Documentation
¶
Overview ¶
Package config loads RiskKernel's daemon configuration from the environment and an optional .env file. Secrets (provider API keys, the API token) come only from here — never from the SQLite state, never logged, never committed.
Index ¶
Constants ¶
View Source
const ( SafeDefaultDollars = 5.00 // max $ per run SafeDefaultLoops = 100 // max loop iterations per run SafeDefaultSeconds = 3600 // max wall-clock per run (1h) )
Safe default budget, applied only when the user configures no default budget at all (none of the RISKKERNEL_DEFAULT_* variables set). A reliability runtime must be safe out of the box — an unconfigured daemon should never allow an unbounded run. Setting ANY RISKKERNEL_DEFAULT_* variable — even to 0 (unlimited) — is an explicit choice and disables these entirely.
View Source
const DefaultPort = 7070
DefaultPort is the daemon's default listen port.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ApprovalConfig ¶
type ApprovalConfig struct {
// DefaultSafe requires approval for any side-effecting tool call not otherwise
// allowed. Read from RISKKERNEL_APPROVAL_DEFAULT_SAFE (default true — fail
// closed on side effects).
DefaultSafe bool
// WebhookURL, if set, receives a JSON POST when an approval becomes pending.
// Read from RISKKERNEL_APPROVAL_WEBHOOK. User-configured egress only.
WebhookURL string
// SlackBotToken (xoxb-…) and SlackChannel enable the Slack approval channel:
// a pending approval is posted to the channel with Approve/Deny buttons. Read
// from RISKKERNEL_APPROVAL_SLACK_BOT_TOKEN / RISKKERNEL_APPROVAL_SLACK_CHANNEL.
// The bot token is a secret — never logged.
SlackBotToken string
SlackChannel string
// SlackSigningSecret verifies the interaction Slack sends when a button is
// clicked (the inbound endpoint is authenticated by this, not the API token).
// Read from RISKKERNEL_APPROVAL_SLACK_SIGNING_SECRET. A secret — never logged.
SlackSigningSecret string
}
ApprovalConfig configures the human-in-the-loop approval gate.
type BudgetConfig ¶
type BudgetConfig struct {
Tokens int64 // RISKKERNEL_DEFAULT_TOKENS
Dollars float64 // RISKKERNEL_DEFAULT_DOLLARS
Loops int32 // RISKKERNEL_DEFAULT_LOOPS
Seconds int32 // RISKKERNEL_DEFAULT_SECONDS
// Defaulted is true when no RISKKERNEL_DEFAULT_* variable was set and the
// safe defaults were applied. Used for the prominent startup log only —
// enforcement treats the values identically.
Defaulted bool
}
BudgetConfig holds raw budget values (no governor dependency here so config stays a leaf package). Zero in any field means unlimited for that dimension.
type Config ¶
type Config struct {
// Port is the HTTP listen port. Env: RISKKERNEL_PORT (default 7070).
Port int
// DataDir is where the SQLite state file lives. Env: RISKKERNEL_DATA_DIR
// (default "./data"). The file in here is the one the user owns.
DataDir string
// APIToken is the single-tenant bearer token guarding the API. Env:
// RISKKERNEL_API_TOKEN. Empty means auth is disabled (local-only use).
APIToken string
// DefaultProvider selects which provider unspecified requests route to.
// Env: RISKKERNEL_DEFAULT_PROVIDER (default "anthropic").
DefaultProvider string
// Provider API keys. Each is read from its conventional env var so existing
// setups need no change. Never stored or logged.
AnthropicAPIKey string // ANTHROPIC_API_KEY
OpenAIAPIKey string // OPENAI_API_KEY
// Provider upstream-base overrides — point RiskKernel's provider at a gateway,
// a corporate proxy, or a local mock. RiskKernel-namespaced on purpose: the
// bare OPENAI_BASE_URL / ANTHROPIC_BASE_URL are what a caller sets to point
// *at* RiskKernel, so reusing them here would collide (RiskKernel forwarding to
// itself in a shared shell). Empty uses the provider's default endpoint.
AnthropicBaseURL string // RISKKERNEL_ANTHROPIC_BASE_URL
OpenAIBaseURL string // RISKKERNEL_OPENAI_BASE_URL
// DefaultBudget is applied to runs created without an explicit budget — e.g.
// proxy calls that supply only a run-id. Any zero field is unlimited. When no
// RISKKERNEL_DEFAULT_* variable is set at all, conservative safe defaults are
// applied instead (see SafeDefault*) and Defaulted is true.
DefaultBudget BudgetConfig
// PricingFile is an optional JSON file of model→rate overrides for the token→$
// table — the dollar budget's basis. It lets prices stay current as providers
// change them without recompiling. Empty uses the built-in list prices only.
// Read from RISKKERNEL_PRICING_FILE.
PricingFile string
// PolicyFile is an optional riskkernel.yaml of named policy bundles, registered
// into the store on startup — policy-as-code reviewable in PRs. Empty disables
// it. Read from RISKKERNEL_POLICY_FILE.
PolicyFile string
// OTel configures OpenTelemetry GenAI span export (Surface 3). Disabled unless
// an endpoint is set — RiskKernel never emits telemetry unless the user points
// it at their own OTLP backend.
OTel OTelConfig
// Approval configures the human-in-the-loop gate.
Approval ApprovalConfig
// MCP configures the MCP gateway (tool governance). Disabled unless an upstream
// MCP server URL is set.
MCP MCPConfig
// Memory configures the git-native memory layer.
Memory MemoryConfig
}
Config is the resolved daemon configuration. Field documentation notes the environment variable each value is read from.
type MCPConfig ¶
type MCPConfig struct {
// Upstream is the real MCP server's HTTP endpoint. Empty disables the gateway.
// Read from RISKKERNEL_MCP_UPSTREAM.
Upstream string
// Allowlist limits which tools may be called (exact name or glob). Empty means
// all tools are allowed. Read from RISKKERNEL_MCP_ALLOWLIST (comma-separated).
Allowlist []string
// ReadOnly names tools that are read-only and therefore never require approval.
// Everything else is treated as side-effecting. Read from
// RISKKERNEL_MCP_READONLY (comma-separated).
ReadOnly []string
// ApprovalTimeoutSeconds bounds how long a gated tools/call waits for a human.
// Read from RISKKERNEL_MCP_APPROVAL_TIMEOUT (default 110, under the server
// write timeout).
ApprovalTimeoutSeconds int
}
MCPConfig configures the MCP gateway: a JSON-RPC reverse proxy in front of an upstream MCP server that governs tools/call.
type MemoryConfig ¶
type MemoryConfig struct {
// Dir is the root memory directory (user-owned, git-native). Read from
// RISKKERNEL_MEMORY_DIR (default "./memory").
Dir string
// Embeddings enables a semantic index. OFF by default and NOT implemented in
// v0.1 — retrieval is deterministic keyword/path search (no vector DB). The
// flag exists so the default posture is explicit. Read from
// RISKKERNEL_MEMORY_EMBEDDINGS (default false).
Embeddings bool
}
MemoryConfig configures the git-native memory layer: a user-owned directory of markdown/YAML the agent reads, plus episodic facts in SQLite.
type OTelConfig ¶
type OTelConfig struct {
// Endpoint is the OTLP endpoint. Empty disables export entirely. Read from
// OTEL_EXPORTER_OTLP_TRACES_ENDPOINT, then OTEL_EXPORTER_OTLP_ENDPOINT.
Endpoint string
// Protocol is "grpc" (default) or "http" (a.k.a. "http/protobuf"). Read from
// OTEL_EXPORTER_OTLP_PROTOCOL.
Protocol string
// Insecure disables TLS. Defaults true for http:// endpoints, else read from
// OTEL_EXPORTER_OTLP_INSECURE.
Insecure bool
// ServiceName tags exported spans. Read from OTEL_SERVICE_NAME (default
// "riskkernel").
ServiceName string
// Headers are sent on every OTLP export request, used to authenticate to a
// backend that requires it (e.g. `authorization=Bearer …`, or Honeycomb's
// `x-honeycomb-team`). Read from OTEL_EXPORTER_OTLP_TRACES_HEADERS, then
// OTEL_EXPORTER_OTLP_HEADERS, as a comma-separated list of key=value pairs.
// Carries secrets — never logged.
Headers map[string]string
}
OTelConfig configures OTLP trace export, using standard OpenTelemetry env vars so existing setups need no new configuration.
Source Files
Click to show internal directories.
Click to hide internal directories.