platform

package
v1.50.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 8, 2026 License: Apache-2.0 Imports: 55 Imported by: 0

Documentation

Overview

Package platform provides the main platform orchestration.

Package platform provides the main platform orchestration.

Index

Constants

View Source 
const (
	SessionStoreMemory   = "memory"
	SessionStoreDatabase = "database"
)

Session store backend names.

View Source 
const (
	SourceFile     = "file"
	SourceDatabase = "database" //nolint:goconst // same value as SessionStoreDatabase but different semantic domain
	SourceBoth     = "both"
)

Source constants for personas and other config resources.

View Source 
const CurrentConfigVersion = "v1"

CurrentConfigVersion is the current config API version.

Variables

View Source 
var ErrAPIKeyNotFound = errors.New("api key not found")

ErrAPIKeyNotFound is returned when an API key does not exist in the database.

View Source 
var ErrConnectionNotFound = errors.New("connection instance not found")

ErrConnectionNotFound is returned when a connection instance does not exist.

View Source 
var ErrPersonaNotFound = errors.New("persona not found")

ErrPersonaNotFound is returned when a persona definition does not exist in the database.

Functions

func MigrateConfig added in v0.16.0 

func MigrateConfig(r io.Reader, w io.Writer, targetVersion string) error

MigrateConfig reads YAML from r, migrates it to targetVersion, and writes the result to w. If targetVersion is empty, the current version is used. Environment variable references (${VAR}) are preserved in the output.

func MigrateConfigBytes added in v0.16.0 

func MigrateConfigBytes(data []byte, targetVersion string) ([]byte, error)

MigrateConfigBytes migrates raw YAML config bytes to targetVersion. If targetVersion is empty, the current version is used. This function does NOT expand environment variables so ${VAR} references are preserved in the output.

func PeekVersion added in v0.16.0 

func PeekVersion(data []byte) string

PeekVersion extracts the apiVersion from raw YAML bytes. Returns "v1" if the field is missing or empty (backward compatibility).

Types

type APIKeyAuthConfig 

type APIKeyAuthConfig struct {
	Enabled bool        `yaml:"enabled"`
	Keys    []APIKeyDef `yaml:"keys"`
}

APIKeyAuthConfig configures API key authentication.

type APIKeyDef 

type APIKeyDef struct {
	Key         string   `yaml:"key"`
	Name        string   `yaml:"name"`
	Email       string   `yaml:"email"`
	Description string   `yaml:"description"`
	Roles       []string `yaml:"roles"`
}

APIKeyDef defines an API key.

type APIKeyDefinition added in v1.49.0 

type APIKeyDefinition struct {
	Name        string     `json:"name"`
	KeyHash     string     `json:"key_hash"`
	Email       string     `json:"email,omitempty"`
	Description string     `json:"description,omitempty"`
	Roles       []string   `json:"roles"`
	ExpiresAt   *time.Time `json:"expires_at,omitempty"`
	CreatedBy   string     `json:"created_by"`
	CreatedAt   time.Time  `json:"created_at"`
}

APIKeyDefinition represents a database-managed API key.

type APIKeyStore added in v1.49.0 

type APIKeyStore interface {
	List(ctx context.Context) ([]APIKeyDefinition, error)
	Set(ctx context.Context, def APIKeyDefinition) error
	Delete(ctx context.Context, name string) error
}

APIKeyStore manages API key persistence.

type AdminConfig added in v0.17.0 

type AdminConfig struct {
	Enabled    bool   `yaml:"enabled"`
	Persona    string `yaml:"persona"`     // required admin persona (default: "admin")
	PathPrefix string `yaml:"path_prefix"` // URL prefix (default: "/api/v1/admin")
}

AdminConfig configures the admin REST API.

type AppConfig added in v0.10.0 

type AppConfig struct {
	// Enabled controls whether this app is active.
	Enabled bool `yaml:"enabled"`

	// Tools lists the tool names this app attaches to.
	Tools []string `yaml:"tools"`

	// AssetsPath is the absolute filesystem path to the app's assets directory.
	// This should point to a directory containing the app's HTML/JS/CSS files.
	// Optional for built-in apps that use embedded assets; setting it overrides the embedded content.
	AssetsPath string `yaml:"assets_path"`

	// ResourceURI is the MCP resource URI for this app (e.g., "ui://query-results").
	// If not specified, defaults to "ui://<app-name>".
	ResourceURI string `yaml:"resource_uri"`

	// EntryPoint is the main HTML file within AssetsPath (e.g., "index.html").
	// Defaults to "index.html" if not specified.
	EntryPoint string `yaml:"entry_point"`

	// CSP defines Content Security Policy requirements for the app.
	CSP *CSPAppConfig `yaml:"csp"`

	// Config holds app-specific configuration that will be injected
	// into the HTML as JSON.
	Config map[string]any `yaml:"config"`
}

AppConfig configures an individual MCP App.

type AuditConfig 

type AuditConfig struct {
	Enabled       bool `yaml:"enabled"`
	LogToolCalls  bool `yaml:"log_tool_calls"`
	RetentionDays int  `yaml:"retention_days"`
}

AuditConfig configures audit logging.

type AuthConfig 

type AuthConfig struct {
	OIDC           OIDCAuthConfig       `yaml:"oidc"`
	APIKeys        APIKeyAuthConfig     `yaml:"api_keys"`
	BrowserSession BrowserSessionConfig `yaml:"browser_session"`
	AllowAnonymous bool                 `yaml:"allow_anonymous"` // default: false
}

AuthConfig configures authentication.

type BrowserSessionConfig added in v0.32.0 

type BrowserSessionConfig struct {
	Enabled    bool          `yaml:"enabled"`
	CookieName string        `yaml:"cookie_name"` // default: "mcp_session"
	TTL        time.Duration `yaml:"ttl"`         // default: 8h
	SigningKey string        `yaml:"signing_key"` // base64-encoded HMAC key
	Secure     bool          `yaml:"secure"`      // default: true
	Domain     string        `yaml:"domain"`
}

BrowserSessionConfig configures cookie-based browser sessions.

type CSPAppConfig added in v0.11.0 

type CSPAppConfig struct {
	// ResourceDomains lists origins for static resources (scripts, images, styles, fonts).
	ResourceDomains []string `yaml:"resource_domains"`

	// ConnectDomains lists origins for network requests (fetch/XHR/WebSocket).
	ConnectDomains []string `yaml:"connect_domains"`

	// FrameDomains lists origins for nested iframes.
	FrameDomains []string `yaml:"frame_domains"`

	// ClipboardWrite requests write access to the clipboard.
	ClipboardWrite bool `yaml:"clipboard_write"`
}

CSPAppConfig defines Content Security Policy requirements for an MCP App.

type CacheConfig 

type CacheConfig struct {
	Enabled bool          `yaml:"enabled"`
	TTL     time.Duration `yaml:"ttl"`
}

CacheConfig configures caching.

type ClientLoggingConfig added in v0.20.0 

type ClientLoggingConfig struct {
	Enabled bool `yaml:"enabled"`
}

ClientLoggingConfig configures server-to-client log message notifications.

type Closer 

type Closer interface {
	Close() error
}

Closer is something that can be closed.

type Component 

type Component interface {
	Start(ctx context.Context) error
	Stop(ctx context.Context) error
}

Component is something that can be started and stopped.

type Config 

type Config struct {
	APIVersion    string              `yaml:"apiVersion"`
	ConfigStore   ConfigStoreConfig   `yaml:"config_store"`
	Server        ServerConfig        `yaml:"server"`
	Auth          AuthConfig          `yaml:"auth"`
	OAuth         OAuthConfig         `yaml:"oauth"`
	Database      DatabaseConfig      `yaml:"database"`
	Personas      PersonasConfig      `yaml:"personas"`
	Toolkits      map[string]any      `yaml:"toolkits"`
	Tools         ToolsConfig         `yaml:"tools"`
	Semantic      SemanticConfig      `yaml:"semantic"`
	Query         QueryConfig         `yaml:"query"`
	Storage       StorageConfig       `yaml:"storage"`
	Injection     InjectionConfig     `yaml:"injection"`
	Tuning        TuningConfig        `yaml:"tuning"`
	Audit         AuditConfig         `yaml:"audit"`
	MCPApps       MCPAppsConfig       `yaml:"mcpapps"`
	Sessions      SessionsConfig      `yaml:"sessions"`
	Knowledge     KnowledgeConfig     `yaml:"knowledge"`
	Portal        PortalConfig        `yaml:"portal"`
	Admin         AdminConfig         `yaml:"admin"`
	Resources     ResourcesConfig     `yaml:"resources"`
	Progress      ProgressConfig      `yaml:"progress"`
	ClientLogging ClientLoggingConfig `yaml:"client_logging"`
	Icons         IconsConfig         `yaml:"icons"`
	Elicitation   ElicitationConfig   `yaml:"elicitation"`
	Workflow      WorkflowConfig      `yaml:"workflow"`
	SessionGate   SessionGateConfig   `yaml:"session_gate"`
}

Config holds the complete platform configuration.

func LoadConfig 

func LoadConfig(path string) (*Config, error)

LoadConfig loads configuration from a file. The path is expected to come from command line arguments, controlled by the administrator.

func LoadConfigFromBytes added in v0.16.0 

func LoadConfigFromBytes(data []byte) (*Config, error)

LoadConfigFromBytes loads configuration from raw YAML bytes. Environment variables are expanded before parsing. The apiVersion field is validated against the default version registry.

func (*Config) ApplyConfigEntry added in v1.48.0 

func (c *Config) ApplyConfigEntry(key, value string)

ApplyConfigEntry updates a live config field for a whitelisted config entry key.

func (*Config) Validate 

func (c *Config) Validate() error

Validate validates the configuration.

type ConfigEnvelope added in v0.16.0 

type ConfigEnvelope struct {
	APIVersion string `yaml:"apiVersion"`
}

ConfigEnvelope is a minimal struct for peeking at the apiVersion field without parsing the full config.

type ConfigStoreConfig added in v0.17.0 

type ConfigStoreConfig struct {
	Mode string `yaml:"mode"` // "file" (default) or "database"
}

ConfigStoreConfig configures how configuration is stored and managed.

type ConfigVersionInfo added in v0.16.0 

type ConfigVersionInfo struct {
	APIVersion        string   `json:"api_version"`
	SupportedVersions []string `json:"supported_versions"`
	LatestVersion     string   `json:"latest_version"`
}

ConfigVersionInfo provides information about the config API version.

type ConnectionInstance added in v1.48.0 

type ConnectionInstance struct {
	Kind        string         `json:"kind"`
	Name        string         `json:"name"`
	Config      map[string]any `json:"config"`
	Description string         `json:"description"`
	CreatedBy   string         `json:"created_by"`
	UpdatedAt   time.Time      `json:"updated_at"`
}

ConnectionInstance represents a database-managed toolkit backend connection.

type ConnectionRulesDef added in v1.48.0 

type ConnectionRulesDef struct {
	Allow []string `yaml:"allow,omitempty"`
	Deny  []string `yaml:"deny,omitempty"`
}

ConnectionRulesDef defines connection access rules in config.

type ConnectionSource added in v1.48.0 

type ConnectionSource struct {
	// Kind is the toolkit kind (trino, s3).
	Kind string `json:"kind"`

	// Name is the connection name.
	Name string `json:"name"`

	// DataHubSourceName is the platform identifier in DataHub URNs
	// (e.g. "trino", "postgres", "s3"). Multiple connections can share the same
	// source name.
	DataHubSourceName string `json:"datahub_source_name"`

	// CatalogMapping maps connection catalog names to DataHub catalog names.
	// For example: {"rdbms": "postgres"} means the connection's "rdbms" catalog
	// corresponds to "postgres" in DataHub URNs.
	CatalogMapping map[string]string `json:"catalog_mapping,omitempty"`

	// Description is the human-readable connection description.
	Description string `json:"description,omitempty"`
}

ConnectionSource holds the DataHub mapping for a single connection.

func ConnectionSourceFromInstance added in v1.48.0 

func ConnectionSourceFromInstance(inst ConnectionInstance) ConnectionSource

ConnectionSourceFromInstance builds a ConnectionSource from a DB instance.

type ConnectionSourceMap added in v1.48.0 

type ConnectionSourceMap struct {
	// contains filtered or unexported fields
}

ConnectionSourceMap provides forward and reverse lookups between connections and DataHub URN components.

func NewConnectionSourceMap added in v1.48.0 

func NewConnectionSourceMap() *ConnectionSourceMap

NewConnectionSourceMap creates an empty source map.

func (*ConnectionSourceMap) Add added in v1.48.0 

func (m *ConnectionSourceMap) Add(src ConnectionSource)

Add registers a connection's DataHub source mapping.

func (*ConnectionSourceMap) ConnectionsForSource added in v1.48.0 

func (m *ConnectionSourceMap) ConnectionsForSource(datahubSourceName string) []*ConnectionSource

ConnectionsForSource returns all connections that map to the given DataHub source name (e.g. "trino" returns all Trino connections).

func (*ConnectionSourceMap) ConnectionsForURN added in v1.48.0 

func (m *ConnectionSourceMap) ConnectionsForURN(urn string) []*ConnectionSource

ConnectionsForURN parses a DataHub URN and returns all connections whose source name matches the URN's platform. Returns nil if the URN can't be parsed.

func (*ConnectionSourceMap) ForConnection added in v1.48.0 

func (m *ConnectionSourceMap) ForConnection(kind, name string) *ConnectionSource

ForConnection returns the DataHub source info for a connection. Returns nil if the connection has no mapping.

func (*ConnectionSourceMap) ForConnectionName added in v1.48.0 

func (m *ConnectionSourceMap) ForConnectionName(name string) *ConnectionSource

ForConnectionName returns the DataHub source info by connection name only. Searches all kinds. Returns nil if not found.

func (*ConnectionSourceMap) Remove added in v1.48.0 

func (m *ConnectionSourceMap) Remove(kind, name string)

Remove deletes a connection's DataHub source mapping.

type ConnectionStore added in v1.48.0 

type ConnectionStore interface {
	List(ctx context.Context) ([]ConnectionInstance, error)
	Get(ctx context.Context, kind, name string) (*ConnectionInstance, error)
	Set(ctx context.Context, inst ConnectionInstance) error
	Delete(ctx context.Context, kind, name string) error
}

ConnectionStore manages connection instance persistence.

type ContextDef added in v1.48.0 

type ContextDef struct {
	DescriptionPrefix         string `yaml:"description_prefix,omitempty"`
	DescriptionOverride       string `yaml:"description_override,omitempty"`
	AgentInstructionsSuffix   string `yaml:"agent_instructions_suffix,omitempty"`
	AgentInstructionsOverride string `yaml:"agent_instructions_override,omitempty"`
}

ContextDef defines per-persona context overrides.

type CostEstimationConfig added in v0.21.0 

type CostEstimationConfig struct {
	// Enabled controls whether query cost estimation triggers elicitation.
	Enabled bool `yaml:"enabled"`

	// RowThreshold is the estimated row count above which confirmation is requested.
	// Default: 1000000 (1 million rows).
	RowThreshold int64 `yaml:"row_threshold"`
}

CostEstimationConfig configures query cost estimation.

type CustomResourceDef added in v0.29.0 

type CustomResourceDef struct {
	URI         string `yaml:"uri"`
	Name        string `yaml:"name"`
	Description string `yaml:"description,omitempty"`
	MIMEType    string `yaml:"mime_type"`
	Content     string `yaml:"content,omitempty"`      // inline text/JSON/SVG
	ContentFile string `yaml:"content_file,omitempty"` // absolute or relative path
}

CustomResourceDef defines a user-configured static MCP resource.

type DCRConfig 

type DCRConfig struct {
	Enabled                 bool     `yaml:"enabled"`
	AllowedRedirectPatterns []string `yaml:"allowed_redirect_patterns"`
}

DCRConfig configures Dynamic Client Registration.

type DatabaseConfig 

type DatabaseConfig struct {
	DSN          string `yaml:"dsn"`
	MaxOpenConns int    `yaml:"max_open_conns"`
}

DatabaseConfig configures the database connection.

type ElicitationConfig added in v0.21.0 

type ElicitationConfig struct {
	// Enabled is the master switch for all elicitation features.
	Enabled bool `yaml:"enabled"`

	// CostEstimation configures query cost estimation and confirmation.
	CostEstimation CostEstimationConfig `yaml:"cost_estimation"`

	// PIIConsent configures PII access consent.
	PIIConsent PIIConsentConfig `yaml:"pii_consent"`
}

ElicitationConfig configures user confirmation for expensive operations.

type EscalationConfig added in v0.27.0 

type EscalationConfig struct {
	// AfterWarnings is the number of standard warnings before escalation.
	// Defaults to 3.
	AfterWarnings int `yaml:"after_warnings"`

	// EscalationMessage replaces the standard warning after the threshold.
	// The placeholder {count} is replaced with the current warning count.
	EscalationMessage string `yaml:"escalation_message"`
}

EscalationConfig configures progressive escalation for workflow gating.

type Features added in v0.9.0 

type Features struct {
	SemanticEnrichment bool                `json:"semantic_enrichment"`
	QueryEnrichment    bool                `json:"query_enrichment"`
	StorageEnrichment  bool                `json:"storage_enrichment"`
	AuditLogging       bool                `json:"audit_logging"`
	KnowledgeCapture   bool                `json:"knowledge_capture"`
	KnowledgeApply     *KnowledgeApplyInfo `json:"knowledge_apply,omitempty"`
}

Features describes enabled platform features.

type FieldEncryptor added in v1.48.0 

type FieldEncryptor struct {
	// contains filtered or unexported fields
}

FieldEncryptor encrypts and decrypts sensitive fields within connection config maps. Uses AES-256-GCM with a random nonce per encryption. The encrypted value is stored as "enc:" + base64(nonce + ciphertext).

func NewFieldEncryptor added in v1.48.0 

func NewFieldEncryptor(key []byte) (*FieldEncryptor, error)

NewFieldEncryptor creates an encryptor from a 32-byte (AES-256) key. The key should come from the ENCRYPTION_KEY environment variable. Returns nil if the key is empty (encryption disabled — values stored in plain text).

func (*FieldEncryptor) DecryptSensitiveFields added in v1.48.0 

func (e *FieldEncryptor) DecryptSensitiveFields(config map[string]any) (map[string]any, error)

DecryptSensitiveFields returns a copy of the config map with sensitive field values decrypted. Non-sensitive fields and plain-text values are left unchanged. If the encryptor is nil, the original map is returned unchanged.

func (*FieldEncryptor) EncryptSensitiveFields added in v1.48.0 

func (e *FieldEncryptor) EncryptSensitiveFields(config map[string]any) (map[string]any, error)

EncryptSensitiveFields returns a copy of the config map with sensitive field values encrypted. Non-sensitive fields and already-encrypted values are left unchanged. If the encryptor is nil, the original map is returned unchanged.

type IconDef added in v0.21.0 

type IconDef struct {
	// Source is the icon URL (HTTP/HTTPS) or data URI.
	Source string `yaml:"src"`

	// MIMEType is the optional MIME type (e.g., "image/svg+xml").
	MIMEType string `yaml:"mime_type,omitempty"`
}

IconDef defines an icon for config-driven injection.

type IconsConfig added in v0.21.0 

type IconsConfig struct {
	// Enabled is the master switch for icon injection.
	Enabled bool `yaml:"enabled"`

	// Tools maps tool names to their icon definitions.
	Tools map[string]IconDef `yaml:"tools"`

	// Resources maps resource URI templates to their icon definitions.
	Resources map[string]IconDef `yaml:"resources"`

	// Prompts maps prompt names to their icon definitions.
	Prompts map[string]IconDef `yaml:"prompts"`
}

IconsConfig configures visual metadata for tools, resources, and prompts.

type ImplementorConfig added in v1.38.5 

type ImplementorConfig struct {
	Name string `yaml:"name"` // display name (e.g., "ACME Corp")
	URL  string `yaml:"url"`  // link URL (e.g., "https://acme.com")
}

ImplementorConfig configures the optional implementor brand shown in the far-left zone of the public viewer header (e.g., "ACME Corp").

type Info added in v0.14.0 

type Info struct {
	Name                string                `json:"name"`
	Version             string                `json:"version"`
	Description         string                `json:"description,omitempty"`
	Tags                []string              `json:"tags,omitempty"`
	AgentInstructions   string                `json:"agent_instructions,omitempty"`
	Toolkits            []string              `json:"toolkits"`
	ToolkitDescriptions map[string]string     `json:"toolkit_descriptions,omitempty"`
	PortalURL           string                `json:"portal_url,omitempty"`
	Persona             *PersonaInfo          `json:"persona,omitempty"`
	Prompts             []registry.PromptInfo `json:"prompts,omitempty"`
	Features            Features              `json:"features"`
	ConfigVersion       ConfigVersionInfo     `json:"config_version"`
}

Info contains information about the platform deployment.

type InjectionConfig 

type InjectionConfig struct {
	TrinoSemanticEnrichment  bool               `yaml:"trino_semantic_enrichment"`
	DataHubQueryEnrichment   bool               `yaml:"datahub_query_enrichment"`
	S3SemanticEnrichment     bool               `yaml:"s3_semantic_enrichment"`
	DataHubStorageEnrichment bool               `yaml:"datahub_storage_enrichment"`
	EstimateRowCounts        bool               `yaml:"estimate_row_counts"`
	SessionDedup             SessionDedupConfig `yaml:"session_dedup"`

	// ColumnContextFiltering limits column-level semantic enrichment to
	// columns referenced in the SQL query. Saves tokens when queries
	// touch a subset of a wide table. Defaults to true (nil = enabled).
	ColumnContextFiltering *bool `yaml:"column_context_filtering"`

	// SearchSchemaPreview adds a bounded column-name+type preview to
	// datahub_search query_context, eliminating the intermediate
	// datahub_get_schema or trino_describe_table call before writing SQL.
	// Defaults to true (nil = enabled).
	SearchSchemaPreview *bool `yaml:"search_schema_preview"`

	// SchemaPreviewMaxColumns caps how many columns appear in each
	// schema preview. Defaults to 15 (nil = 15).
	SchemaPreviewMaxColumns *int `yaml:"schema_preview_max_columns"`
}

InjectionConfig configures cross-injection.

func (*InjectionConfig) EffectiveSchemaPreviewMaxColumns added in v0.25.0 

func (c *InjectionConfig) EffectiveSchemaPreviewMaxColumns() int

EffectiveSchemaPreviewMaxColumns returns the configured max columns for schema preview, defaulting to 15 when not explicitly set.

func (*InjectionConfig) IsColumnContextFilteringEnabled added in v0.25.0 

func (c *InjectionConfig) IsColumnContextFilteringEnabled() bool

IsColumnContextFilteringEnabled returns whether column context filtering is enabled, defaulting to true when not explicitly set.

func (*InjectionConfig) IsSearchSchemaPreviewEnabled added in v0.25.0 

func (c *InjectionConfig) IsSearchSchemaPreviewEnabled() bool

IsSearchSchemaPreviewEnabled returns whether search schema preview is enabled, defaulting to true when not explicitly set.

type KnowledgeApplyConfig added in v0.16.0 

type KnowledgeApplyConfig struct {
	Enabled             bool   `yaml:"enabled"`
	DataHubConnection   string `yaml:"datahub_connection"`
	RequireConfirmation bool   `yaml:"require_confirmation"`
}

KnowledgeApplyConfig configures the apply_knowledge tool.

type KnowledgeApplyInfo added in v0.16.0 

type KnowledgeApplyInfo struct {
	Enabled           bool   `json:"enabled"`
	DataHubConnection string `json:"datahub_connection,omitempty"`
}

KnowledgeApplyInfo provides information about the knowledge apply feature.

type KnowledgeConfig added in v0.16.0 

type KnowledgeConfig struct {
	Enabled bool                 `yaml:"enabled"`
	Apply   KnowledgeApplyConfig `yaml:"apply"`
}

KnowledgeConfig configures the knowledge capture feature.

type Lifecycle 

type Lifecycle struct {
	// contains filtered or unexported fields
}

Lifecycle manages the startup and shutdown of platform components.

func NewLifecycle 

func NewLifecycle() *Lifecycle

NewLifecycle creates a new lifecycle manager.

func (*Lifecycle) IsStarted 

func (l *Lifecycle) IsStarted() bool

IsStarted returns whether the lifecycle has been started.

func (*Lifecycle) OnStart 

func (l *Lifecycle) OnStart(callback func(context.Context) error)

OnStart registers a callback to run on startup.

func (*Lifecycle) OnStop 

func (l *Lifecycle) OnStop(callback func(context.Context) error)

OnStop registers a callback to run on shutdown.

func (*Lifecycle) RegisterCloser 

func (l *Lifecycle) RegisterCloser(c Closer)

RegisterCloser registers a closer to be closed on shutdown.

func (*Lifecycle) RegisterComponent 

func (l *Lifecycle) RegisterComponent(c Component)

RegisterComponent registers a component with the lifecycle.

func (*Lifecycle) Start 

func (l *Lifecycle) Start(ctx context.Context) error

Start runs all start callbacks.

func (*Lifecycle) Stop 

func (l *Lifecycle) Stop(ctx context.Context) error

Stop runs all stop callbacks in reverse order.

type MCPAppsConfig added in v0.10.0 

type MCPAppsConfig struct {
	// Enabled is the master switch for MCP Apps support.
	// Nil (not set) defaults to true — the built-in platform-info app is always registered.
	// Set to false explicitly to disable all MCP Apps.
	Enabled *bool `yaml:"enabled"`

	// Apps configures individual MCP Apps.
	Apps map[string]AppConfig `yaml:"apps"`
}

MCPAppsConfig configures MCP Apps support for interactive UI components.

func (*MCPAppsConfig) IsEnabled added in v0.28.1 

func (c *MCPAppsConfig) IsEnabled() bool

IsEnabled returns whether MCP Apps support is enabled. Defaults to true when not explicitly set.

type NoopAPIKeyStore added in v1.49.0 

type NoopAPIKeyStore struct{}

NoopAPIKeyStore is a no-op implementation for when no database is available.

func (*NoopAPIKeyStore) Delete added in v1.49.0 

func (*NoopAPIKeyStore) Delete(_ context.Context, _ string) error

Delete returns ErrAPIKeyNotFound for the noop store.

func (*NoopAPIKeyStore) List added in v1.49.0 

func (*NoopAPIKeyStore) List(_ context.Context) ([]APIKeyDefinition, error)

List returns nil for the noop store.

func (*NoopAPIKeyStore) Set added in v1.49.0 

func (*NoopAPIKeyStore) Set(_ context.Context, _ APIKeyDefinition) error

Set is a no-op.

type NoopConnectionStore added in v1.48.0 

type NoopConnectionStore struct{}

NoopConnectionStore is a no-op implementation for when no database is available.

func (*NoopConnectionStore) Delete added in v1.48.0 

func (*NoopConnectionStore) Delete(_ context.Context, _, _ string) error

Delete always returns ErrConnectionNotFound.

func (*NoopConnectionStore) Get added in v1.48.0 

func (*NoopConnectionStore) Get(_ context.Context, _, _ string) (*ConnectionInstance, error)

Get always returns ErrConnectionNotFound.

func (*NoopConnectionStore) List added in v1.48.0 

func (*NoopConnectionStore) List(_ context.Context) ([]ConnectionInstance, error)

List returns an empty slice.

func (*NoopConnectionStore) Set added in v1.48.0 

func (*NoopConnectionStore) Set(_ context.Context, _ ConnectionInstance) error

Set is a no-op.

type NoopPersonaStore added in v1.49.0 

type NoopPersonaStore struct{}

NoopPersonaStore is a no-op implementation for when no database is available.

func (*NoopPersonaStore) Delete added in v1.49.0 

func (*NoopPersonaStore) Delete(_ context.Context, _ string) error

Delete always returns ErrPersonaNotFound (no database available).

func (*NoopPersonaStore) Get added in v1.49.0 

func (*NoopPersonaStore) Get(_ context.Context, _ string) (*PersonaDefinition, error)

Get always returns ErrPersonaNotFound (no database available).

func (*NoopPersonaStore) List added in v1.49.0 

func (*NoopPersonaStore) List(_ context.Context) ([]PersonaDefinition, error)

List returns an empty list (no database available).

func (*NoopPersonaStore) Set added in v1.49.0 

func (*NoopPersonaStore) Set(_ context.Context, _ PersonaDefinition) error

Set is a no-op (no database available).

type OAuthClientConfig added in v0.3.0 

type OAuthClientConfig struct {
	ID           string   `yaml:"id"`
	Secret       string   `yaml:"secret"` // #nosec G117 -- API key secret from admin YAML config
	RedirectURIs []string `yaml:"redirect_uris"`
}

OAuthClientConfig defines a pre-registered OAuth client.

type OAuthConfig 

type OAuthConfig struct {
	Enabled    bool                `yaml:"enabled"`
	Issuer     string              `yaml:"issuer"`
	SigningKey string              `yaml:"signing_key"` // Base64-encoded HMAC key for JWT signing
	Clients    []OAuthClientConfig `yaml:"clients"`
	DCR        DCRConfig           `yaml:"dcr"`
	Upstream   *UpstreamIDPConfig  `yaml:"upstream,omitempty"`
}

OAuthConfig configures the OAuth server.

type OIDCAuthConfig 

type OIDCAuthConfig struct {
	Enabled       bool     `yaml:"enabled"`
	Issuer        string   `yaml:"issuer"`
	ClientID      string   `yaml:"client_id"`
	ClientSecret  string   `yaml:"client_secret"` // #nosec G117 -- OIDC secret from admin config
	Audience      string   `yaml:"audience"`
	RoleClaimPath string   `yaml:"role_claim_path"`
	RolePrefix    string   `yaml:"role_prefix"`
	Scopes        []string `yaml:"scopes"` // default: [openid, profile, email]
}

OIDCAuthConfig configures OIDC authentication.

type Option 

type Option func(*Options)

Option is a functional option for configuring the platform.

func WithAuditLogger 

func WithAuditLogger(logger middleware.AuditLogger) Option

WithAuditLogger sets the audit logger.

func WithAuthenticator 

func WithAuthenticator(auth middleware.Authenticator) Option

WithAuthenticator sets the authenticator.

func WithAuthorizer 

func WithAuthorizer(authz middleware.Authorizer) Option

WithAuthorizer sets the authorizer.

func WithConfig 

func WithConfig(cfg *Config) Option

WithConfig sets the configuration.

func WithDB 

func WithDB(db *sql.DB) Option

WithDB sets the database connection.

func WithPersonaRegistry 

func WithPersonaRegistry(reg *persona.Registry) Option

WithPersonaRegistry sets the persona registry.

func WithQueryProvider 

func WithQueryProvider(provider query.Provider) Option

WithQueryProvider sets the query provider.

func WithRuleEngine 

func WithRuleEngine(engine *tuning.RuleEngine) Option

WithRuleEngine sets the rule engine.

func WithSemanticProvider 

func WithSemanticProvider(provider semantic.Provider) Option

WithSemanticProvider sets the semantic provider.

func WithSessionStore added in v0.15.0 

func WithSessionStore(store session.Store) Option

WithSessionStore sets the session store.

func WithStorageProvider 

func WithStorageProvider(provider storage.Provider) Option

WithStorageProvider sets the storage provider.

func WithToolkitRegistry 

func WithToolkitRegistry(reg *registry.Registry) Option

WithToolkitRegistry sets the toolkit registry.

type Options 

type Options struct {
	// Config is the platform configuration.
	Config *Config

	// Database connection (optional, will be created from config if not provided).
	DB *sql.DB

	// SemanticProvider (optional, will be created from config if not provided).
	SemanticProvider semantic.Provider

	// QueryProvider (optional, will be created from config if not provided).
	QueryProvider query.Provider

	// StorageProvider (optional, will be created from config if not provided).
	StorageProvider storage.Provider

	// Authenticator (optional, will be created from config if not provided).
	Authenticator middleware.Authenticator

	// Authorizer (optional, will be created from config if not provided).
	Authorizer middleware.Authorizer

	// AuditLogger (optional, will be created from config if not provided).
	AuditLogger middleware.AuditLogger

	// PersonaRegistry (optional, will be created from config if not provided).
	PersonaRegistry *persona.Registry

	// ToolkitRegistry (optional, will be created if not provided).
	ToolkitRegistry *registry.Registry

	// RuleEngine (optional, will be created from config if not provided).
	RuleEngine *tuning.RuleEngine

	// SessionStore (optional, will be created from config if not provided).
	SessionStore session.Store
}

Options configures the platform.

type PIIConsentConfig added in v0.21.0 

type PIIConsentConfig struct {
	// Enabled controls whether PII table access triggers elicitation.
	Enabled bool `yaml:"enabled"`
}

PIIConsentConfig configures PII access consent.

type PersonaDef 

type PersonaDef struct {
	DisplayName string             `yaml:"display_name"`
	Description string             `yaml:"description,omitempty"`
	Roles       []string           `yaml:"roles"`
	Tools       ToolRulesDef       `yaml:"tools"`
	Connections ConnectionRulesDef `yaml:"connections"`
	Context     ContextDef         `yaml:"context"`
	Priority    int                `yaml:"priority,omitempty"`
}

PersonaDef defines a persona.

type PersonaDefinition added in v1.49.0 

type PersonaDefinition struct {
	Name        string                   `json:"name"`
	DisplayName string                   `json:"display_name"`
	Description string                   `json:"description,omitempty"`
	Roles       []string                 `json:"roles"`
	ToolsAllow  []string                 `json:"tools_allow"`
	ToolsDeny   []string                 `json:"tools_deny"`
	ConnsAllow  []string                 `json:"connections_allow,omitempty"`
	ConnsDeny   []string                 `json:"connections_deny,omitempty"`
	Context     persona.ContextOverrides `json:"context"`
	Priority    int                      `json:"priority"`
	CreatedBy   string                   `json:"created_by"`
	UpdatedAt   time.Time                `json:"updated_at"`
}

PersonaDefinition represents a database-managed persona.

func PersonaDefinitionFromPersona added in v1.49.0 

func PersonaDefinitionFromPersona(p *persona.Persona, author string) PersonaDefinition

PersonaDefinitionFromPersona converts a persona.Persona to a PersonaDefinition.

func (*PersonaDefinition) ToPersona added in v1.49.0 

func (d *PersonaDefinition) ToPersona() *persona.Persona

ToPersona converts a PersonaDefinition to a persona.Persona.

type PersonaInfo added in v0.12.0 

type PersonaInfo struct {
	Name        string `json:"name"`
	DisplayName string `json:"display_name"`
	Description string `json:"description,omitempty"`
}

PersonaInfo provides summary information about a persona.

type PersonaStore added in v1.49.0 

type PersonaStore interface {
	List(ctx context.Context) ([]PersonaDefinition, error)
	Get(ctx context.Context, name string) (*PersonaDefinition, error)
	Set(ctx context.Context, def PersonaDefinition) error
	Delete(ctx context.Context, name string) error
}

PersonaStore manages persona definition persistence.

type PersonasConfig 

type PersonasConfig struct {
	Definitions    map[string]PersonaDef `yaml:",inline"`
	DefaultPersona string                `yaml:"default_persona"`
	RoleMapping    RoleMappingConfig     `yaml:"role_mapping"`
}

PersonasConfig holds persona definitions.

type Platform 

type Platform struct {
	// contains filtered or unexported fields
}

Platform is the main platform facade.

func New 

func New(opts ...Option) (*Platform, error)

New creates a new platform instance.

func (*Platform) APIKeyAuthenticator added in v0.17.0 

func (p *Platform) APIKeyAuthenticator() *auth.APIKeyAuthenticator

APIKeyAuthenticator returns the API key authenticator, or nil if API keys are disabled.

func (*Platform) APIKeyStore added in v1.49.0 

func (p *Platform) APIKeyStore() APIKeyStore

APIKeyStore returns the API key definition store, or nil if not initialized.

func (*Platform) AuditStore added in v0.17.0 

func (p *Platform) AuditStore() *auditpostgres.Store

AuditStore returns the PostgreSQL audit store, or nil if audit is disabled.

func (*Platform) Authenticator added in v0.17.0 

func (p *Platform) Authenticator() middleware.Authenticator

Authenticator returns the platform authenticator.

func (*Platform) BrandLogoSVG added in v1.38.5 

func (p *Platform) BrandLogoSVG() string

BrandLogoSVG returns the resolved brand logo SVG content (from portal.logo or mcpapps platform-info config), or empty string if none is configured.

func (*Platform) BrandURL added in v1.38.5 

func (p *Platform) BrandURL() string

BrandURL returns the resolved brand URL from the mcpapps platform-info config (brand_url), or empty string if not configured.

func (*Platform) BrowserSessionAuth added in v0.32.0 

func (p *Platform) BrowserSessionAuth() *browsersession.Authenticator

BrowserSessionAuth returns the cookie-based authenticator, or nil if browser sessions are disabled.

func (*Platform) BrowserSessionFlow added in v0.32.0 

func (p *Platform) BrowserSessionFlow() *browsersession.Flow

BrowserSessionFlow returns the OIDC login flow, or nil if browser sessions are disabled.

func (*Platform) Close 

func (p *Platform) Close() error

Close closes all platform resources in the correct order:

  1. Flush enrichment state, stop session cache, close session store
  2. Close audit logger + audit store (goroutine stops, can still use DB)
  3. Close providers and toolkit registry (trino, datahub, s3)
  4. Close database connection (last — nothing else needs it)

func (*Platform) Config 

func (p *Platform) Config() *Config

Config returns the platform configuration.

func (*Platform) ConfigStore added in v0.17.0 

func (p *Platform) ConfigStore() configstore.Store

ConfigStore returns the config store.

func (*Platform) ConnectionSources added in v1.48.0 

func (p *Platform) ConnectionSources() *ConnectionSourceMap

ConnectionSources returns the connection→DataHub source mapping.

func (*Platform) ConnectionStore added in v1.48.0 

func (p *Platform) ConnectionStore() ConnectionStore

ConnectionStore returns the connection instance store, or nil if not initialized.

func (*Platform) FileDefaults added in v1.48.0 

func (p *Platform) FileDefaults() map[string]string

FileDefaults returns the original file-based config values for whitelisted keys. Used to revert to file defaults when a DB override is deleted.

func (*Platform) FilePersonaNames added in v1.50.3 

func (p *Platform) FilePersonaNames() map[string]bool

FilePersonaNames returns a copy of the persona names loaded from the config file.

func (*Platform) KnowledgeChangesetStore added in v0.17.0 

func (p *Platform) KnowledgeChangesetStore() knowledgekit.ChangesetStore

KnowledgeChangesetStore returns the changeset store, or nil if knowledge apply is disabled.

func (*Platform) KnowledgeDataHubWriter added in v0.17.0 

func (p *Platform) KnowledgeDataHubWriter() knowledgekit.DataHubWriter

KnowledgeDataHubWriter returns the DataHub writer, or nil if knowledge apply is disabled.

func (*Platform) KnowledgeInsightStore added in v0.17.0 

func (p *Platform) KnowledgeInsightStore() knowledgekit.InsightStore

KnowledgeInsightStore returns the insight store, or nil if knowledge is disabled.

func (*Platform) MCPServer 

func (p *Platform) MCPServer() *mcp.Server

MCPServer returns the MCP server.

func (*Platform) OAuthServer added in v0.3.0 

func (p *Platform) OAuthServer() *oauth.Server

OAuthServer returns the OAuth server, or nil if not enabled.

func (*Platform) PersonaRegistry 

func (p *Platform) PersonaRegistry() *persona.Registry

PersonaRegistry returns the persona registry.

func (*Platform) PersonaStore added in v1.49.0 

func (p *Platform) PersonaStore() PersonaStore

PersonaStore returns the persona definition store, or nil if not initialized.

func (*Platform) PlatformTools added in v0.18.2 

func (*Platform) PlatformTools() []ToolInfo

PlatformTools returns tools registered directly on the platform outside of any toolkit.

func (*Platform) PortalAssetStore added in v0.32.0 

func (p *Platform) PortalAssetStore() portal.AssetStore

PortalAssetStore returns the portal asset store, or nil if portal is disabled.

func (*Platform) PortalCollectionStore added in v1.47.0 

func (p *Platform) PortalCollectionStore() portal.CollectionStore

PortalCollectionStore returns the portal collection store, or nil if portal is disabled.

func (*Platform) PortalS3Client added in v0.32.0 

func (p *Platform) PortalS3Client() portal.S3Client

PortalS3Client returns the portal S3 client, or nil if portal is disabled.

func (*Platform) PortalShareStore added in v0.32.0 

func (p *Platform) PortalShareStore() portal.ShareStore

PortalShareStore returns the portal share store, or nil if portal is disabled.

func (*Platform) PortalVersionStore added in v1.43.0 

func (p *Platform) PortalVersionStore() portal.VersionStore

PortalVersionStore returns the portal version store, or nil if portal is disabled.

func (*Platform) QueryProvider 

func (p *Platform) QueryProvider() query.Provider

QueryProvider returns the query provider. 

func (p *Platform) ResolveImplementorLogo() string

ResolveImplementorLogo fetches the implementor logo SVG from the URL configured in portal.implementor.logo. The result is cached so subsequent calls return the same value without another HTTP request. Returns empty string if no logo URL is configured or the fetch fails.

func (*Platform) RuleEngine 

func (p *Platform) RuleEngine() *tuning.RuleEngine

RuleEngine returns the rule engine.

func (*Platform) SemanticProvider 

func (p *Platform) SemanticProvider() semantic.Provider

SemanticProvider returns the semantic provider.

func (*Platform) SessionStore added in v0.15.0 

func (p *Platform) SessionStore() session.Store

SessionStore returns the session store.

func (*Platform) Start 

func (p *Platform) Start(ctx context.Context) error

Start starts the platform.

func (*Platform) Stop 

func (p *Platform) Stop(ctx context.Context) error

Stop stops the platform.

func (*Platform) StorageProvider 

func (p *Platform) StorageProvider() storage.Provider

StorageProvider returns the storage provider.

func (*Platform) ToolkitRegistry 

func (p *Platform) ToolkitRegistry() *registry.Registry

ToolkitRegistry returns the toolkit registry.

type PortalConfig added in v0.32.0 

type PortalConfig struct {
	Enabled        bool                  `yaml:"enabled"`
	Title          string                `yaml:"title"`            // sidebar/branding title (default: "MCP Data Platform")
	LogoLight      string                `yaml:"logo_light"`       // URL to logo for light theme
	LogoDark       string                `yaml:"logo_dark"`        // URL to logo for dark theme
	S3Connection   string                `yaml:"s3_connection"`    // name of the S3 toolkit instance to use
	S3Bucket       string                `yaml:"s3_bucket"`        // bucket for artifact storage
	S3Prefix       string                `yaml:"s3_prefix"`        // key prefix within the bucket
	PublicBaseURL  string                `yaml:"public_base_url"`  // base URL for portal links (e.g., "https://portal.example.com")
	MaxContentSize int                   `yaml:"max_content_size"` // max artifact size in bytes (default: 10MB)
	Implementor    ImplementorConfig     `yaml:"implementor"`      // optional implementor brand (far-left header zone)
	RateLimit      PortalRateLimitConfig `yaml:"rate_limit"`
}

PortalConfig configures the asset portal for saving AI-generated artifacts.

type PortalRateLimitConfig added in v0.32.0 

type PortalRateLimitConfig struct {
	RequestsPerMinute int `yaml:"requests_per_minute"` // default: 60
	BurstSize         int `yaml:"burst_size"`          // default: 10
}

PortalRateLimitConfig configures rate limiting for the public portal viewer.

type PostgresAPIKeyStore added in v1.49.0 

type PostgresAPIKeyStore struct {
	// contains filtered or unexported fields
}

PostgresAPIKeyStore implements APIKeyStore backed by PostgreSQL.

func NewPostgresAPIKeyStore added in v1.49.0 

func NewPostgresAPIKeyStore(db *sql.DB) *PostgresAPIKeyStore

NewPostgresAPIKeyStore creates a new PostgreSQL-backed API key store.

func (*PostgresAPIKeyStore) Delete added in v1.49.0 

func (s *PostgresAPIKeyStore) Delete(ctx context.Context, name string) error

Delete removes an API key definition by name.

func (*PostgresAPIKeyStore) List added in v1.49.0 

func (s *PostgresAPIKeyStore) List(ctx context.Context) ([]APIKeyDefinition, error)

List returns all API key definitions.

func (*PostgresAPIKeyStore) Set added in v1.49.0 

func (s *PostgresAPIKeyStore) Set(ctx context.Context, def APIKeyDefinition) error

Set creates or updates an API key definition.

type PostgresConnectionStore added in v1.48.0 

type PostgresConnectionStore struct {
	// contains filtered or unexported fields
}

PostgresConnectionStore implements ConnectionStore backed by PostgreSQL. Sensitive config fields (password, token, secret_access_key, etc.) are encrypted at rest using AES-256-GCM when an encryption key is configured.

func NewPostgresConnectionStore added in v1.48.0 

func NewPostgresConnectionStore(db *sql.DB, encryptor *FieldEncryptor) *PostgresConnectionStore

NewPostgresConnectionStore creates a new PostgreSQL-backed connection store. The encryptor may be nil (encryption disabled — values stored in plain text).

func (*PostgresConnectionStore) Delete added in v1.48.0 

func (s *PostgresConnectionStore) Delete(ctx context.Context, kind, name string) error

Delete removes a connection instance by kind and name.

func (*PostgresConnectionStore) Get added in v1.48.0 

func (s *PostgresConnectionStore) Get(ctx context.Context, kind, name string) (*ConnectionInstance, error)

Get returns a single connection instance by kind and name.

func (*PostgresConnectionStore) List added in v1.48.0 

func (s *PostgresConnectionStore) List(ctx context.Context) ([]ConnectionInstance, error)

List returns all connection instances ordered by kind and name.

func (*PostgresConnectionStore) Set added in v1.48.0 

func (s *PostgresConnectionStore) Set(ctx context.Context, inst ConnectionInstance) error

Set creates or updates a connection instance. Sensitive config fields are encrypted before storage.

type PostgresPersonaStore added in v1.49.0 

type PostgresPersonaStore struct {
	// contains filtered or unexported fields
}

PostgresPersonaStore implements PersonaStore backed by PostgreSQL.

func NewPostgresPersonaStore added in v1.49.0 

func NewPostgresPersonaStore(db *sql.DB) *PostgresPersonaStore

NewPostgresPersonaStore creates a new PostgreSQL-backed persona store.

func (*PostgresPersonaStore) Delete added in v1.49.0 

func (s *PostgresPersonaStore) Delete(ctx context.Context, name string) error

Delete removes a persona definition by name.

func (*PostgresPersonaStore) Get added in v1.49.0 

func (s *PostgresPersonaStore) Get(ctx context.Context, name string) (*PersonaDefinition, error)

Get returns a single persona definition by name.

func (*PostgresPersonaStore) List added in v1.49.0 

func (s *PostgresPersonaStore) List(ctx context.Context) ([]PersonaDefinition, error)

List returns all persona definitions.

func (*PostgresPersonaStore) Set added in v1.49.0 

func (s *PostgresPersonaStore) Set(ctx context.Context, def PersonaDefinition) error

Set creates or updates a persona definition.

type ProgressConfig added in v0.20.0 

type ProgressConfig struct {
	Enabled bool `yaml:"enabled"`
}

ProgressConfig configures progress notifications during tool execution.

type PromptArgumentConfig added in v1.38.0 

type PromptArgumentConfig struct {
	Name        string `yaml:"name"`
	Description string `yaml:"description"`
	Required    bool   `yaml:"required"`
}

PromptArgumentConfig defines an argument for a platform-level MCP prompt.

type PromptConfig added in v0.11.0 

type PromptConfig struct {
	Name        string                 `yaml:"name"`
	Description string                 `yaml:"description"`
	Content     string                 `yaml:"content"`
	Arguments   []PromptArgumentConfig `yaml:"arguments"`
}

PromptConfig defines a platform-level MCP prompt.

type QueryConfig 

type QueryConfig struct {
	Provider   string           `yaml:"provider"` // "trino", "noop"
	Instance   string           `yaml:"instance"`
	URNMapping URNMappingConfig `yaml:"urn_mapping"`
}

QueryConfig configures the query provider.

type ResourcesConfig added in v0.20.0 

type ResourcesConfig struct {
	Enabled bool                `yaml:"enabled"` // gates schema/glossary/availability templates
	Custom  []CustomResourceDef `yaml:"custom"`  // always registered when non-empty
}

ResourcesConfig configures MCP resource templates.

type RoleMappingConfig 

type RoleMappingConfig struct {
	OIDCToPersona map[string]string `yaml:"oidc_to_persona"`
}

RoleMappingConfig configures role mapping.

type RulesConfig 

type RulesConfig struct {
	RequireDataHubCheck bool    `yaml:"require_datahub_check"`
	WarnOnDeprecated    bool    `yaml:"warn_on_deprecated"`
	QualityThreshold    float64 `yaml:"quality_threshold"`
}

RulesConfig configures operational rules.

type SemanticConfig 

type SemanticConfig struct {
	Provider   string                        `yaml:"provider"` // "datahub", "noop"
	Instance   string                        `yaml:"instance"`
	Cache      CacheConfig                   `yaml:"cache"`
	URNMapping URNMappingConfig              `yaml:"urn_mapping"`
	Lineage    datahubsemantic.LineageConfig `yaml:"lineage"`
}

SemanticConfig configures the semantic layer.

type ServerConfig 

type ServerConfig struct {
	Name              string           `yaml:"name"`
	Version           string           `yaml:"version"`
	Description       string           `yaml:"description"`
	Tags              []string         `yaml:"tags"`               // Discovery keywords for routing
	AgentInstructions string           `yaml:"agent_instructions"` // Inline operational guidance for AI agents
	Prompts           []PromptConfig   `yaml:"prompts"`            // Platform-level MCP prompts
	Transport         string           `yaml:"transport"`          // "stdio", "http" (or "sse" for backward compat)
	Address           string           `yaml:"address"`
	TLS               TLSConfig        `yaml:"tls"`
	Streamable        StreamableConfig `yaml:"streamable"`
	Shutdown          ShutdownConfig   `yaml:"shutdown"`
}

ServerConfig configures the MCP server.

type SessionDedupConfig added in v0.14.0 

type SessionDedupConfig struct {
	// Enabled controls whether session dedup is active. Defaults to true.
	Enabled *bool `yaml:"enabled"`

	// Mode controls what is sent for previously-enriched tables.
	// Values: "reference" (default), "summary", "none".
	Mode string `yaml:"mode"`

	// EntryTTL is how long a table's enrichment is considered fresh.
	// Defaults to the semantic cache TTL (typically 5m).
	EntryTTL time.Duration `yaml:"entry_ttl"`

	// SessionTimeout is how long an idle session persists before cleanup.
	// Defaults to the server's streamable session timeout (typically 30m).
	SessionTimeout time.Duration `yaml:"session_timeout"`
}

SessionDedupConfig configures session-level metadata deduplication.

func (*SessionDedupConfig) EffectiveMode added in v0.14.0 

func (c *SessionDedupConfig) EffectiveMode() string

EffectiveMode returns the dedup mode, defaulting to "reference".

func (*SessionDedupConfig) IsEnabled added in v0.14.0 

func (c *SessionDedupConfig) IsEnabled() bool

IsEnabled returns whether session dedup is enabled, defaulting to true.

type SessionGateConfig added in v0.31.0 

type SessionGateConfig struct {
	// Enabled activates the session initialization gate.
	Enabled bool `yaml:"enabled"`

	// InitTool is the tool that initializes the session (default: "platform_info").
	InitTool string `yaml:"init_tool"`

	// ExemptTools lists tool names that bypass the gate (e.g., "list_connections").
	ExemptTools []string `yaml:"exempt_tools"`
}

SessionGateConfig configures the session initialization gate that requires agents to call platform_info before using any other tool.

type SessionsConfig added in v0.15.0 

type SessionsConfig struct {
	// Store selects the session storage backend: "memory" (default) or "database".
	Store string `yaml:"store"`

	// TTL is the session lifetime. Defaults to streamable.session_timeout.
	TTL time.Duration `yaml:"ttl"`

	// CleanupInterval is how often the cleanup routine runs. Defaults to 1m.
	CleanupInterval time.Duration `yaml:"cleanup_interval"`
}

SessionsConfig configures session externalization.

type ShutdownConfig added in v0.15.0 

type ShutdownConfig struct {
	// GracePeriod is the maximum time to drain in-flight requests after
	// receiving a shutdown signal. Defaults to 25s (fits within K8s 30s
	// terminationGracePeriodSeconds with headroom for pre-shutdown delay).
	GracePeriod time.Duration `yaml:"grace_period"`

	// PreShutdownDelay is the time to sleep after marking the pod as
	// not-ready and before starting the HTTP drain. This gives the K8s
	// load balancer time to deregister the pod. Defaults to 2s.
	PreShutdownDelay time.Duration `yaml:"pre_shutdown_delay"`
}

ShutdownConfig configures graceful shutdown timing.

type StorageConfig 

type StorageConfig struct {
	Provider string `yaml:"provider"` // "s3", "noop"
	Instance string `yaml:"instance"`
}

StorageConfig configures the storage provider.

type StreamableConfig added in v0.13.0 

type StreamableConfig struct {
	// SessionTimeout is how long an idle session persists before cleanup.
	// Defaults to 30 minutes.
	SessionTimeout time.Duration `yaml:"session_timeout"`
	// Stateless disables session tracking (no Mcp-Session-Id validation).
	Stateless bool `yaml:"stateless"`
}

StreamableConfig configures the Streamable HTTP transport.

type TLSConfig 

type TLSConfig struct {
	Enabled  bool   `yaml:"enabled"`
	CertFile string `yaml:"cert_file"`
	KeyFile  string `yaml:"key_file"`
}

TLSConfig configures TLS.

type ToolInfo added in v0.18.2 

type ToolInfo struct {
	Name string
	Kind string
}

ToolInfo describes a tool registered directly on the platform (not via a toolkit).

type ToolRulesDef 

type ToolRulesDef struct {
	Allow []string `yaml:"allow"`
	Deny  []string `yaml:"deny"`
}

ToolRulesDef defines tool access rules.

type ToolsConfig added in v0.18.0 

type ToolsConfig struct {
	Allow                []string          `yaml:"allow"`
	Deny                 []string          `yaml:"deny"`
	DescriptionOverrides map[string]string `yaml:"description_overrides"`
}

ToolsConfig configures global tool visibility filtering for tools/list responses. This is a visibility filter to reduce token usage — not a security boundary. Persona auth continues to gate tools/call independently.

type TuningConfig 

type TuningConfig struct {
	Rules      RulesConfig `yaml:"rules"`
	PromptsDir string      `yaml:"prompts_dir"`
}

TuningConfig configures AI tuning.

type URNMappingConfig added in v0.6.0 

type URNMappingConfig struct {
	// Platform overrides the platform name used in DataHub URN building.
	// For example, if Trino queries a PostgreSQL database, set this to "postgres"
	// so URNs match DataHub's platform identifier.
	Platform string `yaml:"platform"`

	// CatalogMapping maps catalog names between systems.
	// For semantic provider: maps Trino catalogs to DataHub catalogs (rdbms → warehouse)
	// For query provider: maps DataHub catalogs to Trino catalogs (warehouse → rdbms)
	CatalogMapping map[string]string `yaml:"catalog_mapping"`
}

URNMappingConfig configures URN translation between query engines and metadata catalogs. This is necessary when Trino catalog/platform names differ from DataHub's metadata catalog names.

type UpstreamIDPConfig added in v0.3.0 

type UpstreamIDPConfig struct {
	Issuer       string `yaml:"issuer"`        // Keycloak issuer URL
	ClientID     string `yaml:"client_id"`     // MCP Server's client ID in Keycloak
	ClientSecret string `yaml:"client_secret"` // #nosec G117 -- MCP Server's client secret from admin YAML config
	RedirectURI  string `yaml:"redirect_uri"`  // Callback URL (e.g., http://localhost:8080/oauth/callback)
}

UpstreamIDPConfig configures the upstream identity provider (e.g., Keycloak).

type VersionConverter added in v0.16.0 

type VersionConverter func(data []byte) (*Config, error)

VersionConverter converts raw YAML bytes directly to the latest Config. A nil converter means the version uses standard YAML unmarshalling.

type VersionInfo added in v0.16.0 

type VersionInfo struct {
	// Version is the version string (e.g., "v1").
	Version string

	// Status is the lifecycle state of this version.
	Status VersionStatus

	// DeprecationMessage is shown when a deprecated version is loaded.
	DeprecationMessage string

	// MigrationGuide is shown when a removed version is loaded.
	MigrationGuide string

	// Converter transforms raw YAML bytes into a Config. Nil means
	// standard YAML unmarshalling is used (i.e., the version matches
	// the current schema).
	Converter VersionConverter
}

VersionInfo describes a config API version.

type VersionRegistry added in v0.16.0 

type VersionRegistry struct {
	// contains filtered or unexported fields
}

VersionRegistry holds known config API versions.

func DefaultRegistry added in v0.16.0 

func DefaultRegistry() *VersionRegistry

DefaultRegistry returns the standard version registry with v1 registered.

func NewVersionRegistry added in v0.16.0 

func NewVersionRegistry() *VersionRegistry

NewVersionRegistry creates an empty version registry.

func (*VersionRegistry) Current added in v0.16.0 

func (r *VersionRegistry) Current() string

Current returns the current version string.

func (*VersionRegistry) Get added in v0.16.0 

func (r *VersionRegistry) Get(version string) (*VersionInfo, bool)

Get returns the version info for the given version string.

func (*VersionRegistry) IsDeprecated added in v0.16.0 

func (r *VersionRegistry) IsDeprecated(version string) bool

IsDeprecated returns true if the version exists and is deprecated.

func (*VersionRegistry) ListSupported added in v0.16.0 

func (r *VersionRegistry) ListSupported() []string

ListSupported returns all non-removed version strings, sorted.

func (*VersionRegistry) Register added in v0.16.0 

func (r *VersionRegistry) Register(info *VersionInfo)

Register adds a version to the registry. If current is empty and this is the first VersionCurrent entry, it becomes the current version.

type VersionStatus added in v0.16.0 

type VersionStatus int

VersionStatus represents the lifecycle state of a config version. 

const (
	// VersionCurrent is an actively supported version.
	VersionCurrent VersionStatus = iota
	// VersionDeprecated is a version that still works but emits warnings.
	VersionDeprecated
	// VersionRemoved is a version that is no longer supported.
	VersionRemoved
)

func (VersionStatus) String added in v0.16.0 

func (s VersionStatus) String() string

String returns a human-readable representation of the version status.

type WorkflowConfig added in v0.27.0 

type WorkflowConfig struct {
	// RequireDiscoveryBeforeQuery enables session-aware gating.
	// When true, query tools get a warning if no discovery tool has been
	// called in the current session.
	RequireDiscoveryBeforeQuery bool `yaml:"require_discovery_before_query"`

	// DiscoveryTools lists tool names that count as discovery.
	// Defaults to all datahub_* tools.
	DiscoveryTools []string `yaml:"discovery_tools"`

	// QueryTools lists tool names that are gated by discovery.
	// Defaults to trino_query and trino_execute.
	QueryTools []string `yaml:"query_tools"`

	// WarningMessage is prepended to query results when discovery hasn't occurred.
	WarningMessage string `yaml:"warning_message"`

	// Escalation configures progressive escalation after repeated warnings.
	Escalation EscalationConfig `yaml:"escalation"`
}

WorkflowConfig configures session-aware workflow gating that encourages agents to perform DataHub discovery before running Trino queries.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.