Documentation
¶
Overview ¶
Package config provides configuration management for agentapi-proxy using viper.
Configuration can be loaded from:
- JSON files (backward compatibility)
- YAML files
- Environment variables with AGENTAPI_ prefix
Environment variable examples:
AGENTAPI_START_PORT=8080 AGENTAPI_AUTH_ENABLED=true AGENTAPI_AUTH_STATIC_ENABLED=true AGENTAPI_AUTH_STATIC_HEADER_NAME=X-API-Key AGENTAPI_AUTH_STATIC_KEYS_FILE=/path/to/keys.json AGENTAPI_AUTH_GITHUB_ENABLED=true AGENTAPI_AUTH_GITHUB_BASE_URL=https://api.github.com AGENTAPI_AUTH_GITHUB_TOKEN_HEADER=Authorization AGENTAPI_AUTH_GITHUB_OAUTH_CLIENT_ID=your_client_id AGENTAPI_AUTH_GITHUB_OAUTH_CLIENT_SECRET=your_client_secret AGENTAPI_AUTH_GITHUB_OAUTH_SCOPE=read:user read:org AGENTAPI_AUTH_GITHUB_USER_MAPPING_DEFAULT_ROLE=user AGENTAPI_ENABLE_MULTIPLE_USERS=true AGENTAPI_WEBHOOK_BASE_URL=https://example.com AGENTAPI_WEBHOOK_GITHUB_ENTERPRISE_HOST=github.enterprise.com
Configuration file search paths:
- Current directory
- $HOME/.agentapi/
- /etc/agentapi/
Configuration file names: config.json, config.yaml, config.yml
Index ¶
- func ApplyEnvVars(envVars []EnvVar) []string
- func GetRoleFromContext(userID string, role string) string
- func LoadAuthConfigFromFile(config *Config, filename string) error
- type APIKey
- type AWSAuthConfig
- type AWSUserMapping
- type AuthConfig
- type AuthConfigOverride
- type Config
- type EnvVar
- type GitHubAuthConfig
- type GitHubAuthConfigOverride
- type GitHubOAuthConfig
- type GitHubUserMapping
- type K8sSessionConfigOverride
- type KubernetesSessionConfig
- type MemoryConfig
- type MemoryS3Config
- type RoleEnvFilesConfig
- type ScheduleWorkerConfig
- type SlackConfig
- type SlackbotCleanupWorkerConfig
- type StaticAuthConfig
- type TeamRoleRule
- type Toleration
- type WebhookConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ApplyEnvVars ¶ added in v1.42.0
ApplyEnvVars sets environment variables in the current process Returns the list of variables that were set
func GetRoleFromContext ¶ added in v1.42.0
GetRoleFromContext extracts the user's role from the authentication context This is a helper function that should be called from the auth package
func LoadAuthConfigFromFile ¶ added in v1.9.1
LoadAuthConfigFromFile loads auth configuration from an external file (e.g., ConfigMap)
Types ¶
type APIKey ¶ added in v0.13.0
type APIKey struct {
Key string `json:"key" mapstructure:"key"`
UserID string `json:"user_id" mapstructure:"user_id"`
Role string `json:"role" mapstructure:"role"`
Permissions []string `json:"permissions" mapstructure:"permissions"`
CreatedAt string `json:"created_at" mapstructure:"created_at"`
ExpiresAt string `json:"expires_at,omitempty" mapstructure:"expires_at"`
}
APIKey represents an API key configuration
func (*APIKey) HasPermission ¶ added in v0.13.0
HasPermission checks if a user has a specific permission
type AWSAuthConfig ¶ added in v1.141.0
type AWSAuthConfig struct {
Enabled bool `json:"enabled" mapstructure:"enabled"`
Region string `json:"region" mapstructure:"region"`
AllowedAccountIDs []string `json:"allowed_account_ids" mapstructure:"allowed_account_ids"` // Required: list of allowed AWS account IDs (empty = deny all)
TeamTagKey string `json:"team_tag_key" mapstructure:"team_tag_key"`
RequiredTagKey string `json:"required_tag_key" mapstructure:"required_tag_key"` // Tag key that must exist (e.g., "agentapi-proxy")
RequiredTagVal string `json:"required_tag_value" mapstructure:"required_tag_value"` // Expected tag value (e.g., "enabled")
CacheTTL string `json:"cache_ttl" mapstructure:"cache_ttl"`
UserMapping AWSUserMapping `json:"user_mapping" mapstructure:"user_mapping"`
}
AWSAuthConfig represents AWS IAM authentication configuration
type AWSUserMapping ¶ added in v1.141.0
type AWSUserMapping struct {
DefaultRole string `json:"default_role" mapstructure:"default_role" yaml:"default_role"`
DefaultPermissions []string `json:"default_permissions" mapstructure:"default_permissions" yaml:"default_permissions"`
TeamRoleMapping map[string]TeamRoleRule `json:"team_role_mapping" mapstructure:"team_role_mapping" yaml:"team_role_mapping"`
}
AWSUserMapping represents AWS user role mapping configuration
type AuthConfig ¶ added in v0.13.0
type AuthConfig struct {
Static *StaticAuthConfig `json:"static,omitempty" mapstructure:"static"`
GitHub *GitHubAuthConfig `json:"github,omitempty" mapstructure:"github"`
AWS *AWSAuthConfig `json:"aws,omitempty" mapstructure:"aws"`
}
AuthConfig represents authentication configuration
type AuthConfigOverride ¶ added in v1.9.1
type AuthConfigOverride struct {
GitHub *GitHubAuthConfigOverride `json:"github,omitempty" yaml:"github,omitempty"`
}
AuthConfigOverride represents auth configuration overrides from external file
type Config ¶
type Config struct {
// Auth represents authentication configuration
Auth AuthConfig `json:"auth" mapstructure:"auth"`
// AuthConfigFile is the path to an external auth configuration file (e.g., from ConfigMap)
AuthConfigFile string `json:"auth_config_file" mapstructure:"auth_config_file"`
// RoleEnvFiles is the configuration for role-based environment files
RoleEnvFiles RoleEnvFilesConfig `json:"role_env_files" mapstructure:"role_env_files"`
// KubernetesSession is the configuration for Kubernetes-based session management
KubernetesSession KubernetesSessionConfig `json:"kubernetes_session" mapstructure:"kubernetes_session"`
// ScheduleWorker is the configuration for the schedule worker
ScheduleWorker ScheduleWorkerConfig `json:"schedule_worker" mapstructure:"schedule_worker"`
// SlackbotCleanupWorker is the configuration for the Slackbot session cleanup worker
SlackbotCleanupWorker SlackbotCleanupWorkerConfig `json:"slackbot_cleanup_worker" mapstructure:"slackbot_cleanup_worker"`
// Webhook is the configuration for webhook functionality
Webhook WebhookConfig `json:"webhook" mapstructure:"webhook"`
// Memory is the configuration for memory storage backend
Memory MemoryConfig `json:"memory" mapstructure:"memory"`
// Slack is the configuration for Slack bot inbound webhook functionality
Slack SlackConfig `json:"slack" mapstructure:"slack"`
}
Config represents the proxy configuration
func LoadConfig ¶
LoadConfig loads configuration using viper with support for JSON, YAML, and environment variables
func LoadConfigLegacy ¶ added in v1.9.1
LoadConfigLegacy loads configuration from a JSON file (legacy method)
type EnvVar ¶ added in v1.42.0
EnvVar represents a single environment variable
func LoadRoleEnvVars ¶ added in v1.42.0
func LoadRoleEnvVars(config *RoleEnvFilesConfig, role string) ([]EnvVar, error)
LoadRoleEnvVars loads environment variables for a specific role
func LoadTeamEnvVars ¶ added in v1.47.0
LoadTeamEnvVars loads environment variables from a specific file for a team
type GitHubAuthConfig ¶ added in v1.0.0
type GitHubAuthConfig struct {
Enabled bool `json:"enabled" mapstructure:"enabled"`
BaseURL string `json:"base_url" mapstructure:"base_url"`
TokenHeader string `json:"token_header" mapstructure:"token_header"`
UserMapping GitHubUserMapping `json:"user_mapping" mapstructure:"user_mapping"`
OAuth *GitHubOAuthConfig `json:"oauth,omitempty" mapstructure:"oauth"`
}
GitHubAuthConfig represents GitHub OAuth authentication
type GitHubAuthConfigOverride ¶ added in v1.9.1
type GitHubAuthConfigOverride struct {
UserMapping *GitHubUserMapping `json:"user_mapping,omitempty" yaml:"user_mapping,omitempty"`
}
GitHubAuthConfigOverride represents GitHub auth configuration overrides
type GitHubOAuthConfig ¶ added in v1.9.1
type GitHubOAuthConfig struct {
ClientID string `json:"client_id" mapstructure:"client_id"`
ClientSecret string `json:"client_secret" mapstructure:"client_secret"`
Scope string `json:"scope" mapstructure:"scope"`
BaseURL string `json:"base_url,omitempty" mapstructure:"base_url"`
}
GitHubOAuthConfig represents GitHub OAuth2 configuration
type GitHubUserMapping ¶ added in v1.0.0
type GitHubUserMapping struct {
DefaultRole string `json:"default_role" mapstructure:"default_role" yaml:"default_role"`
DefaultPermissions []string `json:"default_permissions" mapstructure:"default_permissions" yaml:"default_permissions"`
TeamRoleMapping map[string]TeamRoleRule `json:"team_role_mapping" mapstructure:"team_role_mapping" yaml:"team_role_mapping"`
}
GitHubUserMapping represents user role mapping configuration
type K8sSessionConfigOverride ¶ added in v1.94.0
type K8sSessionConfigOverride struct {
KubernetesSession *struct {
NodeSelector map[string]string `json:"node_selector,omitempty" yaml:"node_selector"`
Tolerations []Toleration `json:"tolerations,omitempty" yaml:"tolerations"`
} `json:"kubernetes_session,omitempty" yaml:"kubernetes_session"`
}
K8sSessionConfigOverride represents kubernetes session configuration overrides from external file
type KubernetesSessionConfig ¶ added in v1.84.0
type KubernetesSessionConfig struct {
// Namespace is the Kubernetes namespace where session resources are created
Namespace string `json:"namespace" mapstructure:"namespace"`
// Image is the container image for session pods
Image string `json:"image" mapstructure:"image"`
// ImagePullPolicy is the image pull policy for session pods
ImagePullPolicy string `json:"image_pull_policy" mapstructure:"image_pull_policy"`
// ServiceAccount is the service account for session pods
ServiceAccount string `json:"service_account" mapstructure:"service_account"`
// BasePort is the port that agentapi listens on in session pods
BasePort int `json:"base_port" mapstructure:"base_port"`
// CPURequest is the CPU request for session pods
CPURequest string `json:"cpu_request" mapstructure:"cpu_request"`
// CPULimit is the CPU limit for session pods
CPULimit string `json:"cpu_limit" mapstructure:"cpu_limit"`
// MemoryRequest is the memory request for session pods
MemoryRequest string `json:"memory_request" mapstructure:"memory_request"`
// MemoryLimit is the memory limit for session pods
MemoryLimit string `json:"memory_limit" mapstructure:"memory_limit"`
// PVCEnabled enables PersistentVolumeClaim for session pods workdir
// When disabled, EmptyDir is used instead (data is not persisted across pod restarts)
PVCEnabled *bool `json:"pvc_enabled,omitempty" mapstructure:"pvc_enabled"`
// PVCStorageClass is the storage class for session PVCs
PVCStorageClass string `json:"pvc_storage_class" mapstructure:"pvc_storage_class"`
// PVCStorageSize is the storage size for session PVCs
PVCStorageSize string `json:"pvc_storage_size" mapstructure:"pvc_storage_size"`
// PodStartTimeout is the timeout in seconds for pod startup
PodStartTimeout int `json:"pod_start_timeout" mapstructure:"pod_start_timeout"`
// PodStopTimeout is the timeout in seconds for pod termination
PodStopTimeout int `json:"pod_stop_timeout" mapstructure:"pod_stop_timeout"`
// ClaudeConfigUserConfigMapPrefix is the prefix for user-specific ConfigMap names
// Full name will be: {prefix}-{username} (e.g., claude-config-johndoe)
ClaudeConfigUserConfigMapPrefix string `json:"claude_config_user_configmap_prefix" mapstructure:"claude_config_user_configmap_prefix"`
// InitContainerImage is the image used for the init container that sets up Claude configuration
// Defaults to the same image as the session container (Image field) if not specified
InitContainerImage string `json:"init_container_image" mapstructure:"init_container_image"`
// GitHubSecretName is the name of the Kubernetes Secret containing GitHub authentication credentials
// This Secret is used by the clone-repo init container for repository cloning
// Expected keys: GITHUB_TOKEN, GITHUB_APP_ID, GITHUB_APP_PEM, GITHUB_INSTALLATION_ID
GitHubSecretName string `json:"github_secret_name" mapstructure:"github_secret_name"`
// GitHubConfigSecretName is the name of the Kubernetes Secret containing GitHub configuration (non-auth)
// This Secret contains GITHUB_API and GITHUB_URL for GitHub Enterprise Server support
// It is kept separate from GitHubSecretName so that params.github_token can override authentication
// without losing Enterprise Server URL settings
GitHubConfigSecretName string `json:"github_config_secret_name" mapstructure:"github_config_secret_name"`
// ConfigFile is the path to an external configuration file for kubernetes session settings
// This file can contain node_selector and tolerations settings
ConfigFile string `json:"config_file,omitempty" mapstructure:"config_file"`
// NodeSelector is a selector which must be true for the pod to fit on a node
// Example: {"disktype": "ssd", "kubernetes.io/arch": "amd64"}
NodeSelector map[string]string `json:"node_selector,omitempty" mapstructure:"node_selector" yaml:"node_selector"`
// Tolerations are tolerations for session pods to schedule onto nodes with matching taints
Tolerations []Toleration `json:"tolerations,omitempty" mapstructure:"tolerations" yaml:"tolerations"`
// SettingsBaseSecret is the single base Kubernetes Secret shared by all sessions.
// It contains settings.json in the agentapi settings format (env_vars, auth_mode, bedrock,
// mcp_servers, marketplaces, enabled_plugins, hooks) and is merged at the lowest priority
// level during session settings generation. Team and user settings can override it.
SettingsBaseSecret string `json:"settings_base_secret" mapstructure:"settings_base_secret"`
// OpenTelemetry Collector configuration
// OtelCollectorEnabled enables OpenTelemetry Collector sidecar for metrics collection
OtelCollectorEnabled bool `json:"otel_collector_enabled" mapstructure:"otel_collector_enabled"`
// OtelCollectorImage is the container image for otelcol sidecar
OtelCollectorImage string `json:"otel_collector_image" mapstructure:"otel_collector_image"`
// OtelCollectorScrapeInterval is the scrape interval for Claude Code metrics
OtelCollectorScrapeInterval string `json:"otel_collector_scrape_interval" mapstructure:"otel_collector_scrape_interval"`
// OtelCollectorClaudeCodePort is the port where Claude Code exposes metrics
OtelCollectorClaudeCodePort int `json:"otel_collector_claude_code_port" mapstructure:"otel_collector_claude_code_port"`
// OtelCollectorExporterPort is the port where otelcol exposes labeled metrics
OtelCollectorExporterPort int `json:"otel_collector_exporter_port" mapstructure:"otel_collector_exporter_port"`
// OtelCollectorCPURequest is the CPU request for otelcol sidecar
OtelCollectorCPURequest string `json:"otel_collector_cpu_request" mapstructure:"otel_collector_cpu_request"`
// OtelCollectorCPULimit is the CPU limit for otelcol sidecar
OtelCollectorCPULimit string `json:"otel_collector_cpu_limit" mapstructure:"otel_collector_cpu_limit"`
// OtelCollectorMemoryRequest is the memory request for otelcol sidecar
OtelCollectorMemoryRequest string `json:"otel_collector_memory_request" mapstructure:"otel_collector_memory_request"`
// OtelCollectorMemoryLimit is the memory limit for otelcol sidecar
OtelCollectorMemoryLimit string `json:"otel_collector_memory_limit" mapstructure:"otel_collector_memory_limit"`
// Slack Integration configuration (claude-posts sidecar)
// SlackIntegrationImage is the container image for the claude-posts Slack integration sidecar
// Defaults to ghcr.io/takutakahashi/claude-posts:0.3.0
SlackIntegrationImage string `json:"slack_integration_image" mapstructure:"slack_integration_image"`
// SlackBotTokenSecretName is the Kubernetes Secret name containing the Slack bot token
// The token is exposed as SLACK_BOT_TOKEN env var in the sidecar
SlackBotTokenSecretName string `json:"slack_bot_token_secret_name" mapstructure:"slack_bot_token_secret_name"`
// SlackBotTokenSecretKey is the key within the Secret that holds the Slack bot token
// Defaults to "bot-token"
SlackBotTokenSecretKey string `json:"slack_bot_token_secret_key" mapstructure:"slack_bot_token_secret_key"`
}
KubernetesSessionConfig represents Kubernetes session manager configuration
type MemoryConfig ¶ added in v1.243.0
type MemoryConfig struct {
// Backend is the storage backend type: "kubernetes" (default) or "s3"
Backend string `json:"backend" mapstructure:"backend"`
S3 *MemoryS3Config `json:"s3,omitempty" mapstructure:"s3"`
}
MemoryConfig represents memory backend configuration
type MemoryS3Config ¶ added in v1.243.0
type MemoryS3Config struct {
// Bucket is the S3 bucket name (required)
Bucket string `json:"bucket" mapstructure:"bucket"`
// Region is the AWS region (optional, uses AWS default config if empty)
Region string `json:"region" mapstructure:"region"`
// Prefix is the key prefix for all memory objects (default: "agentapi-memory/")
Prefix string `json:"prefix" mapstructure:"prefix"`
// Endpoint is a custom S3-compatible endpoint URL (e.g., for rustfs or other S3-compatible services)
Endpoint string `json:"endpoint" mapstructure:"endpoint"`
}
MemoryS3Config represents S3 backend configuration for memory storage
type RoleEnvFilesConfig ¶ added in v1.42.0
type RoleEnvFilesConfig struct {
// Enabled enables role-based environment file loading
Enabled bool `json:"enabled" mapstructure:"enabled"`
// Path is the directory path containing role-specific .env files
Path string `json:"path" mapstructure:"path"`
// LoadDefault loads default.env before role-specific env file
LoadDefault bool `json:"load_default" mapstructure:"load_default"`
}
RoleEnvFilesConfig represents role-based environment files configuration
type ScheduleWorkerConfig ¶ added in v1.115.0
type ScheduleWorkerConfig struct {
// Enabled enables the schedule worker
Enabled bool `json:"enabled" mapstructure:"enabled"`
// CheckInterval is how often to check for due schedules (e.g., "30s", "1m")
CheckInterval string `json:"check_interval" mapstructure:"check_interval"`
// Namespace is the Kubernetes namespace for schedule resources
Namespace string `json:"namespace" mapstructure:"namespace"`
// LeaseDuration is the duration that non-leader candidates will wait to force acquire leadership
LeaseDuration string `json:"lease_duration" mapstructure:"lease_duration"`
// RenewDeadline is the duration that the acting master will retry refreshing leadership before giving up
RenewDeadline string `json:"renew_deadline" mapstructure:"renew_deadline"`
// RetryPeriod is the duration the LeaderElector clients should wait between tries of actions
RetryPeriod string `json:"retry_period" mapstructure:"retry_period"`
}
ScheduleWorkerConfig represents schedule worker configuration
type SlackConfig ¶ added in v1.261.0
type SlackConfig struct {
// SigningSecret is the default Slack App signing secret (kept for backward compatibility,
// no longer required for Socket Mode operation).
// Set via AGENTAPI_SLACK_SIGNING_SECRET environment variable.
SigningSecret string `json:"signing_secret" mapstructure:"signing_secret"`
// AppTokenSecretName is the K8s Secret name containing the default App-level token (xapp-...).
// Used for the default Socket Mode connection.
// If empty, falls back to KubernetesSession.SlackBotTokenSecretName.
// Set via AGENTAPI_SLACK_APP_TOKEN_SECRET_NAME environment variable.
AppTokenSecretName string `json:"app_token_secret_name" mapstructure:"app_token_secret_name"`
// AppTokenSecretKey is the key within the Secret for the App-level token.
// Defaults to "app-token".
// Set via AGENTAPI_SLACK_APP_TOKEN_SECRET_KEY environment variable.
AppTokenSecretKey string `json:"app_token_secret_key" mapstructure:"app_token_secret_key"`
// DryRun enables dry-run mode: session creation and Slack posts are logged but not executed.
// Useful for testing event routing without side effects.
// Set via AGENTAPI_SLACK_DRY_RUN environment variable.
DryRun bool `json:"dry_run" mapstructure:"dry_run"`
}
SlackConfig represents Slack bot (Socket Mode) configuration
type SlackbotCleanupWorkerConfig ¶ added in v1.277.0
type SlackbotCleanupWorkerConfig struct {
// Enabled enables the Slackbot cleanup worker
Enabled bool `json:"enabled" mapstructure:"enabled"`
// CheckInterval is how often to scan for stale sessions (e.g., "1h", "30m")
CheckInterval string `json:"check_interval" mapstructure:"check_interval"`
// SessionTTL is the duration after the last message before a session is deleted (e.g., "72h")
SessionTTL string `json:"session_ttl" mapstructure:"session_ttl"`
// DryRun disables actual deletion; stale sessions are only logged.
// Useful for verifying TTL settings before enabling real cleanup.
DryRun bool `json:"dry_run" mapstructure:"dry_run"`
// LeaseDuration is the duration that non-leader candidates will wait to force acquire leadership
LeaseDuration string `json:"lease_duration" mapstructure:"lease_duration"`
// RenewDeadline is the duration that the acting master will retry refreshing leadership before giving up
RenewDeadline string `json:"renew_deadline" mapstructure:"renew_deadline"`
// RetryPeriod is the duration the LeaderElector clients should wait between tries of actions
RetryPeriod string `json:"retry_period" mapstructure:"retry_period"`
}
SlackbotCleanupWorkerConfig represents Slackbot session cleanup worker configuration. The worker deletes Slackbot sessions whose last message is older than SessionTTL.
type StaticAuthConfig ¶ added in v1.0.0
type StaticAuthConfig struct {
Enabled bool `json:"enabled" mapstructure:"enabled"`
APIKeys []APIKey `json:"api_keys" mapstructure:"api_keys"`
KeysFile string `json:"keys_file" mapstructure:"keys_file"`
HeaderName string `json:"header_name" mapstructure:"header_name"`
}
StaticAuthConfig represents static API key authentication
type TeamRoleRule ¶ added in v1.0.0
type TeamRoleRule struct {
Role string `json:"role" mapstructure:"role" yaml:"role"`
Permissions []string `json:"permissions" mapstructure:"permissions" yaml:"permissions"`
EnvFile string `json:"env_file,omitempty" mapstructure:"env_file" yaml:"env_file"`
}
TeamRoleRule represents a team-based role rule
type Toleration ¶ added in v1.94.0
type Toleration struct {
// Key is the taint key that the toleration applies to
Key string `json:"key" mapstructure:"key" yaml:"key"`
// Operator represents a key's relationship to the value (Equal or Exists)
Operator string `json:"operator" mapstructure:"operator" yaml:"operator"`
// Value is the taint value the toleration matches to
Value string `json:"value" mapstructure:"value" yaml:"value"`
// Effect indicates the taint effect to match (NoSchedule, PreferNoSchedule, NoExecute)
Effect string `json:"effect" mapstructure:"effect" yaml:"effect"`
// TolerationSeconds is the period of time the toleration tolerates the taint (for NoExecute)
TolerationSeconds *int64 `json:"toleration_seconds,omitempty" mapstructure:"toleration_seconds" yaml:"toleration_seconds"`
}
Toleration represents a Kubernetes toleration for session pods
type WebhookConfig ¶ added in v1.156.0
type WebhookConfig struct {
// BaseURL is the base URL for webhook endpoints (e.g., "https://example.com")
// If not set, the URL will be auto-detected from incoming request headers
BaseURL string `json:"base_url" mapstructure:"base_url"`
// GitHubEnterpriseHost is the default GitHub Enterprise host for webhook matching
// When set, webhooks without explicit enterprise_url will match against this host
// Example: "github.enterprise.com" (hostname only, without https://)
GitHubEnterpriseHost string `json:"github_enterprise_host" mapstructure:"github_enterprise_host"`
}
WebhookConfig represents webhook configuration
Source Files
Click to show internal directories.
Click to hide internal directories.