Ferrum Foundry

Your Gateway, at a Glance

The admin panel for managing and observing your Ferrum Edge runtime. Full CRUD for proxies, consumers, plugins, and upstreams with real-time metrics and health monitoring.

View on GitHub Quick Start

46+

Plugins Supported

50K+

Records via Virtual Scrolling

Credential Types

Themes (Dark / Light)

Capabilities

Everything You Need to Manage Your Gateway

Resource Management

Full CRUD for Proxies, Consumers, Plugins, and Upstreams. Paginated tables with search, sorting, and virtual scrolling for 50k+ records.

Relational Browsing

Navigate Proxy → Plugins → Upstream → Targets with tabs and breadcrumbs. See how your configuration connects at every level.

Consumer Credentials

Manage key-auth, basic-auth, JWT, HMAC, and mTLS credentials per consumer. Full ACL group management built in.

Plugin Configuration

JSON editor for all 46+ gateway plugins with global and per-proxy scope support. Enable, disable, and set priorities visually.

Metrics Dashboard

Gateway stats, circuit breakers, connection pools, health checks, load balancers, caches, and Prometheus metrics with configurable auto-refresh.

Health Monitoring

Real-time gateway and database health status. View cached configuration state, database connectivity, and uptime at a glance.

In Detail

See It in Action

Proxy Management

Configure API proxy routes with full control over listen paths, backend upstreams, and plugin chains.

Create, edit, and delete proxy configurations
Map listen paths to upstream service pools
View attached plugins per proxy
Search by name, listen path, ID, or backend host

Consumer & Credential Management

Manage API consumers, their credentials, and access control policies from a single interface.

Assign custom IDs and ACL groups per consumer
Support for Basic Auth, Key Auth, JWT, HMAC, and mTLS
Search by username or custom ID
View creation timestamps and credential types

Plugin Configuration

Browse and configure gateway plugin instances for authentication, rate limiting, transforms, and more.

46+ plugins including Bot Detection, CORS, Compression, and Prometheus Metrics
Global and per-proxy scoping
Priority-based execution ordering
Enable/disable plugins without removing configuration

Upstream & Load Balancing

Manage upstream services, targets, health checks, and load balancing strategies.

Round Robin, Consistent Hashing, Weighted Round Robin, and Random algorithms
Active health checks per upstream
Multiple targets per upstream with individual weights
Search by name or ID

Metrics Dashboard

A comprehensive view of your gateway's runtime performance, including request rates, circuit breaker states, and connection pool utilization.

Gateway version, mode, uptime, and request throughput
Per-proxy circuit breaker states with failure/success counts
Connection pool sizing and idle timeout tracking
Status code breakdown (200s, 502s, 503s per second)
Configurable auto-refresh interval

Health Monitoring

Real-time visibility into gateway and database health status with cached configuration details.

Gateway operational mode and timestamp
Database connection status and type (SQLite, Postgres)
Cached configuration availability and load timestamps
Proxy and consumer counts in cached config

Settings & Connection

Configure the BFF connection to your Ferrum Edge Admin API, manage JWT authentication, and adjust timeouts.

Admin URL and JWT secret configuration
Configurable connect, read, and write timeouts
Connection testing to validate settings
Namespace switching for multi-tenant environments
Metrics refresh interval configuration

Architecture

How Foundry Works

A Backend-for-Frontend (BFF) design that handles what browsers cannot.

Architecture

Browser  <->  Fastify BFF (Node.js)  <->  Ferrum Admin API
                     |
               JWT generation
               TLS trust store
               Timeout enforcement
               SPA serving (prod)

Why a BFF?

The BFF handles TLS trust stores, connection/read/write timeouts, and JWT generation server-side — capabilities browsers cannot provide. This keeps credentials out of the browser and enables secure mTLS connections to the Admin API.

Namespace Support

Browse and manage resources across namespaces via the X-Ferrum-Namespace header. Switch between namespaces without reloading and view resources scoped to each namespace independently.

Built With

Tech Stack

React 19

Frontend

TypeScript

Type Safety

Tailwind CSS v4

Styling

TanStack Router

Routing

TanStack Query

Data Fetching

TanStack Table

Data Tables

Radix UI

Accessible Primitives

Fastify 5

BFF Server

Distroless

Docker Image

Get Started

Quick Start

Prerequisites

Node.js 22+ npm 10+ Ferrum Edge running

Local Development

bash

# Clone and install
git clone https://github.com/ferrum-edge/ferrum-foundry.git
cd ferrum-foundry
npm install

# Set required environment variables
export FERRUM_ADMIN_URL=http://localhost:9000   # Ferrum Admin API URL
export FERRUM_JWT_SECRET=your-jwt-secret         # HS256 signing key

# Start the dev server (Vite + Fastify)
npm run dev

# Open http://localhost:5173

Docker

bash

docker build -f docker/Dockerfile -t ferrum-foundry .

docker run \
  -e FERRUM_ADMIN_URL=http://your-gateway:9000 \
  -e FERRUM_JWT_SECRET=your-secret \
  -p 8080:8080 \
  ferrum-foundry

Environment Variables

Variable	Default	Description
`FERRUM_ADMIN_URL`	—	Ferrum Admin API URL (required)
`FERRUM_JWT_SECRET`	—	HS256 signing key (required)
`FERRUM_JWT_ISSUER`	`ferrum-edge`	JWT issuer claim
`FERRUM_JWT_TTL`	`3600`	JWT token TTL (seconds)
`FERRUM_TLS_CA_PATH`	—	Path to .pem truststore
`FERRUM_TLS_VERIFY`	`true`	Verify TLS certificates
`FERRUM_CONNECT_TIMEOUT`	`5000`	Connection timeout (ms)
`FERRUM_READ_TIMEOUT`	`60000`	Read timeout (ms)
`FERRUM_WRITE_TIMEOUT`	`60000`	Write timeout (ms)
`PORT`	`3001`	BFF server port

Licensing

Ferrum Foundry is licensed under PolyForm Noncommercial 1.0.0 for non-commercial use. Commercial licenses are available for production deployments.

View on GitHub Licensing Details