Documentation
¶
Overview ¶
Package config handles moat.yaml manifest parsing.
Index ¶
- Constants
- func DockerVolumeName(agentName, volumeName string) string
- func GlobalConfigDir() string
- func VolumeDir(agentName, volumeName string) string
- type ClaudeConfig
- type CodexConfig
- type Config
- type ContainerConfig
- type DebugConfig
- type GeminiConfig
- type GlobalConfig
- type HooksConfig
- type MCPAuthConfig
- type MCPServerConfig
- type MCPServerSpec
- type MarketplaceSpec
- type Mount
- type NetworkConfig
- type ProxyConfig
- type ServiceSpec
- type SnapshotConfig
- type SnapshotExcludeConfig
- type SnapshotRetentionConfig
- type SnapshotTriggerConfig
- type TracingConfig
- type VolumeConfig
Constants ¶
const ConfigFilename = "moat.yaml"
ConfigFilename is the preferred config file name.
const LegacyConfigFilename = "agent.yaml"
LegacyConfigFilename is the legacy config file name, supported as a fallback.
Variables ¶
This section is empty.
Functions ¶
func DockerVolumeName ¶ added in v0.3.0
DockerVolumeName returns the Docker volume name for an agent volume. Format: moat_<agentName>_<volumeName>
func VolumeDir ¶ added in v0.3.0
VolumeDir returns the host directory for an agent volume. Path: ~/.moat/volumes/<agentName>/<volumeName>/
Callers must create the directory before mounting:
volDir := config.VolumeDir(agentName, volumeName)
if err := os.MkdirAll(volDir, 0755); err != nil { ... }
See internal/run/manager.go for usage.
Types ¶
type ClaudeConfig ¶
type ClaudeConfig struct {
// BaseURL sets ANTHROPIC_BASE_URL inside the container, redirecting Claude
// Code API traffic through a host-side LLM proxy (e.g., Headroom).
// Traffic is routed through a relay endpoint on the Moat proxy, which
// forwards to the configured URL with credentials injected. Localhost
// URLs work because the relay runs on the host.
BaseURL string `yaml:"base_url,omitempty"`
// SyncLogs enables mounting Claude's session logs directory so logs from
// inside the container appear on the host at the correct project location.
// Default: false, unless the "anthropic" grant is configured (then true).
SyncLogs *bool `yaml:"sync_logs,omitempty"`
// Plugins enables or disables specific plugins for this run.
// Keys are in format "plugin-name@marketplace", values are true/false.
Plugins map[string]bool `yaml:"plugins,omitempty"`
// Marketplaces defines additional plugin marketplaces for this run.
Marketplaces map[string]MarketplaceSpec `yaml:"marketplaces,omitempty"`
// MCP defines MCP (Model Context Protocol) server configurations.
MCP map[string]MCPServerSpec `yaml:"mcp,omitempty"`
}
ClaudeConfig configures Claude Code integration options.
type CodexConfig ¶
type CodexConfig struct {
// SyncLogs enables mounting Codex's session logs directory so logs from
// inside the container appear on the host at the correct project location.
// Default: false, unless the "openai" grant is configured (then true).
SyncLogs *bool `yaml:"sync_logs,omitempty"`
// MCP defines MCP (Model Context Protocol) server configurations.
MCP map[string]MCPServerSpec `yaml:"mcp,omitempty"`
}
CodexConfig configures OpenAI Codex CLI integration options.
type Config ¶
type Config struct {
Name string `yaml:"name,omitempty"`
Agent string `yaml:"agent"`
Version string `yaml:"version,omitempty"`
Dependencies []string `yaml:"dependencies,omitempty"`
Grants []string `yaml:"grants,omitempty"`
Env map[string]string `yaml:"env,omitempty"`
Secrets map[string]string `yaml:"secrets,omitempty"`
Mounts []string `yaml:"mounts,omitempty"`
Ports map[string]int `yaml:"ports,omitempty"`
Network NetworkConfig `yaml:"network,omitempty"`
Command []string `yaml:"command,omitempty"`
Claude ClaudeConfig `yaml:"claude,omitempty"`
Codex CodexConfig `yaml:"codex,omitempty"`
Gemini GeminiConfig `yaml:"gemini,omitempty"`
Interactive bool `yaml:"interactive,omitempty"`
Snapshots SnapshotConfig `yaml:"snapshots,omitempty"`
Tracing TracingConfig `yaml:"tracing,omitempty"`
Hooks HooksConfig `yaml:"hooks,omitempty"`
// Sandbox configures container sandboxing.
// "none" disables gVisor sandbox (Docker only).
// Empty string or omitted uses default (gVisor enabled).
Sandbox string `yaml:"sandbox,omitempty"`
// Runtime forces a specific container runtime ("docker" or "apple").
// If not set, moat auto-detects the best available runtime.
// Useful when agent needs docker:dind on macOS (Apple containers can't run dind).
Runtime string `yaml:"runtime,omitempty"`
Volumes []VolumeConfig `yaml:"volumes,omitempty"`
Container ContainerConfig `yaml:"container,omitempty"`
MCP []MCPServerConfig `yaml:"mcp,omitempty"`
Services map[string]ServiceSpec `yaml:"services,omitempty"`
LanguageServers []string `yaml:"language_servers,omitempty"`
// Deprecated: old runtime field for language versions
DeprecatedRuntime *deprecatedRuntime `yaml:"-"`
}
Config represents a moat.yaml manifest.
func Load ¶
Load reads moat.yaml (or agent.yaml as fallback) from the given directory. Returns nil, nil if neither file exists.
func (*Config) ShouldSyncClaudeLogs ¶
ShouldSyncClaudeLogs returns true if Claude session logs should be synced. The logic is: - If claude.sync_logs is explicitly set, use that value - Otherwise, enable sync_logs if "anthropic" is in grants (Claude Code integration)
func (*Config) ShouldSyncCodexLogs ¶
ShouldSyncCodexLogs returns true if Codex session logs should be synced. The logic is: - If codex.sync_logs is explicitly set, use that value - Otherwise, enable sync_logs if "openai" is in grants (Codex integration)
func (*Config) ShouldSyncGeminiLogs ¶
ShouldSyncGeminiLogs returns true if Gemini session logs should be synced. The logic is: - If gemini.sync_logs is explicitly set, use that value - Otherwise, enable sync_logs if "gemini" is in grants (Gemini integration)
func (*Config) ValidateServices ¶
ValidateServices checks that services: keys correspond to declared service dependencies.
type ContainerConfig ¶
type ContainerConfig struct {
// Memory specifies the memory limit in megabytes.
// Applies to both Docker and Apple containers.
// If not set, Apple containers default to 8192 MB (8 GB) for AI agent
// runs (claude/codex/gemini), or 4096 MB (4 GB) otherwise.
// Docker containers have no default limit.
//
// Example:
// container:
// memory: 8192 # 8 GB
Memory int `yaml:"memory,omitempty"`
// CPUs specifies the number of CPUs.
// Applies to both Docker and Apple containers.
// If not set, uses runtime defaults.
//
// Example:
// container:
// cpus: 8
CPUs int `yaml:"cpus,omitempty"`
// DNS specifies DNS servers for both runtime containers and builders.
// Applies to both Docker and Apple containers.
// If not set, defaults to ["8.8.8.8", "8.8.4.4"] (Google DNS).
//
// Example:
// container:
// dns: ["192.168.1.1", "1.1.1.1"]
//
// Note: Using public DNS will send queries to that provider,
// potentially leaking information about your dependencies and internal services.
DNS []string `yaml:"dns,omitempty"`
}
ContainerConfig configures container resource limits and settings. These settings apply to both Docker and Apple container runtimes.
type DebugConfig ¶
type DebugConfig struct {
RetentionDays int `yaml:"retention_days"`
}
DebugConfig holds debug logging settings.
type GeminiConfig ¶
type GeminiConfig struct {
// SyncLogs enables mounting Gemini's session logs directory so logs from
// inside the container appear on the host at the correct project location.
// Default: false, unless the "gemini" grant is configured (then true).
SyncLogs *bool `yaml:"sync_logs,omitempty"`
// MCP defines MCP (Model Context Protocol) server configurations.
MCP map[string]MCPServerSpec `yaml:"mcp,omitempty"`
}
GeminiConfig configures Google Gemini CLI integration options.
type GlobalConfig ¶
type GlobalConfig struct {
Proxy ProxyConfig `yaml:"proxy"`
Debug DebugConfig `yaml:"debug"`
}
GlobalConfig holds global Moat settings from ~/.moat/config.yaml.
func DefaultGlobalConfig ¶
func DefaultGlobalConfig() *GlobalConfig
DefaultGlobalConfig returns the default global configuration.
func LoadGlobal ¶
func LoadGlobal() (*GlobalConfig, error)
LoadGlobal reads ~/.moat/config.yaml and applies environment overrides.
type HooksConfig ¶
type HooksConfig struct {
// PostBuild runs as the container user (moatuser) during image build,
// after all dependencies are installed. Baked into image layers and cached.
// Use for user-level image setup like configuring git defaults.
PostBuild string `yaml:"post_build,omitempty"`
// PostBuildRoot runs as root during image build, after all dependencies
// are installed. Baked into image layers and cached.
// Use for system-level setup like installing packages or kernel tuning.
PostBuildRoot string `yaml:"post_build_root,omitempty"`
// PreRun runs as the container user (moatuser) in /workspace on every
// container start, before the main command. Use for workspace-level
// setup that needs project files (e.g., "npm install").
PreRun string `yaml:"pre_run,omitempty"`
}
HooksConfig configures lifecycle hooks that run at different stages.
type MCPAuthConfig ¶
MCPAuthConfig defines authentication for an MCP server. It specifies which grant credential to use and which HTTP header to inject it into when proxying requests to the MCP server.
type MCPServerConfig ¶
type MCPServerConfig struct {
Name string `yaml:"name"`
URL string `yaml:"url"`
Auth *MCPAuthConfig `yaml:"auth,omitempty"`
}
MCPServerConfig defines a remote MCP server configuration for top-level MCP servers in moat.yaml. It specifies the server name, URL endpoint, and optional authentication settings for credential injection.
type MCPServerSpec ¶
type MCPServerSpec struct {
// Command is the executable to run
Command string `yaml:"command"`
// Args are command-line arguments
Args []string `yaml:"args,omitempty"`
// Env are environment variables for the server
// Supports ${secrets.NAME} syntax for secret references
Env map[string]string `yaml:"env,omitempty"`
// Grant specifies a credential grant to inject (e.g., "github", "anthropic")
Grant string `yaml:"grant,omitempty"`
// Cwd is the working directory for the server
Cwd string `yaml:"cwd,omitempty"`
}
MCPServerSpec defines an MCP server configuration.
type MarketplaceSpec ¶
type MarketplaceSpec struct {
// Source is the type of marketplace: "github", "git", or "directory"
Source string `yaml:"source"`
// Repo is the GitHub repository in "owner/repo" format (for source: github)
Repo string `yaml:"repo,omitempty"`
// URL is the git URL (for source: git)
// Supports both HTTPS (https://github.com/org/repo.git) and
// SSH (git@github.com:org/repo.git) URLs
URL string `yaml:"url,omitempty"`
// Path is the local directory path (for source: directory)
Path string `yaml:"path,omitempty"`
// Ref is the git branch, tag, or commit to use (optional)
Ref string `yaml:"ref,omitempty"`
}
MarketplaceSpec defines a plugin marketplace source.
type Mount ¶
Mount represents a volume mount.
func ParseMount ¶
ParseMount parses a mount string like "./data:/data:ro".
type NetworkConfig ¶
type NetworkConfig struct {
Policy string `yaml:"policy,omitempty"` // "permissive" or "strict", default "permissive"
Allow []string `yaml:"allow,omitempty"` // allowed host patterns
}
NetworkConfig configures network access policies for the agent.
type ProxyConfig ¶
type ProxyConfig struct {
Port int `yaml:"port"`
}
ProxyConfig holds reverse proxy settings.
type ServiceSpec ¶
type ServiceSpec struct {
Env map[string]string `yaml:"env,omitempty"`
Image string `yaml:"image,omitempty"`
Wait *bool `yaml:"wait,omitempty"`
}
ServiceSpec allows customizing service behavior.
func (ServiceSpec) ServiceWait ¶
func (s ServiceSpec) ServiceWait() bool
ServiceWait returns whether to wait for this service to be ready (default: true).
type SnapshotConfig ¶
type SnapshotConfig struct {
Disabled bool `yaml:"disabled,omitempty"`
Triggers SnapshotTriggerConfig `yaml:"triggers,omitempty"`
Exclude SnapshotExcludeConfig `yaml:"exclude,omitempty"`
Retention SnapshotRetentionConfig `yaml:"retention,omitempty"`
}
SnapshotConfig configures workspace snapshots.
type SnapshotExcludeConfig ¶
type SnapshotExcludeConfig struct {
IgnoreGitignore bool `yaml:"ignore_gitignore,omitempty"`
Additional []string `yaml:"additional,omitempty"`
}
SnapshotExcludeConfig configures what to exclude from snapshots.
type SnapshotRetentionConfig ¶
type SnapshotRetentionConfig struct {
MaxCount int `yaml:"max_count,omitempty"`
DeleteInitial bool `yaml:"delete_initial,omitempty"`
}
SnapshotRetentionConfig configures snapshot retention.
type SnapshotTriggerConfig ¶
type SnapshotTriggerConfig struct {
DisablePreRun bool `yaml:"disable_pre_run,omitempty"`
DisableGitCommits bool `yaml:"disable_git_commits,omitempty"`
DisableBuilds bool `yaml:"disable_builds,omitempty"`
DisableIdle bool `yaml:"disable_idle,omitempty"`
IdleThresholdSeconds int `yaml:"idle_threshold_seconds,omitempty"`
}
SnapshotTriggerConfig configures when snapshots are created.
type TracingConfig ¶
type TracingConfig struct {
DisableExec bool `yaml:"disable_exec,omitempty"`
}
TracingConfig configures execution tracing.
type VolumeConfig ¶ added in v0.3.0
type VolumeConfig struct {
Name string `yaml:"name"`
Target string `yaml:"target"`
ReadOnly bool `yaml:"readonly,omitempty"`
}
VolumeConfig defines a named volume to mount inside the container. Volumes are managed by moat and persist across runs for the same agent name.
Source Files