config

package
v0.8.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 29, 2026 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Overview

Package config provides configuration types and validation for VirtualMCP.

Package config provides the configuration model for Virtual MCP Server.

This package defines a platform-agnostic configuration model that works for both CLI (YAML) and Kubernetes (CRD) deployments. Platform-specific adapters transform their native formats into this unified model.

Package config provides the configuration model for Virtual MCP Server.

Package config provides the configuration model for Virtual MCP Server.

+groupName=toolhive.stacklok.dev +versionName=config

Index

Constants

View Source 
const (
	WorkflowStepTypeToolCall    = "tool"
	WorkflowStepTypeElicitation = "elicitation"
)

Constants for workflow step types

View Source 
const (
	ErrorActionAbort    = "abort"
	ErrorActionContinue = "continue"
	ErrorActionRetry    = "retry"
)

Constants for error actions

View Source 
const (
	ElicitationResponseActionAbort         = "abort"
	ElicitationResponseActionContinue      = "continue"
	ElicitationResponseActionSkipRemaining = "skip_remaining"
)

Constants for elicitation response actions

View Source 
const (
	// TransportSSE is the Server-Sent Events transport protocol.
	TransportSSE = "sse"
	// TransportStreamableHTTP is the streamable HTTP transport protocol.
	TransportStreamableHTTP = "streamable-http"
)

Transport type constants for static backend configuration. These define the allowed network transport protocols for vMCP backends in static mode.

View Source 
const (
	IncomingAuthTypeOIDC      = "oidc"
	IncomingAuthTypeLocal     = "local"
	IncomingAuthTypeAnonymous = "anonymous"
)

Incoming auth type constants.

Variables

View Source 
var StaticModeAllowedTransports = []string{TransportSSE, TransportStreamableHTTP}

StaticModeAllowedTransports lists all transport types allowed for static backend configuration. This must be kept in sync with the CRD enum validation in StaticBackendConfig.Transport.

Functions

func IsValidToolReference added in v0.7.0 

func IsValidToolReference(tool string) bool

IsValidToolReference validates tool reference format. Accepts multiple formats:

  • "workload.tool_name" (semantic format specifying which backend's tool)
  • "workload_toolname" (aggregated format used with prefix conflict resolution)
  • "toolname" (simple format when there's no ambiguity)

func ValidateCompositeToolConfig added in v0.7.0 

func ValidateCompositeToolConfig(pathPrefix string, tool *CompositeToolConfig) error

ValidateCompositeToolConfig validates a CompositeToolConfig. This is the primary entry point for composite tool validation, used by both webhooks (VirtualMCPServer, VirtualMCPCompositeToolDefinition) and runtime validation.

func ValidateDefaultResultsForSteps added in v0.7.0 

func ValidateDefaultResultsForSteps(pathPrefix string, steps []WorkflowStepConfig, output *OutputConfig) error

ValidateDefaultResultsForSteps validates that defaultResults is specified for steps that: 1. May be skipped (have a condition or onError.action == "continue") 2. Are referenced by downstream steps

nolint:gocyclo // multiple passes of the workflow are required to validate references are safe.

func ValidateDependencyCycles added in v0.7.0 

func ValidateDependencyCycles(pathPrefix string, steps []WorkflowStepConfig) error

ValidateDependencyCycles validates that step dependencies don't create cycles.

func ValidateElicitationResponseHandler added in v0.7.0 

func ValidateElicitationResponseHandler(
	pathPrefix string, index int, handlerName string, handler *ElicitationResponseConfig,
) error

ValidateElicitationResponseHandler validates elicitation response handlers.

func ValidateJSONSchema added in v0.7.0 

func ValidateJSONSchema(schemaBytes []byte) error

ValidateJSONSchema validates that bytes contain a valid JSON Schema.

func ValidateParameters added in v0.7.0 

func ValidateParameters(pathPrefix string, params thvjson.Map) error

ValidateParameters validates the parameter schema (JSON Schema format).

func ValidateStepDependencies added in v0.7.0 

func ValidateStepDependencies(pathPrefix string, index int, step *WorkflowStepConfig, stepIDs map[string]bool) error

ValidateStepDependencies validates step dependencies reference existing steps.

func ValidateStepErrorHandling added in v0.7.0 

func ValidateStepErrorHandling(pathPrefix string, index int, onError *StepErrorHandling) error

ValidateStepErrorHandling validates error handling configuration.

func ValidateStepTemplates added in v0.7.0 

func ValidateStepTemplates(pathPrefix string, index int, step *WorkflowStepConfig) error

ValidateStepTemplates validates all template fields in a step.

func ValidateStepType added in v0.7.0 

func ValidateStepType(pathPrefix string, index int, step *WorkflowStepConfig) error

ValidateStepType validates step type and type-specific required fields.

func ValidateTemplate added in v0.7.0 

func ValidateTemplate(tmpl string) error

ValidateTemplate validates Go template syntax including custom functions. It uses the same FuncMap as the runtime template expander to ensure templates using json, quote, or fromJson are validated correctly.

func ValidateWorkflowStep added in v0.7.0 

func ValidateWorkflowStep(pathPrefix string, index int, step *WorkflowStepConfig, stepIDs map[string]bool) error

ValidateWorkflowStep validates a single workflow step.

func ValidateWorkflowSteps added in v0.7.0 

func ValidateWorkflowSteps(pathPrefix string, steps []WorkflowStepConfig) error

ValidateWorkflowSteps validates all workflow steps.

Types

type AggregationConfig 

type AggregationConfig struct {
	// ConflictResolution defines the strategy for resolving tool name conflicts.
	// - prefix: Automatically prefix tool names with workload identifier
	// - priority: First workload in priority order wins
	// - manual: Explicitly define overrides for all conflicts
	// +kubebuilder:validation:Enum=prefix;priority;manual
	// +kubebuilder:default=prefix
	// +optional
	ConflictResolution vmcp.ConflictResolutionStrategy `json:"conflictResolution" yaml:"conflictResolution"`

	// ConflictResolutionConfig provides configuration for the chosen strategy.
	// +optional
	ConflictResolutionConfig *ConflictResolutionConfig `json:"conflictResolutionConfig,omitempty" yaml:"conflictResolutionConfig,omitempty"` //nolint:lll

	// Tools defines per-workload tool filtering and overrides.
	// +optional
	Tools []*WorkloadToolConfig `json:"tools,omitempty" yaml:"tools,omitempty"`

	// ExcludeAllTools excludes all tools from aggregation when true.
	// +optional
	ExcludeAllTools bool `json:"excludeAllTools,omitempty" yaml:"excludeAllTools,omitempty"`
}

AggregationConfig defines tool aggregation and conflict resolution strategies. +kubebuilder:object:generate=true +gendoc

func (*AggregationConfig) DeepCopy added in v0.6.17 

func (in *AggregationConfig) DeepCopy() *AggregationConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AggregationConfig.

func (*AggregationConfig) DeepCopyInto added in v0.6.17 

func (in *AggregationConfig) DeepCopyInto(out *AggregationConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AuthzConfig 

type AuthzConfig struct {
	// Type is the authz type: "cedar", "none"
	Type string `json:"type" yaml:"type"`

	// Policies contains Cedar policy definitions (when Type = "cedar").
	Policies []string `json:"policies,omitempty" yaml:"policies,omitempty"`
}

AuthzConfig configures authorization. +kubebuilder:object:generate=true +gendoc

func (*AuthzConfig) DeepCopy added in v0.6.17 

func (in *AuthzConfig) DeepCopy() *AuthzConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthzConfig.

func (*AuthzConfig) DeepCopyInto added in v0.6.17 

func (in *AuthzConfig) DeepCopyInto(out *AuthzConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CircuitBreakerConfig 

type CircuitBreakerConfig struct {
	// Enabled controls whether circuit breaker is enabled.
	// +kubebuilder:default=false
	// +optional
	Enabled bool `json:"enabled,omitempty" yaml:"enabled,omitempty"`

	// FailureThreshold is the number of failures before opening the circuit.
	// +kubebuilder:default=5
	// +optional
	FailureThreshold int `json:"failureThreshold,omitempty" yaml:"failureThreshold,omitempty"`

	// Timeout is the duration to wait before attempting to close the circuit.
	// +kubebuilder:default="60s"
	// +optional
	Timeout Duration `json:"timeout,omitempty" yaml:"timeout,omitempty"`
}

CircuitBreakerConfig configures circuit breaker behavior. +kubebuilder:object:generate=true +gendoc

func (*CircuitBreakerConfig) DeepCopy added in v0.6.17 

func (in *CircuitBreakerConfig) DeepCopy() *CircuitBreakerConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CircuitBreakerConfig.

func (*CircuitBreakerConfig) DeepCopyInto added in v0.6.17 

func (in *CircuitBreakerConfig) DeepCopyInto(out *CircuitBreakerConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CompositeToolConfig 

type CompositeToolConfig struct {
	// Name is the workflow name (unique identifier).
	Name string `json:"name" yaml:"name"`

	// Description describes what the workflow does.
	Description string `json:"description,omitempty" yaml:"description,omitempty"`

	// Parameters defines input parameter schema in JSON Schema format.
	// Should be a JSON Schema object with "type": "object" and "properties".
	// Example:
	//   {
	//     "type": "object",
	//     "properties": {
	//       "param1": {"type": "string", "default": "value"},
	//       "param2": {"type": "integer"}
	//     },
	//     "required": ["param2"]
	//   }
	//
	// We use json.Map rather than a typed struct because JSON Schema is highly
	// flexible with many optional fields (default, enum, minimum, maximum, pattern,
	// items, additionalProperties, oneOf, anyOf, allOf, etc.). Using json.Map
	// allows full JSON Schema compatibility without needing to define every possible
	// field, and matches how the MCP SDK handles inputSchema.
	// +optional
	Parameters thvjson.Map `json:"parameters,omitempty" yaml:"parameters,omitempty"`

	// Timeout is the maximum workflow execution time.
	Timeout Duration `json:"timeout,omitempty" yaml:"timeout,omitempty"`

	// Steps are the workflow steps to execute.
	Steps []WorkflowStepConfig `json:"steps" yaml:"steps"`

	// Output defines the structured output schema for this workflow.
	// If not specified, the workflow returns the last step's output (backward compatible).
	// +optional
	Output *OutputConfig `json:"output,omitempty" yaml:"output,omitempty"`
}

CompositeToolConfig defines a composite tool workflow. This matches the YAML structure from the proposal (lines 173-255). +kubebuilder:object:generate=true +gendoc

func (*CompositeToolConfig) DeepCopy added in v0.6.17 

func (in *CompositeToolConfig) DeepCopy() *CompositeToolConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CompositeToolConfig.

func (*CompositeToolConfig) DeepCopyInto added in v0.6.17 

func (in *CompositeToolConfig) DeepCopyInto(out *CompositeToolConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CompositeToolRef added in v0.7.0 

type CompositeToolRef struct {
	// Name is the name of the VirtualMCPCompositeToolDefinition resource in the same namespace.
	// +kubebuilder:validation:Required
	Name string `json:"name" yaml:"name"`
}

CompositeToolRef defines a reference to a VirtualMCPCompositeToolDefinition resource. The referenced resource must be in the same namespace as the VirtualMCPServer. +kubebuilder:object:generate=true +gendoc

func (*CompositeToolRef) DeepCopy added in v0.7.0 

func (in *CompositeToolRef) DeepCopy() *CompositeToolRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CompositeToolRef.

func (*CompositeToolRef) DeepCopyInto added in v0.7.0 

func (in *CompositeToolRef) DeepCopyInto(out *CompositeToolRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Config 

type Config struct {
	// Name is the virtual MCP server name.
	// +optional
	Name string `json:"name,omitempty" yaml:"name,omitempty"`

	// Group references an existing MCPGroup that defines backend workloads.
	// In Kubernetes, the referenced MCPGroup must exist in the same namespace.
	// +kubebuilder:validation:Required
	Group string `json:"groupRef" yaml:"groupRef"`

	// Backends defines pre-configured backend servers for static mode.
	// When OutgoingAuth.Source is "inline", this field contains the full list of backend
	// servers with their URLs and transport types, eliminating the need for K8s API access.
	// When OutgoingAuth.Source is "discovered", this field is empty and backends are
	// discovered at runtime via Kubernetes API.
	// +optional
	Backends []StaticBackendConfig `json:"backends,omitempty" yaml:"backends,omitempty"`

	// IncomingAuth configures how clients authenticate to the virtual MCP server.
	// When using the Kubernetes operator, this is populated by the converter from
	// VirtualMCPServerSpec.IncomingAuth and any values set here will be superseded.
	// +optional
	IncomingAuth *IncomingAuthConfig `json:"incomingAuth,omitempty" yaml:"incomingAuth,omitempty"`

	// OutgoingAuth configures how the virtual MCP server authenticates to backends.
	// When using the Kubernetes operator, this is populated by the converter from
	// VirtualMCPServerSpec.OutgoingAuth and any values set here will be superseded.
	// +optional
	OutgoingAuth *OutgoingAuthConfig `json:"outgoingAuth,omitempty" yaml:"outgoingAuth,omitempty"`

	// Aggregation defines tool aggregation and conflict resolution strategies.
	// Supports ToolConfigRef for Kubernetes-native MCPToolConfig resource references.
	// +optional
	Aggregation *AggregationConfig `json:"aggregation,omitempty" yaml:"aggregation,omitempty"`

	// CompositeTools defines inline composite tool workflows.
	// Full workflow definitions are embedded in the configuration.
	// For Kubernetes, complex workflows can also reference VirtualMCPCompositeToolDefinition CRDs.
	// +optional
	CompositeTools []CompositeToolConfig `json:"compositeTools,omitempty" yaml:"compositeTools,omitempty"`

	// CompositeToolRefs references VirtualMCPCompositeToolDefinition resources
	// for complex, reusable workflows. Only applicable when running in Kubernetes.
	// Referenced resources must be in the same namespace as the VirtualMCPServer.
	// +optional
	CompositeToolRefs []CompositeToolRef `json:"compositeToolRefs,omitempty" yaml:"compositeToolRefs,omitempty"`

	// Operational configures operational settings.
	Operational *OperationalConfig `json:"operational,omitempty" yaml:"operational,omitempty"`

	// Metadata stores additional configuration metadata.
	Metadata map[string]string `json:"metadata,omitempty" yaml:"metadata,omitempty"`

	// Telemetry configures OpenTelemetry-based observability for the Virtual MCP server
	// including distributed tracing, OTLP metrics export, and Prometheus metrics endpoint.
	// +optional
	Telemetry *telemetry.Config `json:"telemetry,omitempty" yaml:"telemetry,omitempty"`

	// Audit configures audit logging for the Virtual MCP server.
	// When present, audit logs include MCP protocol operations.
	// See audit.Config for available configuration options.
	// +optional
	Audit *audit.Config `json:"audit,omitempty" yaml:"audit,omitempty"`

	// Optimizer configures the MCP optimizer for context optimization on large toolsets.
	// When enabled, vMCP exposes only find_tool and call_tool operations to clients
	// instead of all backend tools directly. This reduces token usage by allowing
	// LLMs to discover relevant tools on demand rather than receiving all tool definitions.
	// +optional
	Optimizer *OptimizerConfig `json:"optimizer,omitempty" yaml:"optimizer,omitempty"`
}

Config is the unified configuration model for Virtual MCP Server. This is platform-agnostic and used by both CLI and Kubernetes deployments.

Platform-specific adapters (CLI YAML loader, Kubernetes CRD converter) transform their native formats into this model. +kubebuilder:object:generate=true +kubebuilder:pruning:PreserveUnknownFields +kubebuilder:validation:Type=object +gendoc

func (*Config) DeepCopy added in v0.6.17 

func (in *Config) DeepCopy() *Config

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Config.

func (*Config) DeepCopyInto added in v0.6.17 

func (in *Config) DeepCopyInto(out *Config)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Config) EnsureOperationalDefaults added in v0.6.10 

func (c *Config) EnsureOperationalDefaults()

EnsureOperationalDefaults ensures that the Config has a fully populated OperationalConfig with default values for any missing fields. If Operational is nil, it sets it to DefaultOperationalConfig(). If Operational exists but has nil or zero-value nested fields, those fields are filled with defaults while preserving any user-provided values.

type ConflictResolutionConfig 

type ConflictResolutionConfig struct {
	// PrefixFormat defines the prefix format for the "prefix" strategy.
	// Supports placeholders: {workload}, {workload}_, {workload}.
	// +kubebuilder:default="{workload}_"
	// +optional
	PrefixFormat string `json:"prefixFormat,omitempty" yaml:"prefixFormat,omitempty"`

	// PriorityOrder defines the workload priority order for the "priority" strategy.
	// +optional
	PriorityOrder []string `json:"priorityOrder,omitempty" yaml:"priorityOrder,omitempty"`
}

ConflictResolutionConfig provides configuration for conflict resolution strategies. +kubebuilder:object:generate=true +gendoc

func (*ConflictResolutionConfig) DeepCopy added in v0.6.17 

func (in *ConflictResolutionConfig) DeepCopy() *ConflictResolutionConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConflictResolutionConfig.

func (*ConflictResolutionConfig) DeepCopyInto added in v0.6.17 

func (in *ConflictResolutionConfig) DeepCopyInto(out *ConflictResolutionConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DefaultValidator 

type DefaultValidator struct{}

DefaultValidator implements comprehensive configuration validation.

func NewValidator 

func NewValidator() *DefaultValidator

NewValidator creates a new configuration validator.

func (*DefaultValidator) Validate 

func (v *DefaultValidator) Validate(cfg *Config) error

Validate performs comprehensive validation of the configuration.

type Duration added in v0.6.0 

type Duration time.Duration

Duration is a wrapper around time.Duration that marshals/unmarshals as a duration string. This ensures duration values are serialized as "30s", "1m", etc. instead of nanosecond integers. +kubebuilder:validation:Type=string +kubebuilder:validation:Pattern=`^([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$`

func (Duration) MarshalJSON added in v0.6.0 

func (d Duration) MarshalJSON() ([]byte, error)

MarshalJSON implements json.Marshaler.

func (Duration) MarshalYAML added in v0.6.0 

func (d Duration) MarshalYAML() (interface{}, error)

MarshalYAML implements yaml.Marshaler.

func (*Duration) UnmarshalJSON added in v0.6.0 

func (d *Duration) UnmarshalJSON(data []byte) error

UnmarshalJSON implements json.Unmarshaler.

func (*Duration) UnmarshalYAML added in v0.6.0 

func (d *Duration) UnmarshalYAML(unmarshal func(interface{}) error) error

UnmarshalYAML implements yaml.Unmarshaler.

type ElicitationResponseConfig 

type ElicitationResponseConfig struct {
	// Action defines the action to take when the user declines or cancels
	// - skip_remaining: Skip remaining steps in the workflow
	// - abort: Abort the entire workflow execution
	// - continue: Continue to the next step
	// +kubebuilder:validation:Enum=skip_remaining;abort;continue
	// +kubebuilder:default=abort
	// +optional
	Action string `json:"action,omitempty" yaml:"action,omitempty"`
}

ElicitationResponseConfig defines how to handle user responses to elicitation requests. +kubebuilder:object:generate=true +gendoc

func (*ElicitationResponseConfig) DeepCopy added in v0.6.17 

func (in *ElicitationResponseConfig) DeepCopy() *ElicitationResponseConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ElicitationResponseConfig.

func (*ElicitationResponseConfig) DeepCopyInto added in v0.6.17 

func (in *ElicitationResponseConfig) DeepCopyInto(out *ElicitationResponseConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type FailureHandlingConfig 

type FailureHandlingConfig struct {
	// HealthCheckInterval is the interval between health checks.
	// +kubebuilder:default="30s"
	// +optional
	HealthCheckInterval Duration `json:"healthCheckInterval,omitempty" yaml:"healthCheckInterval,omitempty"`

	// UnhealthyThreshold is the number of consecutive failures before marking unhealthy.
	// +kubebuilder:default=3
	// +optional
	UnhealthyThreshold int `json:"unhealthyThreshold,omitempty" yaml:"unhealthyThreshold,omitempty"`

	// StatusReportingInterval is the interval for reporting status updates to Kubernetes.
	// This controls how often the vMCP runtime reports backend health and phase changes.
	// Lower values provide faster status updates but increase API server load.
	// +kubebuilder:default="30s"
	// +optional
	StatusReportingInterval Duration `json:"statusReportingInterval,omitempty" yaml:"statusReportingInterval,omitempty"`

	// PartialFailureMode defines behavior when some backends are unavailable.
	// - fail: Fail entire request if any backend is unavailable
	// - best_effort: Continue with available backends
	// +kubebuilder:validation:Enum=fail;best_effort
	// +kubebuilder:default=fail
	// +optional
	PartialFailureMode string `json:"partialFailureMode,omitempty" yaml:"partialFailureMode,omitempty"`

	// CircuitBreaker configures circuit breaker behavior.
	// +optional
	CircuitBreaker *CircuitBreakerConfig `json:"circuitBreaker,omitempty" yaml:"circuitBreaker,omitempty"`
}

FailureHandlingConfig configures failure handling behavior. +kubebuilder:object:generate=true +gendoc

func (*FailureHandlingConfig) DeepCopy added in v0.6.17 

func (in *FailureHandlingConfig) DeepCopy() *FailureHandlingConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FailureHandlingConfig.

func (*FailureHandlingConfig) DeepCopyInto added in v0.6.17 

func (in *FailureHandlingConfig) DeepCopyInto(out *FailureHandlingConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type IncomingAuthConfig 

type IncomingAuthConfig struct {
	// Type is the auth type: "oidc", "local", "anonymous"
	Type string `json:"type" yaml:"type"`

	// OIDC contains OIDC configuration (when Type = "oidc").
	OIDC *OIDCConfig `json:"oidc,omitempty" yaml:"oidc,omitempty"`

	// Authz contains authorization configuration (optional).
	Authz *AuthzConfig `json:"authz,omitempty" yaml:"authz,omitempty"`
}

IncomingAuthConfig configures client authentication to the virtual MCP server.

Note: When using the Kubernetes operator (VirtualMCPServer CRD), the VirtualMCPServerSpec.IncomingAuth field is the authoritative source for authentication configuration. The operator's converter will resolve the CRD's IncomingAuth (which supports Kubernetes-native references like SecretKeyRef, ConfigMapRef, etc.) and populate this IncomingAuthConfig with the resolved values. Any values set here directly will be superseded by the CRD configuration.

+kubebuilder:object:generate=true +gendoc

func (*IncomingAuthConfig) DeepCopy added in v0.6.17 

func (in *IncomingAuthConfig) DeepCopy() *IncomingAuthConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IncomingAuthConfig.

func (*IncomingAuthConfig) DeepCopyInto added in v0.6.17 

func (in *IncomingAuthConfig) DeepCopyInto(out *IncomingAuthConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Loader 

type Loader interface {
	// Load loads configuration from the source.
	Load() (*Config, error)
}

Loader loads configuration from a source.

type OIDCConfig 

type OIDCConfig struct {
	// Issuer is the OIDC issuer URL.
	// +kubebuilder:validation:Pattern=`^https?://`
	Issuer string `json:"issuer" yaml:"issuer"`

	// ClientID is the OAuth client ID.
	ClientID string `json:"clientId" yaml:"clientId"`

	// ClientSecretEnv is the name of the environment variable containing the client secret.
	// This is the secure way to reference secrets - the actual secret value is never stored
	// in configuration files, only the environment variable name.
	// The secret value will be resolved from this environment variable at runtime.
	ClientSecretEnv string `json:"clientSecretEnv,omitempty" yaml:"clientSecretEnv,omitempty"`

	// Audience is the required token audience.
	Audience string `json:"audience" yaml:"audience"`

	// Resource is the OAuth 2.0 resource indicator (RFC 8707).
	// Used in WWW-Authenticate header and OAuth discovery metadata (RFC 9728).
	// If not specified, defaults to Audience.
	Resource string `json:"resource,omitempty" yaml:"resource,omitempty"`

	// Scopes are the required OAuth scopes.
	Scopes []string `json:"scopes,omitempty" yaml:"scopes,omitempty"`

	// ProtectedResourceAllowPrivateIP allows protected resource endpoint on private IP addresses
	// Use with caution - only enable for trusted internal IDPs or testing
	ProtectedResourceAllowPrivateIP bool `json:"protectedResourceAllowPrivateIp,omitempty" yaml:"protectedResourceAllowPrivateIp,omitempty"` //nolint:lll

	// InsecureAllowHTTP allows HTTP (non-HTTPS) OIDC issuers for development/testing
	// WARNING: This is insecure and should NEVER be used in production
	InsecureAllowHTTP bool `json:"insecureAllowHttp,omitempty" yaml:"insecureAllowHttp,omitempty"`
}

OIDCConfig configures OpenID Connect authentication. +kubebuilder:object:generate=true +gendoc

func (*OIDCConfig) DeepCopy added in v0.6.17 

func (in *OIDCConfig) DeepCopy() *OIDCConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCConfig.

func (*OIDCConfig) DeepCopyInto added in v0.6.17 

func (in *OIDCConfig) DeepCopyInto(out *OIDCConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type OperationalConfig 

type OperationalConfig struct {
	// LogLevel sets the logging level for the Virtual MCP server.
	// The only valid value is "debug" to enable debug logging.
	// When omitted or empty, the server uses info level logging.
	// +kubebuilder:validation:Enum=debug
	// +optional
	LogLevel string `json:"logLevel,omitempty" yaml:"logLevel,omitempty"`

	// Timeouts configures timeout settings.
	// +optional
	Timeouts *TimeoutConfig `json:"timeouts,omitempty" yaml:"timeouts,omitempty"`

	// FailureHandling configures failure handling behavior.
	// +optional
	FailureHandling *FailureHandlingConfig `json:"failureHandling,omitempty" yaml:"failureHandling,omitempty"`
}

OperationalConfig contains operational settings. OperationalConfig defines operational settings like timeouts and health checks. +kubebuilder:object:generate=true +gendoc

func DefaultOperationalConfig added in v0.6.10 

func DefaultOperationalConfig() *OperationalConfig

DefaultOperationalConfig returns a fully populated OperationalConfig with default values. This is the SINGLE SOURCE OF TRUTH for all operational defaults. This should be used when no operational config is provided.

func (*OperationalConfig) DeepCopy added in v0.6.17 

func (in *OperationalConfig) DeepCopy() *OperationalConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OperationalConfig.

func (*OperationalConfig) DeepCopyInto added in v0.6.17 

func (in *OperationalConfig) DeepCopyInto(out *OperationalConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type OptimizerConfig added in v0.8.0 

type OptimizerConfig struct {
	// EmbeddingService is the name of a Kubernetes Service that provides the embedding service
	// for semantic tool discovery. The service must implement the optimizer embedding API.
	// +kubebuilder:validation:Required
	EmbeddingService string `json:"embeddingService" yaml:"embeddingService"`
}

OptimizerConfig configures the MCP optimizer. When enabled, vMCP exposes only find_tool and call_tool operations to clients instead of all backend tools directly. +kubebuilder:object:generate=true +gendoc

func (*OptimizerConfig) DeepCopy added in v0.8.0 

func (in *OptimizerConfig) DeepCopy() *OptimizerConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OptimizerConfig.

func (*OptimizerConfig) DeepCopyInto added in v0.8.0 

func (in *OptimizerConfig) DeepCopyInto(out *OptimizerConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type OutgoingAuthConfig 

type OutgoingAuthConfig struct {
	// Source defines how to discover backend auth: "inline", "discovered"
	// - inline: Explicit configuration in OutgoingAuth
	// - discovered: Auto-discover from backend MCPServer.externalAuthConfigRef (Kubernetes only)
	Source string `json:"source" yaml:"source"`

	// Default is the default auth strategy for backends without explicit config.
	Default *authtypes.BackendAuthStrategy `json:"default,omitempty" yaml:"default,omitempty"`

	// Backends contains per-backend auth configuration.
	Backends map[string]*authtypes.BackendAuthStrategy `json:"backends,omitempty" yaml:"backends,omitempty"`
}

OutgoingAuthConfig configures backend authentication.

Note: When using the Kubernetes operator (VirtualMCPServer CRD), the VirtualMCPServerSpec.OutgoingAuth field is the authoritative source for backend authentication configuration. The operator's converter will resolve the CRD's OutgoingAuth (which supports Kubernetes-native references like SecretKeyRef, ConfigMapRef, etc.) and populate this OutgoingAuthConfig with the resolved values. Any values set here directly will be superseded by the CRD configuration.

+kubebuilder:object:generate=true +gendoc

func (*OutgoingAuthConfig) DeepCopy added in v0.6.17 

func (in *OutgoingAuthConfig) DeepCopy() *OutgoingAuthConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OutgoingAuthConfig.

func (*OutgoingAuthConfig) DeepCopyInto added in v0.6.17 

func (in *OutgoingAuthConfig) DeepCopyInto(out *OutgoingAuthConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*OutgoingAuthConfig) ResolveForBackend added in v0.6.0 

func (c *OutgoingAuthConfig) ResolveForBackend(backendID string) *authtypes.BackendAuthStrategy

ResolveForBackend returns the auth strategy for a given backend ID. It checks for backend-specific config first, then falls back to default. Returns nil if no authentication is configured.

type OutputConfig added in v0.6.7 

type OutputConfig struct {
	// Properties defines the output properties.
	// Map key is the property name, value is the property definition.
	Properties map[string]OutputProperty `json:"properties" yaml:"properties"`

	// Required lists property names that must be present in the output.
	// +optional
	Required []string `json:"required,omitempty" yaml:"required,omitempty"`
}

OutputConfig defines the structured output schema for a composite tool workflow. This follows the same pattern as the Parameters field, defining both the MCP output schema (type, description) and runtime value construction (value, default). +kubebuilder:object:generate=true +gendoc

func (*OutputConfig) DeepCopy added in v0.6.17 

func (in *OutputConfig) DeepCopy() *OutputConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OutputConfig.

func (*OutputConfig) DeepCopyInto added in v0.6.17 

func (in *OutputConfig) DeepCopyInto(out *OutputConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type OutputProperty added in v0.6.7 

type OutputProperty struct {
	// Type is the JSON Schema type: "string", "integer", "number", "boolean", "object", "array"
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Enum=string;integer;number;boolean;object;array
	Type string `json:"type" yaml:"type"`

	// Description is a human-readable description exposed to clients and models
	// +optional
	Description string `json:"description" yaml:"description"`

	// Value is a template string for constructing the runtime value.
	// For object types, this can be a JSON string that will be deserialized.
	// Supports template syntax: {{.steps.step_id.output.field}}, {{.params.param_name}}
	// +optional
	Value string `json:"value,omitempty" yaml:"value,omitempty"`

	// Properties defines nested properties for object types.
	// Each nested property has full metadata (type, description, value/properties).
	// +optional
	// +kubebuilder:pruning:PreserveUnknownFields
	// +kubebuilder:validation:Type=object
	// +kubebuilder:validation:Schemaless
	Properties map[string]OutputProperty `json:"properties,omitempty" yaml:"properties,omitempty"`

	// Default is the fallback value if template expansion fails.
	// Type coercion is applied to match the declared Type.
	// +optional
	// +kubebuilder:pruning:PreserveUnknownFields
	// +kubebuilder:validation:Schemaless
	Default thvjson.Any `json:"default,omitempty" yaml:"default,omitempty"`
}

OutputProperty defines a single output property. For non-object types, Value is required. For object types, either Value or Properties must be specified (but not both). +kubebuilder:object:generate=true +gendoc

func (*OutputProperty) DeepCopy added in v0.6.17 

func (in *OutputProperty) DeepCopy() *OutputProperty

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OutputProperty.

func (*OutputProperty) DeepCopyInto added in v0.6.17 

func (in *OutputProperty) DeepCopyInto(out *OutputProperty)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type StaticBackendConfig added in v0.8.0 

type StaticBackendConfig struct {
	// Name is the backend identifier.
	// Must match the backend name from the MCPGroup for auth config resolution.
	// +kubebuilder:validation:Required
	Name string `json:"name" yaml:"name"`

	// URL is the backend's MCP server base URL.
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Pattern=`^https?://`
	URL string `json:"url" yaml:"url"`

	// Transport is the MCP transport protocol: "sse" or "streamable-http"
	// Only network transports supported by vMCP client are allowed.
	// +kubebuilder:validation:Enum=sse;streamable-http
	// +kubebuilder:validation:Required
	Transport string `json:"transport" yaml:"transport"`

	// Metadata is a custom key-value map for storing additional backend information
	// such as labels, tags, or other arbitrary data (e.g., "env": "prod", "region": "us-east-1").
	// This is NOT Kubernetes ObjectMeta - it's a simple string map for user-defined metadata.
	// Reserved keys: "group" is automatically set by vMCP and any user-provided value will be overridden.
	// +optional
	Metadata map[string]string `json:"metadata,omitempty" yaml:"metadata,omitempty"`
}

StaticBackendConfig defines a pre-configured backend server for static mode. This allows vMCP to operate without Kubernetes API access by embedding all backend information directly in the configuration. +gendoc +kubebuilder:object:generate=true

func (*StaticBackendConfig) DeepCopy added in v0.8.0 

func (in *StaticBackendConfig) DeepCopy() *StaticBackendConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StaticBackendConfig.

func (*StaticBackendConfig) DeepCopyInto added in v0.8.0 

func (in *StaticBackendConfig) DeepCopyInto(out *StaticBackendConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type StepErrorHandling 

type StepErrorHandling struct {
	// Action defines the action to take on error
	// +kubebuilder:validation:Enum=abort;continue;retry
	// +kubebuilder:default=abort
	// +optional
	Action string `json:"action,omitempty" yaml:"action,omitempty"`

	// RetryCount is the maximum number of retries
	// Only used when Action is "retry"
	// +optional
	RetryCount int `json:"retryCount,omitempty" yaml:"retryCount,omitempty"`

	// RetryDelay is the delay between retry attempts
	// Only used when Action is "retry"
	// +optional
	RetryDelay Duration `json:"retryDelay,omitempty" yaml:"retryDelay,omitempty"`
}

StepErrorHandling defines error handling behavior for workflow steps. +kubebuilder:object:generate=true +gendoc

func (*StepErrorHandling) DeepCopy added in v0.6.17 

func (in *StepErrorHandling) DeepCopy() *StepErrorHandling

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StepErrorHandling.

func (*StepErrorHandling) DeepCopyInto added in v0.6.17 

func (in *StepErrorHandling) DeepCopyInto(out *StepErrorHandling)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TimeoutConfig 

type TimeoutConfig struct {
	// Default is the default timeout for backend requests.
	// +kubebuilder:default="30s"
	// +optional
	Default Duration `json:"default,omitempty" yaml:"default,omitempty"`

	// PerWorkload defines per-workload timeout overrides.
	// +optional
	PerWorkload map[string]Duration `json:"perWorkload,omitempty" yaml:"perWorkload,omitempty"`
}

TimeoutConfig configures timeout settings. +kubebuilder:object:generate=true +gendoc

func (*TimeoutConfig) DeepCopy added in v0.6.17 

func (in *TimeoutConfig) DeepCopy() *TimeoutConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TimeoutConfig.

func (*TimeoutConfig) DeepCopyInto added in v0.6.17 

func (in *TimeoutConfig) DeepCopyInto(out *TimeoutConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ToolConfigRef added in v0.7.0 

type ToolConfigRef struct {
	// Name is the name of the MCPToolConfig resource in the same namespace.
	// +kubebuilder:validation:Required
	Name string `json:"name" yaml:"name"`
}

ToolConfigRef references an MCPToolConfig resource for tool filtering and renaming. Only used when running in Kubernetes with the operator. +kubebuilder:object:generate=true +gendoc

func (*ToolConfigRef) DeepCopy added in v0.7.0 

func (in *ToolConfigRef) DeepCopy() *ToolConfigRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ToolConfigRef.

func (*ToolConfigRef) DeepCopyInto added in v0.7.0 

func (in *ToolConfigRef) DeepCopyInto(out *ToolConfigRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ToolOverride 

type ToolOverride struct {
	// Name is the new tool name (for renaming).
	// +optional
	Name string `json:"name,omitempty" yaml:"name,omitempty"`

	// Description is the new tool description.
	// +optional
	Description string `json:"description,omitempty" yaml:"description,omitempty"`
}

ToolOverride defines tool name and description overrides. +kubebuilder:object:generate=true +gendoc

func (*ToolOverride) DeepCopy added in v0.6.17 

func (in *ToolOverride) DeepCopy() *ToolOverride

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ToolOverride.

func (*ToolOverride) DeepCopyInto added in v0.6.17 

func (in *ToolOverride) DeepCopyInto(out *ToolOverride)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Validator 

type Validator interface {
	// Validate checks if the configuration is valid.
	// Returns detailed validation errors.
	Validate(cfg *Config) error
}

Validator validates configuration.

type WorkflowStepConfig 

type WorkflowStepConfig struct {
	// ID is the unique identifier for this step.
	// +kubebuilder:validation:Required
	ID string `json:"id" yaml:"id"`

	// Type is the step type (tool, elicitation, etc.)
	// +kubebuilder:validation:Enum=tool;elicitation
	// +kubebuilder:default=tool
	// +optional
	Type string `json:"type,omitempty" yaml:"type,omitempty"`

	// Tool is the tool to call (format: "workload.tool_name")
	// Only used when Type is "tool"
	// +optional
	Tool string `json:"tool,omitempty" yaml:"tool,omitempty"`

	// Arguments is a map of argument values with template expansion support.
	// Supports Go template syntax with .params and .steps for string values.
	// Non-string values (integers, booleans, arrays, objects) are passed as-is.
	// Note: the templating is only supported on the first level of the key-value pairs.
	// +optional
	// +kubebuilder:pruning:PreserveUnknownFields
	// +kubebuilder:validation:Type=object
	Arguments thvjson.Map `json:"arguments,omitempty" yaml:"arguments,omitempty"`

	// Condition is a template expression that determines if the step should execute
	// +optional
	Condition string `json:"condition,omitempty" yaml:"condition,omitempty"`

	// DependsOn lists step IDs that must complete before this step
	// +optional
	DependsOn []string `json:"dependsOn,omitempty" yaml:"dependsOn,omitempty"`

	// OnError defines error handling behavior
	// +optional
	OnError *StepErrorHandling `json:"onError,omitempty" yaml:"onError,omitempty"`

	// Message is the elicitation message
	// Only used when Type is "elicitation"
	// +optional
	Message string `json:"message,omitempty" yaml:"message,omitempty"`

	// Schema defines the expected response schema for elicitation
	// +optional
	// +kubebuilder:pruning:PreserveUnknownFields
	// +kubebuilder:validation:Type=object
	Schema thvjson.Map `json:"schema,omitempty" yaml:"schema,omitempty"`

	// Timeout is the maximum execution time for this step
	// +optional
	Timeout Duration `json:"timeout,omitempty" yaml:"timeout,omitempty"`

	// OnDecline defines the action to take when the user explicitly declines the elicitation
	// Only used when Type is "elicitation"
	// +optional
	OnDecline *ElicitationResponseConfig `json:"onDecline,omitempty" yaml:"onDecline,omitempty"`

	// OnCancel defines the action to take when the user cancels/dismisses the elicitation
	// Only used when Type is "elicitation"
	// +optional
	OnCancel *ElicitationResponseConfig `json:"onCancel,omitempty" yaml:"onCancel,omitempty"`

	// DefaultResults provides fallback output values when this step is skipped
	// (due to condition evaluating to false) or fails (when onError.action is "continue").
	// Each key corresponds to an output field name referenced by downstream steps.
	// Required if the step may be skipped AND downstream steps reference this step's output.
	// +optional
	// +kubebuilder:pruning:PreserveUnknownFields
	// +kubebuilder:validation:Schemaless
	DefaultResults thvjson.Map `json:"defaultResults,omitempty" yaml:"defaultResults,omitempty"`
}

WorkflowStepConfig defines a single workflow step. This matches the proposal's step configuration (lines 180-255). +kubebuilder:object:generate=true +gendoc

func (*WorkflowStepConfig) DeepCopy added in v0.6.17 

func (in *WorkflowStepConfig) DeepCopy() *WorkflowStepConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkflowStepConfig.

func (*WorkflowStepConfig) DeepCopyInto added in v0.6.17 

func (in *WorkflowStepConfig) DeepCopyInto(out *WorkflowStepConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type WorkloadToolConfig 

type WorkloadToolConfig struct {
	// Workload is the name of the backend MCPServer workload.
	// +kubebuilder:validation:Required
	Workload string `json:"workload" yaml:"workload"`

	// ToolConfigRef references an MCPToolConfig resource for tool filtering and renaming.
	// If specified, Filter and Overrides are ignored.
	// Only used when running in Kubernetes with the operator.
	// +optional
	ToolConfigRef *ToolConfigRef `json:"toolConfigRef,omitempty" yaml:"toolConfigRef,omitempty"`

	// Filter is an inline list of tool names to allow (allow list).
	// Only used if ToolConfigRef is not specified.
	// +optional
	Filter []string `json:"filter,omitempty" yaml:"filter,omitempty"`

	// Overrides is an inline map of tool overrides.
	// Only used if ToolConfigRef is not specified.
	// +optional
	Overrides map[string]*ToolOverride `json:"overrides,omitempty" yaml:"overrides,omitempty"`

	// ExcludeAll excludes all tools from this workload when true.
	// +optional
	ExcludeAll bool `json:"excludeAll,omitempty" yaml:"excludeAll,omitempty"`
}

WorkloadToolConfig defines tool filtering and overrides for a specific workload. +kubebuilder:object:generate=true +gendoc

func (*WorkloadToolConfig) DeepCopy added in v0.6.17 

func (in *WorkloadToolConfig) DeepCopy() *WorkloadToolConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadToolConfig.

func (*WorkloadToolConfig) DeepCopyInto added in v0.6.17 

func (in *WorkloadToolConfig) DeepCopyInto(out *WorkloadToolConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type YAMLLoader 

type YAMLLoader struct {
	// contains filtered or unexported fields
}

YAMLLoader loads configuration from a YAML file. This is the CLI-specific loader that parses the YAML format defined in the proposal.

func NewYAMLLoader 

func NewYAMLLoader(filePath string, envReader env.Reader) *YAMLLoader

NewYAMLLoader creates a new YAML configuration loader.

func (*YAMLLoader) Load 

func (l *YAMLLoader) Load() (*Config, error)

Load reads and parses the YAML configuration file. Uses strict unmarshalling to reject unknown fields.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.