Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
BindAddress string `json:"bind_address" yaml:"bind_address"`
CertDir string `json:"cert_dir" yaml:"cert_dir"`
Upstream string `json:"upstream" yaml:"upstream"`
MaxBodySize int64 `json:"max_body_size" yaml:"max_body_size"`
MaxConns int `json:"max_conns" yaml:"max_conns"`
Timeout time.Duration `json:"timeout" yaml:"timeout"`
ShutdownTimeout time.Duration `json:"shutdown_timeout" yaml:"shutdown_timeout"`
RateLimit int `json:"rate_limit" yaml:"rate_limit"`
LogLevel string `json:"log_level" yaml:"log_level"`
TLS *TLSConfig `json:"tls,omitempty" yaml:"tls,omitempty"`
UpstreamTLS *TLSConfig `json:"upstream_tls,omitempty" yaml:"upstream_tls,omitempty"`
// ML Anomaly Detection configuration
ML *MLConfig `json:"ml,omitempty" yaml:"ml,omitempty"`
// Plugin configuration
Plugins *PluginConfig `json:"plugins,omitempty" yaml:"plugins,omitempty"`
// Security configuration
Security *SecurityConfig `json:"security,omitempty" yaml:"security,omitempty"`
// contains filtered or unexported fields
}
Config holds all application configuration
func LoadFromFile ¶
LoadFromFile loads configuration from a YAML file
func LoadWithEnvOverrides ¶
LoadWithEnvOverrides applies environment variable overrides to an existing config
func (*Config) GetMLConfig ¶
GetMLConfig returns the ML configuration
func (*Config) GetProxyOptions ¶
GetProxyOptions converts config to proxy.Options for the proxy package
func (*Config) SetMLConfig ¶
SetMLConfig sets the ML configuration
type FIPSConfig ¶
type FIPSConfig struct {
// Enable FIPS mode
Enabled bool `json:"enabled" yaml:"enabled" env:"AEGISGATE_FIPS_ENABLED"`
// FIPS compliance level: "140-2" or "140-3"
Level string `json:"level" yaml:"level" env:"AEGISGATE_FIPS_LEVEL"`
// Enable cryptographic audit logging
AuditLogging bool `json:"audit_logging" yaml:"audit_logging" env:"AEGISGATE_FIPS_AUDIT_LOGGING"`
// Require FIPS-approved algorithms only
ApprovedAlgorithmsOnly bool `json:"approved_algorithms_only" yaml:"approved_algorithms_only" env:"AEGISGATE_FIPS_APPROVED_ONLY"`
// Minimum RSA key size (bits)
MinRSAKeySize int `json:"min_rsa_key_size" yaml:"min_rsa_key_size" env:"AEGISGATE_FIPS_MIN_RSA_KEY_SIZE"`
// Minimum TLS version
MinTLSVersion string `json:"min_tls_version" yaml:"min_tls_version" env:"AEGISGATE_FIPS_MIN_TLS_VERSION"`
// Allow deprecated algorithms (for backward compatibility)
AllowDeprecated bool `json:"allow_deprecated" yaml:"allow_deprecated" env:"AEGISGATE_FIPS_ALLOW_DEPRECATED"`
}
FIPSConfig represents FIPS compliance configuration
func DefaultFIPSConfig ¶
func DefaultFIPSConfig() FIPSConfig
DefaultFIPSConfig returns the default FIPS configuration
func (FIPSConfig) IsTLS12Required ¶
func (c FIPSConfig) IsTLS12Required() bool
IsTLS12Required returns true if TLS 1.2 is required
func (FIPSConfig) IsTLS13Required ¶
func (c FIPSConfig) IsTLS13Required() bool
IsTLS13Required returns true if TLS 1.3 is required
func (FIPSConfig) Validate ¶
func (c FIPSConfig) Validate() error
Validate validates the FIPS configuration
type MLConfig ¶
type MLConfig struct {
// Enabled toggles ML anomaly detection on/off
Enabled bool `json:"enabled" yaml:"enabled"`
// Sensitivity determines the threshold for anomaly detection
// Options: "low", "medium", "high", "paranoid"
Sensitivity string `json:"sensitivity" yaml:"sensitivity"`
// BlockOnCriticalSeverity blocks critical severity anomalies
BlockOnCriticalSeverity bool `json:"block_on_critical" yaml:"block_on_critical"`
// BlockOnHighSeverity blocks high severity anomalies
BlockOnHighSeverity bool `json:"block_on_high" yaml:"block_on_high"`
// MinScoreToBlock minimum z-score to trigger blocking
MinScoreToBlock float64 `json:"min_score_to_block" yaml:"min_score_to_block"`
// SampleRate percentage of requests to analyze (0-100)
SampleRate int `json:"sample_rate" yaml:"sample_rate"`
// ExcludedPaths URL paths to exclude from ML analysis
ExcludedPaths []string `json:"excluded_paths" yaml:"excluded_paths"`
// ExcludedMethods HTTP methods to exclude from ML analysis
ExcludedMethods []string `json:"excluded_methods" yaml:"excluded_methods"`
// LogAllAnomalies whether to log all anomalies or only blocked ones
LogAllAnomalies bool `json:"log_all_anomalies" yaml:"log_all_anomalies"`
// EnablePromptInjectionDetection enables prompt injection detection
EnablePromptInjectionDetection bool `json:"enable_prompt_injection" yaml:"enable_prompt_injection"`
// PromptInjectionSensitivity sensitivity for prompt injection (0-100)
PromptInjectionSensitivity int `json:"prompt_injection_sensitivity" yaml:"prompt_injection_sensitivity"`
// EnableContentAnalysis enables content analysis (LLM response inspection)
EnableContentAnalysis bool `json:"enable_content_analysis" yaml:"enable_content_analysis"`
// EnableBehavioralAnalysis enables behavioral analysis
EnableBehavioralAnalysis bool `json:"enable_behavioral_analysis" yaml:"enable_behavioral_analysis"`
// WindowSize for baseline calculation
WindowSize int `json:"window_size" yaml:"window_size"`
// ZThreshold for anomaly detection
ZThreshold float64 `json:"z_threshold" yaml:"z_threshold"`
// MinSamples before detection starts
MinSamples int `json:"min_samples" yaml:"min_samples"`
// EntropyThreshold for entropy-based detection
EntropyThreshold float64 `json:"entropy_threshold" yaml:"entropy_threshold"`
}
MLConfig holds ML anomaly detection configuration
func DefaultMLConfig ¶
func DefaultMLConfig() *MLConfig
DefaultMLConfig returns sensible defaults for ML configuration
type PluginConfig ¶
type PluginConfig struct {
Enabled bool `json:"enabled" yaml:"enabled"`
Directories []string `json:"directories" yaml:"directories"`
PluginSettings map[string]string `json:"plugin_settings" yaml:"plugin_settings"`
Timeout time.Duration `json:"timeout" yaml:"timeout"`
EnablePeriodic bool `json:"enable_periodic" yaml:"enable_periodic"`
}
PluginConfig holds plugin configuration
func DefaultPluginConfig ¶
func DefaultPluginConfig() *PluginConfig
DefaultPluginConfig returns default plugin configuration
type SecurityConfig ¶
type SecurityConfig struct {
EnableFIPS bool `json:"enable_fips" yaml:"enable_fips"`
EnableAuditLogging bool `json:"enable_audit_logging" yaml:"enable_audit_logging"`
AuditLogPath string `json:"audit_log_path" yaml:"audit_log_path"`
EnableOPSEC bool `json:"enable_opsec" yaml:"enable_opsec"`
EnableImmutableConfig bool `json:"enable_immutable_config" yaml:"enable_immutable_config"`
EnableReadOnlyFS bool `json:"enable_readonly_fs" yaml:"enable_readonly_fs"`
EnableWAL bool `json:"enable_wal" yaml:"enable_wal"`
EnableSnapshot bool `json:"enable_snapshot" yaml:"enable_snapshot"`
EnableRollback bool `json:"enable_rollback" yaml:"enable_rollback"`
MaxMemoryMB int `json:"max_memory_mb" yaml:"max_memory_mb"`
EnableSecurityHeaders bool `json:"enable_security_headers" yaml:"enable_security_headers"`
AllowedMethods []string `json:"allowed_methods" yaml:"allowed_methods"`
BlockedIPs []string `json:"blocked_ips" yaml:"blocked_ips"`
AllowedHosts []string `json:"allowed_hosts" yaml:"allowed_hosts"`
}
SecurityConfig holds security-related configuration
func DefaultSecurityConfig ¶
func DefaultSecurityConfig() *SecurityConfig
DefaultSecurityConfig returns default security configuration
func (SecurityConfig) Validate ¶
func (sc SecurityConfig) Validate() error
Validate validates the security configuration
type TLSConfig ¶
type TLSConfig struct {
Enabled bool `json:"enabled" yaml:"enabled"`
CertFile string `json:"cert_file" yaml:"cert_file"`
KeyFile string `json:"key_file" yaml:"key_file"`
CAFile string `json:"ca_file" yaml:"ca_file"`
SkipVerify bool `json:"skip_verify" yaml:"skip_verify"`
MinVersion string `json:"min_version" yaml:"min_version"`
MaxVersion string `json:"max_version" yaml:"max_version"`
}
TLSConfig holds TLS-specific configuration
Source Files
Click to show internal directories.
Click to hide internal directories.