codexappgateway

package

v0.49.0 Latest Latest Go to latest Published: May 15, 2026 License: MIT Imports: 27 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/agentserver/agentserver

Links

Open Source Insights

Documentation ¶

Index ¶

func MintCapToken(secret []byte, turnID, workspaceID, exeID string, ttl time.Duration) (string, error)
type ExecGatewayClient
- func NewExecGatewayClient(baseURL, bearer string) *ExecGatewayClient
- func (c *ExecGatewayClient) Connected(ctx context.Context, workspaceID string) ([]execmodel.ConnectedExecutor, error)
type S3Config
type ServeConfig
- func LoadServeConfigFromEnv() (ServeConfig, error)
type Server
- func NewServer(cfg ServeConfig, codexBin, selfBin string, logger *slog.Logger) (*Server, error)
- func (s *Server) Routes() http.Handler
- func (s *Server) Run(ctx context.Context, listenAddr string) error

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func MintCapToken ¶

func MintCapToken(secret []byte, turnID, workspaceID, exeID string, ttl time.Duration) (string, error)

MintCapToken produces a capability token consumed by codex-exec-gateway's VerifyCapabilityToken. Format and HMAC are kept identical (HS256 over "headerB64.payloadB64", base64url-no-pad) — see internal/codexexecgateway/auth.go for the verifier.

Per the 2026-05-10 refinement, each minted token authorises exactly one exe_id (one bridge connection per executor per turn). Verifier still accepts multi-id payloads for forward compat.

Types ¶

type ExecGatewayClient ¶

type ExecGatewayClient struct {
	// contains filtered or unexported fields
}

ExecGatewayClient calls codex-exec-gateway's internal HTTP API.

Auth model: each request carries an `Authorization: Bearer <internal-shared-secret>`. Both gateway pods read the same secret out of the shared k8s Secret; see deploy/helm/agentserver/templates/codex-exec-gateway-secrets.yaml.

func NewExecGatewayClient ¶

func NewExecGatewayClient(baseURL, bearer string) *ExecGatewayClient

NewExecGatewayClient constructs a client. baseURL is the http(s) base (e.g. "http://release-codex-exec-gateway:6060"); bearer is the shared-secret used for the `/api/exec-gateway` routes.

func (*ExecGatewayClient) Connected ¶

func (c *ExecGatewayClient) Connected(ctx context.Context, workspaceID string) ([]execmodel.ConnectedExecutor, error)

Connected returns the intersection of (workspace's bound executors) ∩ (currently-connected executors at the gateway). May be empty.

type S3Config ¶

type S3Config struct {
	Endpoint        string
	Region          string
	Bucket          string
	AccessKeyID     string
	SecretAccessKey string
	PathStyle       bool
}

S3Config matches the shape used by internal/ccbroker/workspace/s3store.go; dedup into a shared storage package is a known follow-up. Until then, keep validation here in sync with ccbroker's.

type ServeConfig ¶

type ServeConfig struct {
	InboundHMACSecret         []byte
	S3                        S3Config
	TmpRoot                   string
	IdleShutdown              time.Duration
	ExecGatewayWSURL          string
	ExecGatewayInternalURL    string
	ExecGatewayInternalSecret string
	CapTokenHMACSecret        []byte
	CapTokenTTL               time.Duration
	LogLevel                  slog.Level

	// Model provider config — written verbatim into each per-thread
	// config.toml. The codex subprocess reads ModelProviderEnvKey from its
	// own env (forwarded from CodexAPIKey here) to authenticate to the
	// LLM gateway (typically llmproxy in-cluster).
	ModelProvider        string
	Model                string
	ModelProviderBaseURL string
	ModelProviderEnvKey  string
	ModelProviderWireAPI string
	CodexAPIKey          string

	// ProjectTrustedPaths is the list of paths marked `trust_level = "trusted"`
	// in config.toml. Without at least one, codex refuses to run shell-side
	// operations on the project root.
	ProjectTrustedPaths []string
}

func LoadServeConfigFromEnv ¶

func LoadServeConfigFromEnv() (ServeConfig, error)

type Server ¶

type Server struct {
	// contains filtered or unexported fields
}

Server is the codex-app-gateway HTTP/WS server.

func NewServer ¶

func NewServer(cfg ServeConfig, codexBin, selfBin string, logger *slog.Logger) (*Server, error)

NewServer wires up the production server. selfBin is the absolute path to the codex-app-gateway binary itself, used as the `command =` for each per-executor `[mcp_servers.exe_*]` entry (codex spawns it as the env-mcp child).

func (*Server) Routes ¶

func (s *Server) Routes() http.Handler

Routes builds the chi router. Public for tests.

func (*Server) Run ¶

func (s *Server) Run(ctx context.Context, listenAddr string) error

Run serves HTTP until ctx is done.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
auth Package auth handles inbound caller authentication for codex-app-gateway.	Package auth handles inbound caller authentication for codex-app-gateway.
codexhome Package codexhome owns per-thread CODEX_HOME tmpdirs: creation, destruction, and the rendering of the config.toml fragment we plant inside each one before spawning `codex app-server`.	Package codexhome owns per-thread CODEX_HOME tmpdirs: creation, destruction, and the rendering of the config.toml fragment we plant inside each one before spawning `codex app-server`.
envmcp
supervisor Package supervisor spawns and tracks per-thread `codex app-server` subprocesses inside the codex-app-gateway pod.	Package supervisor spawns and tracks per-thread `codex app-server` subprocesses inside the codex-app-gateway pod.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL