Documentation
¶
Index ¶
- Constants
- func IngestAccessLog(ctx context.Context, s store.Store, logEntry *accesslogs.AccessLogEntry) error
- func SynthesizeServiceForDomain(ctx context.Context, s store.Store, domain string) (*rpservice.Service, error)
- func SynthesizeServices(ctx context.Context, s store.Store, accountID string) ([]*rpservice.Service, error)
- func SynthesizeServicesForCluster(ctx context.Context, s store.Store, clusterAddr string) ([]*rpservice.Service, error)
- type Manager
- type MergedBudget
- type MergedBudgetWindow
- type MergedGuardrails
- type MergedPromptCapture
- type MergedRetention
- type MergedTokenLimits
- type MergedTokenWindow
- type PolicySelectionInput
- type PolicySelectionResult
- type RecordUsageInput
Constants ¶
const SynthesizedServiceIDPrefix = "agent-net-svc-"
SynthesizedServiceIDPrefix prefixes the in-memory ID of every reverse-proxy service synthesised from Agent Network state. One synthesised service exists per (account, cluster); the suffix is the account ID so the proxy can dedup mappings cleanly.
Variables ¶
This section is empty.
Functions ¶
func IngestAccessLog ¶
func IngestAccessLog(ctx context.Context, s store.Store, logEntry *accesslogs.AccessLogEntry) error
IngestAccessLog flattens the metadata-bearing reverse-proxy access-log entry and persists it in the dedicated agent-network tables (instead of the shared reverse-proxy table), in two parts:
- The stripped usage record is written unconditionally — usage/cost is collected on every request regardless of the account's log-collection toggle (the proxy ships a usage-only entry when logging is disabled).
- The full access-log row (with request detail + prompt) is written only when the account's EnableLogCollection setting is on. This setting read is the authoritative gate; the proxy-side strip is defense in depth.
func SynthesizeServiceForDomain ¶
func SynthesizeServiceForDomain(ctx context.Context, s store.Store, domain string) (*rpservice.Service, error)
SynthesizeServiceForDomain resolves a single agent-network service by its public endpoint domain. It lists the (few) settings rows on the domain's cluster, matches the one whose endpoint equals the domain, and synthesises only that account — avoiding full per-account synthesis for every tenant on the cluster, which is what auth/session paths previously paid. Returns nil (no error) when no account owns the domain.
func SynthesizeServices ¶
func SynthesizeServices(ctx context.Context, s store.Store, accountID string) ([]*rpservice.Service, error)
SynthesizeServices builds the in-memory reverse-proxy service that fronts the account's agent-network gateway. Returns nil when the account has no settings row, no enabled providers, or no enabled policies — in any of those cases there's nothing useful to expose.
One service per (account, settings.Cluster) is emitted. The router middleware encodes a denormalised model→provider routing table (auth headers + decrypted API keys baked in); the policy_check middleware encodes per-provider authorised group IDs derived from the account's enabled policies.
Services are NEVER persisted — callers regenerate them on every network-map / proxy-mapping cycle from current state.
func SynthesizeServicesForCluster ¶
func SynthesizeServicesForCluster(ctx context.Context, s store.Store, clusterAddr string) ([]*rpservice.Service, error)
SynthesizeServicesForCluster walks every account's agent-network settings row pinned to clusterAddr and synthesises the per-account gateway service. Used by the proxy-mapping snapshot path where the connecting proxy has a specific cluster address and cares about every account that routes through it.
Returns nil (no error) when no settings row references the cluster. Per-account synthesis failures are skipped rather than dropping every account on the cluster.
Types ¶
type Manager ¶
type Manager interface {
GetAllProviders(ctx context.Context, accountID, userID string) ([]*types.Provider, error)
GetProvider(ctx context.Context, accountID, userID, providerID string) (*types.Provider, error)
CreateProvider(ctx context.Context, userID string, provider *types.Provider, bootstrapCluster string) (*types.Provider, error)
UpdateProvider(ctx context.Context, userID string, provider *types.Provider) (*types.Provider, error)
DeleteProvider(ctx context.Context, accountID, userID, providerID string) error
GetAllPolicies(ctx context.Context, accountID, userID string) ([]*types.Policy, error)
GetPolicy(ctx context.Context, accountID, userID, policyID string) (*types.Policy, error)
CreatePolicy(ctx context.Context, userID string, policy *types.Policy) (*types.Policy, error)
UpdatePolicy(ctx context.Context, userID string, policy *types.Policy) (*types.Policy, error)
DeletePolicy(ctx context.Context, accountID, userID, policyID string) error
GetAllGuardrails(ctx context.Context, accountID, userID string) ([]*types.Guardrail, error)
GetGuardrail(ctx context.Context, accountID, userID, guardrailID string) (*types.Guardrail, error)
CreateGuardrail(ctx context.Context, userID string, guardrail *types.Guardrail) (*types.Guardrail, error)
UpdateGuardrail(ctx context.Context, userID string, guardrail *types.Guardrail) (*types.Guardrail, error)
DeleteGuardrail(ctx context.Context, accountID, userID, guardrailID string) error
GetAllBudgetRules(ctx context.Context, accountID, userID string) ([]*types.AccountBudgetRule, error)
GetBudgetRule(ctx context.Context, accountID, userID, ruleID string) (*types.AccountBudgetRule, error)
CreateBudgetRule(ctx context.Context, userID string, rule *types.AccountBudgetRule) (*types.AccountBudgetRule, error)
UpdateBudgetRule(ctx context.Context, userID string, rule *types.AccountBudgetRule) (*types.AccountBudgetRule, error)
DeleteBudgetRule(ctx context.Context, accountID, userID, ruleID string) error
GetSettings(ctx context.Context, accountID, userID string) (*types.Settings, error)
UpdateSettings(ctx context.Context, userID string, settings *types.Settings) (*types.Settings, error)
ListConsumption(ctx context.Context, accountID, userID string) ([]*types.Consumption, error)
ListAccessLogs(ctx context.Context, accountID, userID string, filter types.AgentNetworkAccessLogFilter) ([]*types.AgentNetworkAccessLog, int64, error)
ListAccessLogSessions(ctx context.Context, accountID, userID string, filter types.AgentNetworkAccessLogFilter) ([]*types.AgentNetworkAccessLogSession, int64, error)
GetUsageOverview(ctx context.Context, accountID, userID string, filter types.AgentNetworkAccessLogFilter, granularity types.UsageGranularity) ([]*types.AgentNetworkUsageBucket, error)
StartAccessLogCleanup(ctx context.Context, cleanupIntervalHours int)
RecordConsumption(ctx context.Context, accountID string, kind types.ConsumptionDimension, dimID string, windowSeconds, tokensIn, tokensOut int64, costUSD float64) error
RecordAccountBudgetUsage(ctx context.Context, accountID, userID string, groupIDs []string, tokensIn, tokensOut int64, costUSD float64) error
RecordUsage(ctx context.Context, in RecordUsageInput) error
SelectPolicyForRequest(ctx context.Context, in PolicySelectionInput) (*PolicySelectionResult, error)
}
Manager governs the lifecycle of Agent Network providers and policies.
func NewManager ¶
func NewManager( store store.Store, permissionsManager permissions.Manager, accountManager account.Manager, proxyController proxy.Controller, ) Manager
NewManager constructs the persistent Agent Network manager. The manager persists provider/policy/guardrail configuration and, on every mutation, reconciles the in-memory synthesised reverse-proxy services with the proxy cluster via proxyController. Pass nil for proxyController to disable the reconcile push (useful in tests).
func NewManagerMock ¶
func NewManagerMock() Manager
NewManagerMock returns a no-op manager useful for tests.
type MergedBudget ¶
type MergedBudget struct {
Hourly *MergedBudgetWindow `json:"hourly,omitempty"`
Daily *MergedBudgetWindow `json:"daily,omitempty"`
Monthly *MergedBudgetWindow `json:"monthly,omitempty"`
}
type MergedBudgetWindow ¶
type MergedGuardrails ¶
type MergedGuardrails struct {
ModelAllowlist []string `json:"model_allowlist,omitempty"`
TokenLimits MergedTokenLimits `json:"token_limits"`
Budget MergedBudget `json:"budget"`
PromptCapture MergedPromptCapture `json:"prompt_capture"`
Retention MergedRetention `json:"retention"`
}
MergedGuardrails is the JSON shape passed to the proxy via the guardrail middleware's config_json. Mirrors the proxy-side expectations and is intentionally distinct from types.GuardrailChecks so we can evolve either side independently.
type MergedPromptCapture ¶
type MergedRetention ¶
type MergedTokenLimits ¶
type MergedTokenLimits struct {
Hourly *MergedTokenWindow `json:"hourly,omitempty"`
Daily *MergedTokenWindow `json:"daily,omitempty"`
Monthly *MergedTokenWindow `json:"monthly,omitempty"`
}
type MergedTokenWindow ¶
type PolicySelectionInput ¶
type PolicySelectionInput struct {
AccountID string
UserID string
GroupIDs []string
ProviderID string
}
PolicySelectionInput is the per-request selection envelope. The proxy populates it from CapturedData (account, user, groups) plus the provider llm_router resolved.
type PolicySelectionResult ¶
type PolicySelectionResult struct {
Allow bool
SelectedPolicyID string
AttributionGroupID string
WindowSeconds int64
DenyCode string
DenyReason string
}
PolicySelectionResult names the policy that "pays" for this request plus the deny envelope when every applicable policy has exhausted every cap. AttributionGroupID is the lowest group id (string sort) of caller_groups ∩ selected_policy.source_groups; empty when no group dimension applies. WindowSeconds is the chosen policy's effective window length in seconds (token_limit's wins when both halves are enabled with mismatched windows; budget_limit's otherwise; 0 when no caps are configured at all).
type RecordUsageInput ¶
type RecordUsageInput struct {
AccountID string
UserID string
AttributionGroupID string // selected policy's attribution group (policy window)
GroupIDs []string
WindowSeconds int64 // selected policy's window; 0 means no policy cap
TokensIn int64
TokensOut int64
CostUSD float64
}
RecordUsageInput carries everything RecordUsage books for one served request.
Source Files
¶
Directories
¶
| Path | Synopsis |
|---|---|
|
Package catalog defines the static set of Agent Network providers recognized by the management server.
|
Package catalog defines the static set of Agent Network providers recognized by the management server. |
|
Package handlers serves the Agent Network HTTP API.
|
Package handlers serves the Agent Network HTTP API. |
|
Package labelgen produces DNS-safe Agent Network subdomain labels.
|
Package labelgen produces DNS-safe Agent Network subdomain labels. |