Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func BuildLocalK8sConfig ¶ added in v0.21.0
BuildLocalK8sConfig creates a Kubernetes config for local cluster access
Types ¶
type AuditConfig ¶ added in v0.8.0
type Config ¶
type Config struct {
HTTPListenPort int `usage:"HTTP port to listen on" default:"8080" name:"http-listen-port"`
DevMode bool `usage:"Enable development mode" default:"false" name:"dev-mode" env:"OBOT_DEV_MODE"`
DevUIPort int `usage:"The port on localhost running the dev instance of the UI" default:"5174"`
UserUIPort int `usage:"The port on localhost running the user production instance of the UI" env:"OBOT_SERVER_USER_UI_PORT"`
AllowedOrigin string `usage:"Allowed origin for CORS"`
ProviderRegistries []string `usage:"Local filesystem paths to provider registries (directories) to load providers from"`
ElectionFile string `usage:"Use this file for leader election instead of database leases"`
EnableAuthentication bool `usage:"Enable authentication" default:"false"`
ForceEnableBootstrap bool `usage:"Enables the bootstrap user even if other admin users have been created" default:"false"`
AuthAdminEmails []string `usage:"Emails of admin users"`
AuthOwnerEmails []string `usage:"Emails of owner users"`
StaticDir string `usage:"The directory to serve static files from"`
DefaultMCPCatalogPath string `usage:"The path to the default MCP catalog (accessible to all users)" default:""`
DefaultSystemMCPCatalogPath string `usage:"The path to the default System MCP catalog" default:""`
DefaultSkillRepoURL string `` /* 151-byte string literal not displayed */
DefaultSkillRepoRef string `usage:"The ref (branch/tag) for the default skill repository" default:"" env:"OBOT_DEFAULT_SKILL_REPO_REF"`
DisableUpdateCheck bool `usage:"Disable Obot server update checks"`
EnableRegistryAuth bool `usage:"Enable authentication for the MCP registry API" default:"false" env:"OBOT_SERVER_ENABLE_REGISTRY_AUTH"`
EnableMessagePolicies bool `usage:"Enable message policies for LLM proxy content enforcement" default:"false"`
EnableAgents *bool `` /* 272-byte string literal not displayed */
MCPOAuthClientExpiration string `` /* 158-byte string literal not displayed */
MCPServerSearchImage string `usage:"Container image for the obot MCP server" default:"ghcr.io/obot-platform/obot-mcp-server:v0.2.0"`
NanobotAgentImage string `usage:"Container image for the Nanobot agent MCP server" default:"ghcr.io/obot-platform/nanobot-agent:v0.0.84"`
MCPNetworkPolicyProviderChartRepo string `usage:"Helm repository URL for the network policy provider chart"`
MCPNetworkPolicyProviderChartName string `usage:"Helm chart name for the network policy provider chart"`
MCPNetworkPolicyProviderChartVersion string `usage:"Helm chart version for the network policy provider chart"`
MCPNetworkPolicyProviderChartPath string `usage:"Local filesystem path to the network policy provider chart"`
MCPNetworkPolicyProviderValues string `usage:"YAML or JSON values blob merged into the network policy provider chart values"`
MCPDefaultDenyAllEgress bool `usage:"Default new MCP servers to deny all egress when network policy enforcement is enabled" default:"false"`
// Published artifact storage
ArtifactStorageProvider string `` /* 143-byte string literal not displayed */
ArtifactStorageBucket string `usage:"Bucket for published artifacts" name:"artifact-storage-bucket" env:"OBOT_ARTIFACT_STORAGE_BUCKET"`
ArtifactS3Region string `usage:"S3 region for artifact storage" name:"artifact-s3-region" env:"OBOT_ARTIFACT_S3_REGION"`
ArtifactS3AccessKeyID string `usage:"S3 access key ID for artifact storage" name:"artifact-s3-access-key-id" env:"OBOT_ARTIFACT_S3_ACCESS_KEY_ID"`
ArtifactS3SecretAccessKey string `` /* 127-byte string literal not displayed */
ArtifactS3Endpoint string `usage:"Custom S3 endpoint for artifact storage" name:"artifact-s3-endpoint" env:"OBOT_ARTIFACT_S3_ENDPOINT"`
ArtifactGCSServiceAccountJSON string `` /* 185-byte string literal not displayed */
ArtifactAzureStorageAccount string `` /* 135-byte string literal not displayed */
ArtifactAzureTenantID string `usage:"Azure tenant ID for artifact storage" name:"artifact-azure-tenant-id" env:"OBOT_ARTIFACT_AZURE_TENANT_ID"`
ArtifactAzureClientID string `usage:"Azure client ID for artifact storage" name:"artifact-azure-client-id" env:"OBOT_ARTIFACT_AZURE_CLIENT_ID"`
ArtifactAzureClientSecret string `usage:"Azure client secret for artifact storage" name:"artifact-azure-client-secret" env:"OBOT_ARTIFACT_AZURE_CLIENT_SECRET"`
GatewayConfig
EncryptionConfig
MetricsAuthConfig
AuditConfig
RateLimiterConfig
MCPConfig
KeygenConfig
services.Config
}
type EncryptionConfig ¶ added in v0.8.0
type EncryptionConfig encryption.Options
type GatewayConfig ¶
type KeygenConfig ¶
type MetricsAuthConfig ¶ added in v0.17.0
type MetricsAuthConfig struct {
MetricsBearerToken string `usage:"Bearer token for metrics endpoint authentication" name:"metrics-bearer-token"`
}
type RateLimiterConfig ¶ added in v0.8.0
type RateLimiterConfig ratelimiter.Options
type Services ¶
type Services struct {
EncryptionConfig *encryptionconfig.EncryptionConfiguration
ProviderRegistryPaths []string
ServerURL string
InternalServerURL string
DevUIPort int
UserUIPort int
HTTPListenPort int
StorageClient storage.Client
Router *router.Router
PersistentTokenServer *persistent.TokenService
APIServer *server.Server
GatewayServer *gserver.Server
GatewayClient *client.Client
ProxyManager *proxy.Manager
ProviderDispatcher *dispatcher.Dispatcher
Bootstrapper *bootstrap.Bootstrap
AuthEnabled bool
DefaultMCPCatalogPath string
DefaultSystemMCPCatalogPath string
DefaultSkillRepoURL string
DefaultSkillRepoRef string
Otel *Otel
AuditLogger audit.Logger
PostgresDSN string
// Used for indexed lookups of access control rules.
AccessControlRuleHelper *accesscontrolrule.Helper
// Used for indexed lookups of model access policies.
ModelAccessPolicyHelper *modelaccesspolicy.Helper
// Used for indexed lookups of skill access rules.
SkillAccessRuleHelper *skillaccessrule.Helper
WebhookHelper *mcp.WebhookHelper
MCPSessionManager *mcp.SessionManager
// Global token storage client for MCP OAuth
MCPOAuthTokenStorage mcp.GlobalTokenStore
// OAuth configuration
OAuthServerConfig handlers.OAuthAuthorizationServerConfig
MCPOAuthClientSecretExpiration time.Duration
// LocalK8sClient is a kclient for the local Kubernetes cluster — the
// cluster the obot pod runs in, where source Secrets for
// secretBindings live. Nil on the docker backend.
LocalK8sClient kclient.Client
// LocalK8sConfig is the Kubernetes config for the MCP runtime cluster.
LocalK8sConfig *rest.Config
LocalRouter *router.Router
MCPServerNamespace string
ServiceAccountIssuerURL string
ServiceAccountIssuerError string
MCPClusterDomain string
ServiceName string
ServiceNamespace string
ServiceAccountName string
StorageListenPort int
// ObotNamespace is the Kubernetes namespace in which the obot server
// runs; mcp.MergeBoundCreds reads source Secrets from here.
ObotNamespace string
// Parsed settings from Helm for k8s to pass to controller
// PodSchedulingSettingsFromHelm contains affinity, tolerations, resources, runtimeClassName
// when explicitly set via Helm. If non-nil, SetViaHelm=true and UI cannot modify these.
PodSchedulingSettingsFromHelm *v1.K8sSettingsSpec
// PSASettingsFromHelm contains Pod Security Admission settings, always sourced from
// environment/Helm config and not modifiable via UI.
PSASettingsFromHelm *v1.PodSecurityAdmissionSettings
DisableUpdateCheck bool
MCPRuntimeBackend string
MCPImagePullSecrets []string
MCPRemoteShimBaseImage string
MCPHTTPWebhookBaseImage string
RegistryNoAuth bool
MessagePoliciesEnabled bool
EnableAgents *bool
MCPNetworkPolicyEnabled bool
MCPDefaultDenyAllEgress bool
MCPServerSearchImage string
NanobotAgentImage string
MCPNetworkPolicyProviderChartRepo string
MCPNetworkPolicyProviderChartName string
MCPNetworkPolicyProviderChartVersion string
MCPNetworkPolicyProviderChartPath string
MCPNetworkPolicyProviderValues string
SingleUserIdleServerShutdownInterval time.Duration
MultiUserIdleServerShutdownInterval time.Duration
AgentIdleServerShutdownInterval time.Duration
// Published artifact blob storage
ArtifactBlobStore blob.BlobStore
ArtifactBlobBucket string
// License provider
LicenseProvider *license.KeygenProvider
}
Source Files
Click to show internal directories.
Click to hide internal directories.