feat: add OpenAI-compatible embeddings endpoint #4

AnthonyRonning · 2025-12-31T20:04:24Z

Summary

Adds support for text embeddings via the OpenAI-compatible /v1/embeddings endpoint, proxying to the OpenSecret backend with E2EE via TEE attestation.

Changes

Update opensecret SDK from 0.2.3 to 0.2.7 (includes embeddings support)
Add create_embeddings handler in proxy.rs following the same pattern as chat completions
Register /v1/embeddings POST route in lib.rs

API Format

Follows standard OpenAI embeddings API:

// Request
POST /v1/embeddings
{
  "input": "text to embed" | ["text1", "text2"],
  "model": "nomic-embed-text"
}

// Response
{
  "object": "list",
  "data": [{"object": "embedding", "index": 0, "embedding": [...768 floats...]}],
  "model": "nomic-embed-text",
  "usage": {"prompt_tokens": N, "total_tokens": N}
}

Testing

Tested against dev environment with both single and multiple input embeddings - working correctly with 768-dimension vectors from nomic-embed-text model.

Summary by CodeRabbit

New Features
- Added a new /v1/embeddings endpoint to the API, enabling users to generate embeddings for text inputs in addition to existing chat completion and model listing capabilities.
Dependencies
- Updated core dependency to a newer version for improved stability and compatibility.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

Add /v1/embeddings POST endpoint that proxies to the OpenSecret backend with E2EE via TEE attestation. Supports single string and array inputs. - Update opensecret SDK to 0.2.7 for embeddings support - Add create_embeddings handler following chat completions pattern - Register /v1/embeddings route Co-authored-by: factory-droid[bot] <138933559+factory-droid[bot]@users.noreply.github.com>

coderabbitai · 2025-12-31T20:04:34Z

📝 Walkthrough

Walkthrough

This PR adds OpenAI-compatible embeddings support to the proxy by introducing a new POST /v1/embeddings endpoint, exposing the corresponding handler function in public re-exports, and bumping the opensecret dependency from 0.2.3 to 0.2.7.

Changes

Cohort / File(s)	Change Summary
Dependency Updates `Cargo.toml`	Version bump: `opensecret` from 0.2.3 to 0.2.7
Embeddings Endpoint Implementation `src/proxy.rs`	New `create_embeddings` handler: authenticates via API key, initializes backend client, forwards `EmbeddingRequest` to backend, returns `EmbeddingResponse` as JSON; maps auth failures to 401 and internal errors to 500
Public API Exposure `src/lib.rs`	Re-exports `create_embeddings` from proxy module; wires new POST /v1/embeddings route in Axum application

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant Proxy as Proxy Handler<br/>(create_embeddings)
    participant Auth as Auth Layer
    participant Backend as Backend Client
    
    Client->>Proxy: POST /v1/embeddings<br/>+ API Key + EmbeddingRequest
    
    Proxy->>Auth: Extract & validate API key
    alt Auth Success
        Auth-->>Proxy: API key valid
        Proxy->>Backend: Initialize client with auth
        Proxy->>Backend: Forward EmbeddingRequest
        Backend-->>Proxy: EmbeddingResponse
        Proxy-->>Client: 200 OK<br/>EmbeddingResponse (JSON)
    else Auth Failure
        Auth-->>Proxy: Auth error
        Proxy-->>Client: 401 Unauthorized<br/>OpenAIError
    else Backend Error
        Backend-->>Proxy: Internal error
        Proxy-->>Client: 500 Internal Server Error<br/>OpenAIError
    end

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 Hops with glee through vectors bright,
Embeddings now, a glorious sight!
New routes and endpoints, clean and lean,
The finest proxy yet has seen! ✨

Pre-merge checks and finishing touches

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The pull request title accurately and concisely summarizes the main change: adding an OpenAI-compatible embeddings endpoint.

✨ Finishing touches

📝 Generate docstrings

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

coderabbitai

Actionable comments posted: 1

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a8fb0f2 and 4880aed.

⛔ Files ignored due to path filters (1)

Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (3)

Cargo.toml
src/lib.rs
src/proxy.rs

🧰 Additional context used

📓 Path-based instructions (4)

Cargo.toml

📄 CodeRabbit inference engine (CLAUDE.md)

Depend on opensecret version 0.2.0

Files:

Cargo.toml

src/lib.rs

📄 CodeRabbit inference engine (CLAUDE.md)

src/lib.rs: lib.rs exports a create_app function that builds the Axum router
The Axum router must include health check endpoints at / and /health
Expose OpenAI-compatible endpoints at /v1/models and /v1/chat/completions
Support optional CORS in the application router
Enable request tracing in the application router

Files:

src/lib.rs

**/*.rs

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.rs: Format Rust code with rustfmt
Run clippy with strict warnings and address all lints

Files:

src/lib.rs
src/proxy.rs

src/proxy.rs

📄 CodeRabbit inference engine (CLAUDE.md)

src/proxy.rs: Extract API keys from the Authorization header or fall back to the default key
Create the OpenSecret client and perform TEE attestation before forwarding
Forward requests to the configured TEE backend
Handle streaming responses for chat completions
Transform backend responses to OpenAI-compatible format

Files:

src/proxy.rs

🧠 Learnings (8)

📓 Common learnings

Learnt from: CR
Repo: OpenSecretCloud/maple-proxy PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-09-12T18:29:41.802Z
Learning: Applies to src/lib.rs : Expose OpenAI-compatible endpoints at /v1/models and /v1/chat/completions

Learnt from: CR
Repo: OpenSecretCloud/maple-proxy PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-09-12T18:29:41.802Z
Learning: Applies to src/proxy.rs : Transform backend responses to OpenAI-compatible format