"role\":\"user\",\"content\":\"Hello\"}]}"

Supported AI backends:

  • echo: built-in deterministic backend for tests and development
  • llama_cpp: local GGUF/GGML-style model files through llama-cpp-python
  • transformers: local Hugging Face model folders or model ids through transformers
  • auto: chooses a backend from the configured model path

More details: docs/ai-model-routes.md.

Deployment Examples

Django or Gunicorn through a Unix socket:

[server]
host = "0.0.0.0"
port = 80
access_log = true
log_format = "json"
access_log_path = "/var/log/veloxserver/access.log"
error_log_path = "/var/log/veloxserver/error.log"

[[routes]]
path = "/static/"
kind = "static"
root = "/home/sammy/myprojectdir/static"

[[routes]]
path = "/"
kind = "proxy"
hosts = ["example.com", "www.example.com"]
upstreams = ["unix:/run/gunicorn.sock"]

FastAPI, Uvicorn, Node, or another TCP app:

[[routes]]
path = "/"
kind = "proxy"
hosts = ["example.com"]
upstreams = ["http://127.0.0.1:8000"]

More details: docs/deploy-gunicorn.md and docs/production-hardening.md.

Features

  • HTTP/1.0 and HTTP/1.1
  • HTTP/2 over TLS ALPN with hyper-h2
  • HTTP/3 over QUIC with aioquic
  • static file serving with safe path resolution
  • ETag, Last-Modified, If-None-Match, and If-Modified-Since
  • gzip compression and precompressed .br / .gz assets
  • reverse proxy routes with upstream pools
  • round-robin, first-available, least-connections, hash, IP-hash, and weighted balancing
  • retries, passive circuit opening, and active health checks
  • chunked and trailer-aware upstream response handling
  • WebSocket-style HTTP/1.1 upgrade tunneling
  • disk-backed proxy cache with keys, locks, purge, stale-while-revalidate, stale-on-error, and cleanup
  • virtual hosts by Host header
  • rewrite rules and advanced rewrite conditions
  • WAF path blocks and WAF plugin hooks
  • basic auth, HS256 JWT auth, RS256 JWKS/OIDC-style JWT auth
  • external auth URL checks and internal auth subrequests
  • Python plugin hooks and native dynamic module hook ABI
  • AI model routes with API and web chat access
  • AI deployment assistant for generated deployment bundles
  • OpenAI-powered error diagnosis and guarded repair suggestions
  • TCP, UDP, SMTP, IMAP, POP3, and DNS stream proxy naming
  • TLS certificate reload polling
  • TLS cipher, minimum-version, session-ticket, client-cert, ECDH, ALPN, keylog, SNI, and OCSP response knobs
  • worker process mode on platforms with SO_REUSEPORT
  • SQLite-backed shared rate-limit and connection-limit zones
  • JSON or plain access logs with rotation
  • /healthz health endpoint and Prometheus-style /metrics
  • optional Rust native core for selected hot-path work
  • graceful config reload for runtime-safe TOML changes

Limitations

  • VeloxServer is alpha.
  • Broad native hot-path coverage is not complete.
  • HTTP/3 compatibility must be tested against the browsers and clients you support.
  • Independent security audit has not been completed.
  • Benchmark claims should be generated with the included benchmark tools and your own environment.
  • AI backends require model files and optional dependencies that are not bundled by default.
  • AI repair sends bounded, redacted diagnostic context to the configured OpenAI-compatible API only when enabled.
  • AI repair defaults to suggestion-only mode; file-changing auto-apply must be explicitly enabled.
  • Native wheels with bundled Rust libraries require platform-specific CI builds.

Development

Clone and install editable:

cd veloxserver
python -m pip install -e ".[ai-repair]"

Run tests:

python -B -c "import sys, unittest; sys.path.insert(0, 'src'); suite = unittest.defaultTestLoader.discover('tests'); result = unittest.TextTestRunner(verbosity=2).run(suite); raise SystemExit(0 if result.wasSuccessful() else 1)"

Run fuzz smoke tests:

python -B fuzz/run_fuzz_campaign.py

Build package artifacts:

python -m pip install build twine
python -m build
python -m twine check dist/*

Contributor and release details live in CONTRIBUTING.md and docs/publishing.md.

Documentation

Security

Security policy: SECURITY.md. Audit checklist: SECURITY_AUDIT.md.

License

VeloxServer is licensed under the MIT License. See LICENSE.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

veloxserver-0.10.0.tar.gz (309.6 kB view details)

Uploaded Source

File details

Details for the file veloxserver-0.10.0.tar.gz.

File metadata

  • Download URL: veloxserver-0.10.0.tar.gz
  • Upload date:
  • Size: 309.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.13

File hashes

Hashes for veloxserver-0.10.0.tar.gz
Algorithm Hash digest
SHA256 4c792eeec7447069ff4fad66a035eaf5ea10f8179b3940ddc43c0efb0db720dc
MD5 421d0d0f39427c8a8d0ee8e1014c9ba7
BLAKE2b-256 7a058dd426f668601ee97e583be4abc145c2066d1a6ca261ce4a6ba25bfadc7e

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page