Documentation
¶
Overview ¶
Package config loads RiskKernel's daemon configuration from the environment and an optional .env file. Secrets (provider API keys, the API token) come only from here — never from the SQLite state, never logged, never committed.
Index ¶
Constants ¶
const ( SafeDefaultDollars = 5.00 // max $ per run SafeDefaultLoops = 100 // max loop iterations per run SafeDefaultSeconds = 3600 // max wall-clock per run (1h) )
Safe default budget, applied only when the user configures no default budget at all (none of the RISKKERNEL_DEFAULT_* variables set). A reliability runtime must be safe out of the box — an unconfigured daemon should never allow an unbounded run. Setting ANY RISKKERNEL_DEFAULT_* variable — even to 0 (unlimited) — is an explicit choice and disables these entirely.
const DefaultPort = 7070
DefaultPort is the daemon's default listen port.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ApprovalConfig ¶
type ApprovalConfig struct {
// DefaultSafe requires approval for any side-effecting tool call not otherwise
// allowed. Read from RISKKERNEL_APPROVAL_DEFAULT_SAFE (default true — fail
// closed on side effects).
DefaultSafe bool
// WebhookURL, if set, receives a JSON POST when an approval becomes pending.
// Read from RISKKERNEL_APPROVAL_WEBHOOK. User-configured egress only.
WebhookURL string
}
ApprovalConfig configures the human-in-the-loop approval gate.
type BudgetConfig ¶
type BudgetConfig struct {
Tokens int64 // RISKKERNEL_DEFAULT_TOKENS
Dollars float64 // RISKKERNEL_DEFAULT_DOLLARS
Loops int32 // RISKKERNEL_DEFAULT_LOOPS
Seconds int32 // RISKKERNEL_DEFAULT_SECONDS
// Defaulted is true when no RISKKERNEL_DEFAULT_* variable was set and the
// safe defaults were applied. Used for the prominent startup log only —
// enforcement treats the values identically.
Defaulted bool
}
BudgetConfig holds raw budget values (no governor dependency here so config stays a leaf package). Zero in any field means unlimited for that dimension.
type Config ¶
type Config struct {
// Port is the HTTP listen port. Env: RISKKERNEL_PORT (default 7070).
Port int
// DataDir is where the SQLite state file lives. Env: RISKKERNEL_DATA_DIR
// (default "./data"). The file in here is the one the user owns.
DataDir string
// APIToken is the single-tenant bearer token guarding the API. Env:
// RISKKERNEL_API_TOKEN. Empty means auth is disabled (local-only use).
APIToken string
// DefaultProvider selects which provider unspecified requests route to.
// Env: RISKKERNEL_DEFAULT_PROVIDER (default "anthropic").
DefaultProvider string
// Provider API keys. Each is read from its conventional env var so existing
// setups need no change. Never stored or logged.
AnthropicAPIKey string // ANTHROPIC_API_KEY
OpenAIAPIKey string // OPENAI_API_KEY
// DefaultBudget is applied to runs created without an explicit budget — e.g.
// proxy calls that supply only a run-id. Any zero field is unlimited. When no
// RISKKERNEL_DEFAULT_* variable is set at all, conservative safe defaults are
// applied instead (see SafeDefault*) and Defaulted is true.
DefaultBudget BudgetConfig
// PricingFile is an optional JSON file of model→rate overrides for the token→$
// table — the dollar budget's basis. It lets prices stay current as providers
// change them without recompiling. Empty uses the built-in list prices only.
// Read from RISKKERNEL_PRICING_FILE.
PricingFile string
// OTel configures OpenTelemetry GenAI span export (Surface 3). Disabled unless
// an endpoint is set — RiskKernel never emits telemetry unless the user points
// it at their own OTLP backend.
OTel OTelConfig
// Approval configures the human-in-the-loop gate.
Approval ApprovalConfig
// MCP configures the MCP gateway (tool governance). Disabled unless an upstream
// MCP server URL is set.
MCP MCPConfig
// Memory configures the git-native memory layer.
Memory MemoryConfig
}
Config is the resolved daemon configuration. Field documentation notes the environment variable each value is read from.
type MCPConfig ¶
type MCPConfig struct {
// Upstream is the real MCP server's HTTP endpoint. Empty disables the gateway.
// Read from RISKKERNEL_MCP_UPSTREAM.
Upstream string
// Allowlist limits which tools may be called (exact name or glob). Empty means
// all tools are allowed. Read from RISKKERNEL_MCP_ALLOWLIST (comma-separated).
Allowlist []string
// ReadOnly names tools that are read-only and therefore never require approval.
// Everything else is treated as side-effecting. Read from
// RISKKERNEL_MCP_READONLY (comma-separated).
ReadOnly []string
// ApprovalTimeoutSeconds bounds how long a gated tools/call waits for a human.
// Read from RISKKERNEL_MCP_APPROVAL_TIMEOUT (default 110, under the server
// write timeout).
ApprovalTimeoutSeconds int
}
MCPConfig configures the MCP gateway: a JSON-RPC reverse proxy in front of an upstream MCP server that governs tools/call.
type MemoryConfig ¶
type MemoryConfig struct {
// Dir is the root memory directory (user-owned, git-native). Read from
// RISKKERNEL_MEMORY_DIR (default "./memory").
Dir string
// Embeddings enables a semantic index. OFF by default and NOT implemented in
// v0.1 — retrieval is deterministic keyword/path search (no vector DB). The
// flag exists so the default posture is explicit. Read from
// RISKKERNEL_MEMORY_EMBEDDINGS (default false).
Embeddings bool
}
MemoryConfig configures the git-native memory layer: a user-owned directory of markdown/YAML the agent reads, plus episodic facts in SQLite.
type OTelConfig ¶
type OTelConfig struct {
// Endpoint is the OTLP endpoint. Empty disables export entirely. Read from
// OTEL_EXPORTER_OTLP_TRACES_ENDPOINT, then OTEL_EXPORTER_OTLP_ENDPOINT.
Endpoint string
// Protocol is "grpc" (default) or "http" (a.k.a. "http/protobuf"). Read from
// OTEL_EXPORTER_OTLP_PROTOCOL.
Protocol string
// Insecure disables TLS. Defaults true for http:// endpoints, else read from
// OTEL_EXPORTER_OTLP_INSECURE.
Insecure bool
// ServiceName tags exported spans. Read from OTEL_SERVICE_NAME (default
// "riskkernel").
ServiceName string
}
OTelConfig configures OTLP trace export, using standard OpenTelemetry env vars so existing setups need no new configuration.
Source Files