Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
SMTP SMTPConfig `yaml:"smtp"`
HTTP HTTPConfig `yaml:"http"`
Database DatabaseConfig `yaml:"database"`
OAuth OAuthConfig `yaml:"oauth"`
Signing SigningConfig `yaml:"signing"`
OutboundSMTP OutboundSMTPConfig `yaml:"outbound_smtp"`
Env string `yaml:"env"` // "development" or "production"
// (e.g. "agents.example.com"), users can register agents with just a
// slug and get `<slug>@<shared_domain>` provisioned without DNS
// setup. Empty disables slug registration — every agent must use a
// custom domain that the user owns and verifies. The shared domain
// itself is reserved: it cannot be claimed as a custom domain.
SharedDomain string `yaml:"shared_domain"`
}
func (*Config) IsProduction ¶
func (*Config) Validate ¶
Validate enforces invariants that must hold before the server starts. In production mode the placeholder HMAC secret, an empty secret, and secrets shorter than the hash output length are hard rejected — running with any of these lets attackers forge X-E2A-Auth-* headers and approve HITL messages.
type DatabaseConfig ¶
type DatabaseConfig struct {
URL string `yaml:"url"`
}
type HTTPConfig ¶
type HTTPConfig struct {
ListenAddr string `yaml:"listen_addr"`
// PublicURL is the externally visible base URL of the API, used to
// build absolute links in notification emails (e.g. HITL magic-link
// approve/reject). Example: "https://e2a.example.com". If empty,
// features that need absolute URLs gracefully degrade.
PublicURL string `yaml:"public_url"`
}
type OAuthConfig ¶
type OutboundSMTPConfig ¶
type SMTPConfig ¶
type SigningConfig ¶
type SigningConfig struct {
HMACSecret string `yaml:"hmac_secret"`
}
Source Files
Click to show internal directories.
Click to hide internal directories.