Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
ErrUnauthorized is returned by ProxyTokenAuth.Verify for tokens that agentserver rejects. Callers MUST respond with HTTP 401 (never 5xx) so a misconfigured client recovers without retrying forever.
Functions ¶
This section is empty.
Types ¶
type ConnectedExecutor ¶
type ConnectedExecutor struct {
ExeID string `json:"exe_id,omitempty"`
Name string `json:"name"`
IsDefault bool `json:"is_default,omitempty"`
LastSeenAt string `json:"last_seen_at,omitempty"`
}
ConnectedExecutor mirrors the fields codex-exec-gateway's existing /api/exec-gateway/connected handler returns. Defined here to avoid importing the handler package from sdk.
type ConnectedLister ¶
type ConnectedLister interface {
Connected(ctx context.Context, workspaceID string) ([]ConnectedExecutor, error)
}
ConnectedLister is the subset of the gateway's executor registry the sdk package needs. The B6 wiring step provides an adapter that satisfies this interface from the existing store + registry types.
type ProxyTokenAuth ¶
type ProxyTokenAuth struct {
// contains filtered or unexported fields
}
ProxyTokenAuth turns a sandbox proxyToken into (workspace_id, user_id) by calling agentserver's /internal/validate-proxy-token. Results are LRU-cached with a positive TTL and a shorter negative TTL.
func NewProxyTokenAuth ¶
func NewProxyTokenAuth(agentserverURL, internalSecret string, posTTL, negTTL time.Duration) *ProxyTokenAuth
type RelayClientFactory ¶
type RelayClientFactory func(workspaceID, capToken string) *bridge.RelayClient
RelayClientFactory builds a workspace-scoped bridge.RelayClient on demand for copy_path. The CopyPathTool constructor wants a concrete *bridge.RelayClient (not an interface), and the relay token is a workspace-scoped cap-token — so each workspace gets its own.
type Server ¶
type Server struct {
Auth *ProxyTokenAuth
Sessions *processes.Manager
Registry ConnectedLister
// ExecGatewayWSURL is the ws(s):// base URL the per-workspace Pool
// uses to dial /bridge/<exe_id>. The exe_id is appended per dial
// (see bridge.NewPool — first arg is treated as the base, the
// pool's own .Dial appends /<exe_id>). Must end without a trailing
// slash; e.g. "wss://codex-exec.example.com/bridge" or
// "ws://localhost:6060/bridge".
ExecGatewayWSURL string
// CapTokenSecret is the HMAC secret used to mint per-workspace
// cap-tokens consumed by the same process's /bridge verifier. Must
// match cfg.CapTokenHMACSecret in production.
CapTokenSecret []byte
// RelayFactory, if non-nil, builds a workspace-scoped
// bridge.RelayClient used by copy_path. Optional — copy_path is
// only registered when this is set.
RelayFactory RelayClientFactory
Logger *slog.Logger
// contains filtered or unexported fields
}
Server holds the SDK REST surface. Construct in cmd/codex-exec-gateway/main.go and call Mount(r chi.Router) once at startup.
Per-workspace state — Pool, Resolver, tool registry — is built lazily on the first request for a workspace and cached for the Server's lifetime in wsCache. Each workspace gets its own cap-token (so the bridge layer authorises only that workspace's executors) and its own resolver Fetcher (so name → exe_id lookups are scoped to its connected list).
Source Files