nexus-mock-provider is a test fixture: a mock LLM upstream for load and
performance testing. By design it:
- does not authenticate requests — any credential a client sends is accepted and ignored;
- echoes request content back in its response;
- enables permissive CORS.
Do not expose a public instance to untrusted networks, and never send real secrets or personal data to it. Run it on loopback or inside a trusted network, fronted by your own auth/ratelimit if it must be reachable. The bundled systemd unit locks the listener to loopback for this reason.
If you find a security issue in the code (e.g. a crash/DoS reachable with a crafted request, or a way the process can be made to leak host data), please report it privately:
- Use GitHub's "Report a vulnerability" (Security advisories) on this repo, or
- email the maintainers at the address listed on the organization profile.
Please include reproduction steps and the affected version/commit. We aim to acknowledge within a few business days. Do not open a public issue for undisclosed vulnerabilities.
This project tracks main; fixes land there first and are included in the next
tagged release. Only the latest release is supported.