docs: sync documentation with current implementation and archive stale plan

CODE_REVIEW_PLAN.md

@@ -0,0 +1,65 @@
+# LLM Proxy Code Review Plan
+
+## Overview
+The **LLM Proxy** project is a Rust-based middleware designed to provide a unified interface for multiple Large Language Models (LLMs). Based on the repository structure, the project aims to implement a high-performance proxy server (`src/`) that handles request routing, usage tracking, and billing logic. A static dashboard (`static/`) provides a management interface for monitoring consumption and managing API keys. The architecture leverages Rust's async capabilities for efficient request handling and SQLite for persistent state management.
+
+## Review Phases
+
+### Phase 1: Backend Architecture & Rust Logic (@code-reviewer)
+- **Focus on:**
+  - **Core Proxy Logic:** Efficiency of the request/response pipeline and streaming support.
+  - **State Management:** Thread-safety and shared state patterns using `Arc` and `Mutex`/`RwLock`.
+  - **Error Handling:** Use of idiomatic Rust error types and propagation.
+  - **Async Performance:** Proper use of `tokio` or similar runtimes to avoid blocking the executor.
+  - **Rust Idioms:** Adherence to Clippy suggestions and standard Rust naming conventions.
+
+### Phase 2: Security & Authentication Audit (@security-auditor)
+- **Focus on:**
+  - **API Key Management:** Secure storage, masking in logs, and rotation mechanisms.
+  - **JWT Handling:** Validation logic, signature verification, and expiration checks.
+  - **Input Validation:** Sanitization of prompts and configuration parameters to prevent injection.
+  - **Dependency Audit:** Scanning for known vulnerabilities in the `Cargo.lock` using `cargo-audit`.
+
+### Phase 3: Database & Data Integrity Review (@database-optimizer)
+- **Focus on:**
+  - **Schema Design:** Efficiency of the SQLite schema for usage tracking and billing.
+  - **Migration Strategy:** Robustness of the migration scripts to prevent data loss.
+  - **Usage Tracking:** Accuracy of token counting and concurrency handling during increments.
+  - **Query Optimization:** Identifying potential bottlenecks in reporting queries.
+
+### Phase 4: Frontend & Dashboard Review (@frontend-developer)
+- **Focus on:**
+  - **Vanilla JS Patterns:** Review of Web Components and modular JS in `static/js`.
+  - **Security:** Protection against XSS in the dashboard and secure handling of local storage.
+  - **UI/UX Consistency:** Ensuring the management interface is intuitive and responsive.
+  - **API Integration:** Robustness of the frontend's communication with the Rust backend.
+
+### Phase 5: Infrastructure & Deployment Review (@devops-engineer)
+- **Focus on:**
+  - **Dockerfile Optimization:** Multi-stage builds to minimize image size and attack surface.
+  - **Resource Limits:** Configuration of CPU/Memory limits for the proxy container.
+  - **Deployment Docs:** Clarity of the setup process and environment variable documentation.
+
+## Timeline (Gantt)
+
+```mermaid
+gantt
+    title LLM Proxy Code Review Timeline (March 2026)
+    dateFormat  YYYY-MM-DD
+    section Backend & Security
+    Architecture & Rust Logic (Phase 1)   :active, p1, 2026-03-06, 1d
+    Security & Auth Audit (Phase 2)       :p2, 2026-03-07, 1d
+    section Data & Frontend
+    Database & Integrity (Phase 3)        :p3, 2026-03-07, 1d
+    Frontend & Dashboard (Phase 4)        :p4, 2026-03-08, 1d
+    section DevOps
+    Infra & Deployment (Phase 5)          :p5, 2026-03-08, 1d
+    Final Review & Sign-off               :2026-03-08, 4h
+```
+
+## Success Criteria
+- **Security:** Zero high-priority vulnerabilities identified; all API keys masked in logs.
+- **Performance:** Proxy overhead is minimal (<10ms latency addition); queries are indexed.
+- **Maintainability:** Code passes all linting (`cargo clippy`) and formatting (`cargo fmt`) checks.
+- **Documentation:** README and deployment guides are up-to-date and accurate.
+- **Reliability:** Usage tracking matches actual API consumption with 99.9% accuracy.