services

package
v0.22.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 28, 2026 License: MIT Imports: 81 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func BuildLocalK8sConfig added in v0.21.0 

func BuildLocalK8sConfig() (*rest.Config, error)

Types

type AuditConfig added in v0.8.0 

type AuditConfig audit.Options

type Config 

type Config struct {
	HTTPListenPort       int      `usage:"HTTP port to listen on" default:"8080" name:"http-listen-port"`
	DevMode              bool     `usage:"Enable development mode" default:"false" name:"dev-mode" env:"OBOT_DEV_MODE"`
	DevUIPort            int      `usage:"The port on localhost running the dev instance of the UI" default:"5174"`
	UserUIPort           int      `usage:"The port on localhost running the user production instance of the UI" env:"OBOT_SERVER_USER_UI_PORT"`
	AllowedOrigin        string   `usage:"Allowed origin for CORS"`
	ToolRegistries       []string `usage:"The remote tool references to the set of gptscript tool registries to use" default:"github.com/obot-platform/tools"`
	EnvKeys              []string `usage:"The environment keys to pass through to the GPTScript server" env:"OBOT_ENV_KEYS"`
	ElectionFile         string   `usage:"Use this file for leader election instead of database leases"`
	EnableAuthentication bool     `usage:"Enable authentication" default:"false"`
	ForceEnableBootstrap bool     `usage:"Enables the bootstrap user even if other admin users have been created" default:"false"`
	AuthAdminEmails      []string `usage:"Emails of admin users"`
	AuthOwnerEmails      []string `usage:"Emails of owner users"`
	StaticDir            string   `usage:"The directory to serve static files from"`

	DefaultMCPCatalogPath                string `usage:"The path to the default MCP catalog (accessible to all users)" default:""`
	DefaultSystemMCPCatalogPath          string `usage:"The path to the default System MCP catalog" default:""`
	DefaultSkillRepoURL                  string `` /* 151-byte string literal not displayed */
	DefaultSkillRepoRef                  string `usage:"The ref (branch/tag) for the default skill repository" default:"" env:"OBOT_DEFAULT_SKILL_REPO_REF"`
	DisableUpdateCheck                   bool   `usage:"Disable Obot server update checks"`
	EnableRegistryAuth                   bool   `usage:"Enable authentication for the MCP registry API" default:"false" env:"OBOT_SERVER_ENABLE_REGISTRY_AUTH"`
	EnableMessagePolicies                bool   `usage:"Enable message policies for LLM proxy content enforcement" default:"false"`
	MCPOAuthClientExpiration             string `` /* 158-byte string literal not displayed */
	MCPServerSearchImage                 string `usage:"Container image for the obot MCP server" default:"ghcr.io/obot-platform/obot-mcp-server:v0.2.0"`
	NanobotAgentImage                    string `usage:"Container image for the Nanobot agent MCP server" default:"ghcr.io/obot-platform/nanobot-agent:v0.0.83"`
	MCPNetworkPolicyProviderChartRepo    string `usage:"Helm repository URL for the network policy provider chart"`
	MCPNetworkPolicyProviderChartName    string `usage:"Helm chart name for the network policy provider chart"`
	MCPNetworkPolicyProviderChartVersion string `usage:"Helm chart version for the network policy provider chart"`
	MCPNetworkPolicyProviderChartPath    string `usage:"Local filesystem path to the network policy provider chart"`
	MCPNetworkPolicyProviderValues       string `usage:"YAML or JSON values blob merged into the network policy provider chart values"`
	MCPDefaultDenyAllEgress              bool   `usage:"Default new MCP servers to deny all egress when network policy enforcement is enabled" default:"false"`

	// Published artifact storage
	ArtifactStorageProvider       string `` /* 143-byte string literal not displayed */
	ArtifactStorageBucket         string `usage:"Bucket for published artifacts" name:"artifact-storage-bucket" env:"OBOT_ARTIFACT_STORAGE_BUCKET"`
	ArtifactS3Region              string `usage:"S3 region for artifact storage" name:"artifact-s3-region" env:"OBOT_ARTIFACT_S3_REGION"`
	ArtifactS3AccessKeyID         string `usage:"S3 access key ID for artifact storage" name:"artifact-s3-access-key-id" env:"OBOT_ARTIFACT_S3_ACCESS_KEY_ID"`
	ArtifactS3SecretAccessKey     string `` /* 127-byte string literal not displayed */
	ArtifactS3Endpoint            string `usage:"Custom S3 endpoint for artifact storage" name:"artifact-s3-endpoint" env:"OBOT_ARTIFACT_S3_ENDPOINT"`
	ArtifactGCSServiceAccountJSON string `` /* 185-byte string literal not displayed */
	ArtifactAzureStorageAccount   string `` /* 135-byte string literal not displayed */
	ArtifactAzureTenantID         string `usage:"Azure tenant ID for artifact storage" name:"artifact-azure-tenant-id" env:"OBOT_ARTIFACT_AZURE_TENANT_ID"`
	ArtifactAzureClientID         string `usage:"Azure client ID for artifact storage" name:"artifact-azure-client-id" env:"OBOT_ARTIFACT_AZURE_CLIENT_ID"`
	ArtifactAzureClientSecret     string `usage:"Azure client secret for artifact storage" name:"artifact-azure-client-secret" env:"OBOT_ARTIFACT_AZURE_CLIENT_SECRET"`

	GatewayConfig
	EncryptionConfig
	MetricsAuthConfig
	AuditConfig
	RateLimiterConfig
	MCPConfig
	services.Config
}

type EncryptionConfig added in v0.8.0 

type EncryptionConfig encryption.Options

type GatewayConfig 

type GatewayConfig gserver.Options

type MCPConfig added in v0.8.0 

type MCPConfig mcp.Options

type MetricsAuthConfig added in v0.17.0 

type MetricsAuthConfig struct {
	MetricsBearerToken string `usage:"Bearer token for metrics endpoint authentication" name:"metrics-bearer-token"`
}

type Otel added in v0.8.0 

type Otel struct {
	// contains filtered or unexported fields
}

func (*Otel) Shutdown added in v0.8.0 

func (s *Otel) Shutdown(ctx context.Context) error

type RateLimiterConfig added in v0.8.0 

type RateLimiterConfig ratelimiter.Options

type Services 

type Services struct {
	EncryptionConfig *encryptionconfig.EncryptionConfiguration
	ToolRegistryURLs []string

	ServerURL             string
	InternalServerURL     string
	DevUIPort             int
	UserUIPort            int
	StorageClient         storage.Client
	Router                *router.Router
	GPTClient             *gptscript.GPTScript
	Invoker               *invoke.Invoker
	PersistentTokenServer *persistent.TokenService
	APIServer             *server.Server

	GatewayServer               *gserver.Server
	GatewayClient               *client.Client
	ProxyManager                *proxy.Manager
	ProviderDispatcher          *dispatcher.Dispatcher
	Bootstrapper                *bootstrap.Bootstrap
	AuthEnabled                 bool
	DefaultMCPCatalogPath       string
	DefaultSystemMCPCatalogPath string
	DefaultSkillRepoURL         string
	DefaultSkillRepoRef         string

	Otel        *Otel
	AuditLogger audit.Logger
	PostgresDSN string

	// Used for indexed lookups of access control rules.
	AccessControlRuleHelper *accesscontrolrule.Helper

	// Used for indexed lookups of model access policies.
	ModelAccessPolicyHelper *modelaccesspolicy.Helper

	// Used for indexed lookups of skill access rules.
	SkillAccessRuleHelper *skillaccessrule.Helper

	WebhookHelper *mcp.WebhookHelper

	// Used for loading and running MCP servers with GPTScript.
	MCPLoader *mcp.SessionManager

	// Global token storage client for MCP OAuth
	MCPOAuthTokenStorage mcp.GlobalTokenStore

	// OAuth configuration
	OAuthServerConfig              handlers.OAuthAuthorizationServerConfig
	MCPOAuthClientSecretExpiration time.Duration

	// LocalK8sConfig is the Kubernetes config for the MCP runtime cluster.
	LocalK8sConfig            *rest.Config
	MCPServerNamespace        string
	ServiceAccountIssuerURL   string
	ServiceAccountIssuerError string
	MCPClusterDomain          string
	ServiceName               string
	ServiceNamespace          string
	ServiceAccountName        string
	StorageListenPort         int

	// LocalK8sClient is a kclient for the local Kubernetes cluster — the
	// cluster the obot pod runs in, where source Secrets for
	// secretBindings live. Nil on the docker backend.
	LocalK8sClient kclient.Client

	// ObotNamespace is the Kubernetes namespace in which the obot server
	// runs; mcp.MergeBoundCreds reads source Secrets from here.
	ObotNamespace string

	// Parsed settings from Helm for k8s to pass to controller
	// PodSchedulingSettingsFromHelm contains affinity, tolerations, resources, runtimeClassName
	// when explicitly set via Helm. If non-nil, SetViaHelm=true and UI cannot modify these.
	PodSchedulingSettingsFromHelm *v1.K8sSettingsSpec
	// PSASettingsFromHelm contains Pod Security Admission settings, always sourced from
	// environment/Helm config and not modifiable via UI.
	PSASettingsFromHelm *v1.PodSecurityAdmissionSettings

	DisableUpdateCheck                   bool
	MCPRuntimeBackend                    string
	MCPImagePullSecrets                  []string
	MCPRemoteShimBaseImage               string
	MCPHTTPWebhookBaseImage              string
	RegistryNoAuth                       bool
	MessagePoliciesEnabled               bool
	MCPNetworkPolicyEnabled              bool
	MCPDefaultDenyAllEgress              bool
	MCPServerSearchImage                 string
	NanobotAgentImage                    string
	MCPNetworkPolicyProviderChartRepo    string
	MCPNetworkPolicyProviderChartName    string
	MCPNetworkPolicyProviderChartVersion string
	MCPNetworkPolicyProviderChartPath    string
	MCPNetworkPolicyProviderValues       string
	SingleUserIdleServerShutdownInterval time.Duration
	MultiUserIdleServerShutdownInterval  time.Duration
	AgentIdleServerShutdownInterval      time.Duration

	// Published artifact blob storage
	ArtifactBlobStore  blob.BlobStore
	ArtifactBlobBucket string
}

func New 

func New(ctx context.Context, config Config) (*Services, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.