Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
SMTP SMTPConfig `yaml:"smtp"`
HTTP HTTPConfig `yaml:"http"`
Database DatabaseConfig `yaml:"database"`
OAuth OAuthConfig `yaml:"oauth"`
Signing SigningConfig `yaml:"signing"`
OutboundSMTP OutboundSMTPConfig `yaml:"outbound_smtp"`
Limits LimitsConfig `yaml:"limits"`
Env string `yaml:"env"` // "development" or "production"
// (e.g. "agents.example.com"), users can register agents with just a
// slug and get `<slug>@<shared_domain>` provisioned without DNS
// setup. Empty disables slug registration — every agent must use a
// custom domain that the user owns and verifies. The shared domain
// itself is reserved: it cannot be claimed as a custom domain.
SharedDomain string `yaml:"shared_domain"`
}
func (*Config) IsProduction ¶
func (*Config) Validate ¶
Validate enforces invariants that must hold before the server starts. In production mode the placeholder HMAC secret, an empty secret, and secrets shorter than the hash output length are hard rejected — running with any of these lets attackers forge X-E2A-Auth-* headers and approve HITL messages.
type DatabaseConfig ¶
type DatabaseConfig struct {
URL string `yaml:"url"`
}
type HTTPConfig ¶
type HTTPConfig struct {
ListenAddr string `yaml:"listen_addr"`
// PublicURL is the externally visible base URL of the API, used to
// build absolute links in notification emails (e.g. HITL magic-link
// approve/reject). Example: "https://e2a.example.com". If empty,
// features that need absolute URLs gracefully degrade.
PublicURL string `yaml:"public_url"`
}
type LimitsConfig ¶ added in v0.3.0
type LimitsConfig struct {
PlanCode string `yaml:"plan_code"`
MaxAgents int `yaml:"max_agents"`
MaxDomains int `yaml:"max_domains"`
MaxMessagesMonth int `yaml:"max_messages_month"`
MaxStorageBytes int64 `yaml:"max_storage_bytes"`
// CacheTTLSeconds controls how long resolved Limits are cached
// in-process. The cache covers the account_limits read only; current
// usage counts are always live. Set to 0 to disable caching
// (recommended for tests that mutate account_limits and want
// immediate visibility).
CacheTTLSeconds int `yaml:"cache_ttl_seconds"`
// InternalAPISecret is the shared HMAC secret the external limits
// provisioner (e.g. the hosted billing sidecar) uses to authenticate
// to /api/internal/limits/invalidate. When empty (the self-host
// default), that endpoint returns 503 — no provisioner, no
// invalidation. Must be set to the same value on both ends.
InternalAPISecret string `yaml:"internal_api_secret"`
// BillingHookURL is the URL the OSS server POSTs to when a user
// deletes their account, so the external billing service (e.g.
// the hosted billing sidecar's /api/internal/billing/cancel) can
// cancel the user's Stripe subscription. Empty disables the call
// — appropriate for self-host without billing. The same
// InternalAPISecret signs the POST body.
BillingHookURL string `yaml:"billing_hook_url"`
}
LimitsConfig is the operator-configured fallback applied to any user who does not yet have a row in account_limits. The hosted billing sidecar populates rows for paying customers; self-hosted operators who do not run a billing service rely on these defaults for every user. Defaults below intentionally lean generous so a self-host that never touches the limits subsystem is not accidentally throttled.
Hosted-service operators who want every brand-new signup capped to a "free" shape should set these to the Free-tier numbers — the sidecar will then overwrite them on upgrade.
type OAuthConfig ¶
type OutboundSMTPConfig ¶
type SMTPConfig ¶
type SigningConfig ¶
type SigningConfig struct {
HMACSecret string `yaml:"hmac_secret"`
}
Source Files