Documentation
¶
Index ¶
- func LimitReached(currentCount, limit int) bool
- func SetConfigPath(path string)
- type APIKey
- type ArtifactLimits
- type Auth
- type CORS
- type Database
- type DefaultDevPortal
- type Deployments
- type EventHub
- type FileBased
- type FileBasedOrg
- type FileBasedUser
- type FileBasedUsers
- type Gateway
- type IDP
- type IDPClaimMappings
- type JWT
- type Server
- type TLS
- type WebSocket
- type Webhook
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func LimitReached ¶
LimitReached reports whether an organization currently holding currentCount artifacts of some kind has reached its configured limit. A limit <= 0 means unlimited, in which case this always returns false.
func SetConfigPath ¶
func SetConfigPath(path string)
SetConfigPath configures the path to a config.toml file. Must be called before the first GetConfig() if a config file is used.
Types ¶
type APIKey ¶
type APIKey struct {
HashingAlgorithms []string `koanf:"hashing_algorithms"`
}
APIKey holds API key-specific configuration.
type ArtifactLimits ¶
type ArtifactLimits struct {
MaxLLMProvidersPerOrg int `koanf:"max_llm_providers_per_org"`
MaxLLMProxiesPerOrg int `koanf:"max_llm_proxies_per_org"`
MaxMCPProxiesPerOrg int `koanf:"max_mcp_proxies_per_org"`
MaxWebSubAPIsPerOrg int `koanf:"max_websub_apis_per_org"`
MaxWebBrokerAPIsPerOrg int `koanf:"max_webbroker_apis_per_org"`
}
ArtifactLimits holds the maximum number of each artifact kind an organization may create. Each limit is optional: a value <= 0 (the default) means unlimited, so organizations may create as many artifacts of that kind as they want.
type Auth ¶
type Auth struct {
SkipPaths []string `koanf:"skip_paths"`
IDP IDP `koanf:"idp"`
JWT JWT `koanf:"jwt"`
FileBased FileBased `koanf:"file_based"`
}
Auth groups all authentication-related configuration.
type CORS ¶
type CORS struct {
// AllowedOrigins lists the exact origins permitted to make credentialed
// cross-origin requests. Must not be ["*"] outside demo mode — wildcard
// origins cannot be combined with credentialed requests.
AllowedOrigins []string `koanf:"allowed_origins"`
}
CORS holds cross-origin resource sharing configuration.
type Database ¶
type Database struct {
// Driver supports: sqlite3, postgres/postgresql/pgx, sqlserver/mssql.
Driver string `koanf:"driver"`
// Path is the file path for SQLite databases.
Path string `koanf:"path"`
Host string `koanf:"host"`
Port int `koanf:"port"`
Name string `koanf:"name"`
User string `koanf:"user"`
Password string `koanf:"password"`
SSLMode string `koanf:"ssl_mode"`
MaxOpenConns int `koanf:"max_open_conns"`
MaxIdleConns int `koanf:"max_idle_conns"`
ConnMaxLifetime int `koanf:"conn_max_lifetime"`
EncryptionKey string `koanf:"encryption_key"`
SubscriptionTokenEncryptionKey string `koanf:"subscription_token_encryption_key"`
SecretEncryptionKey string `koanf:"secret_encryption_key"`
// SecretEncryptionKeyFile is the path to a 32-byte binary key file used for secret encryption.
// Honoured in both demo and non-demo mode when neither SecretEncryptionKey nor
// EncryptionKey is set. In demo mode the file is auto-generated on first startup and
// reused on subsequent restarts; in non-demo mode the file must already exist (a missing
// or unreadable file is fatal). Matches the gateway controller key-management pattern.
SecretEncryptionKeyFile string `koanf:"secret_encryption_key_file"`
}
Database holds database-specific configuration.
type DefaultDevPortal ¶
type DefaultDevPortal struct {
Enabled bool `koanf:"enabled"`
Name string `koanf:"name"`
Identifier string `koanf:"identifier"`
APIUrl string `koanf:"api_url"`
Hostname string `koanf:"hostname"`
APIKey string `koanf:"api_key"`
HeaderKeyName string `koanf:"header_key_name"`
Timeout int `koanf:"timeout"`
RoleClaimName string `koanf:"role_claim_name"`
GroupsClaimName string `koanf:"groups_claim_name"`
OrganizationClaimName string `koanf:"organization_claim_name"`
AdminRole string `koanf:"admin_role"`
SubscriberRole string `koanf:"subscriber_role"`
SuperAdminRole string `koanf:"super_admin_role"`
}
DefaultDevPortal holds default DevPortal configuration for new organizations.
type Deployments ¶
type Deployments struct {
MaxPerAPIGateway int `koanf:"max_per_api_gateway"`
TransitionalStatusEnabled bool `koanf:"transitional_status_enabled"`
TimeoutEnabled bool `koanf:"timeout_enabled"`
TimeoutInterval int `koanf:"timeout_interval"`
TimeoutDuration int `koanf:"timeout_duration"`
}
Deployments holds deployment-specific configuration.
type EventHub ¶
type EventHub struct {
PollInterval time.Duration `koanf:"poll_interval"`
CleanupInterval time.Duration `koanf:"cleanup_interval"`
RetentionPeriod time.Duration `koanf:"retention_period"`
}
EventHub holds EventHub-specific configuration for multi-replica HA event delivery.
type FileBased ¶
type FileBased struct {
Enabled bool `koanf:"enabled"`
Organization FileBasedOrg `koanf:"organization"`
Users FileBasedUsers `koanf:"users"`
}
FileBased holds configuration for local username/password authentication.
type FileBasedOrg ¶
type FileBasedOrg struct {
// ID is the organization handle (URL-safe slug), e.g. "default".
ID string `koanf:"id"`
// DisplayName is the human-readable name of the organization.
DisplayName string `koanf:"display_name"`
// Region is the deployment region for the organization.
Region string `koanf:"region"`
// UUID is the platform organization UUID. File-based auth has no external
// IDP, so this value is stored as idp_organization_ref_uuid and emitted as
// the `organization` claim in issued tokens.
UUID string `koanf:"uuid"`
}
FileBasedOrg holds the single organization used in file-based auth mode.
type FileBasedUser ¶
type FileBasedUser struct {
Username string `json:"username" koanf:"username"`
PasswordHash string `json:"password_hash" koanf:"password_hash"`
Scopes string `json:"scopes" koanf:"scopes"`
}
FileBasedUser represents a built-in user for file-based auth mode.
type FileBasedUsers ¶
type FileBasedUsers []FileBasedUser
FileBasedUsers is a slice of FileBasedUser that can be decoded from a JSON string (env var) or from a TOML array of tables ([[auth.file_based.users]]).
type Gateway ¶
type Gateway struct {
EnableVersionVerification bool `koanf:"enable_version_verification"`
EnableFunctionalityTypeVerification bool `koanf:"enable_functionality_type_verification"`
}
Gateway holds gateway-related configuration.
type IDP ¶
type IDP struct {
Enabled bool `koanf:"enabled"`
Name string `koanf:"name"`
JWKSUrl string `koanf:"jwks_url"`
Issuer []string `koanf:"issuer"`
Audience []string `koanf:"audience"`
ValidationMode string `koanf:"validation_mode"`
RoleMappingsFile string `koanf:"role_mappings_file"`
ClaimMappings IDPClaimMappings `koanf:"claim_mappings"`
}
IDP holds configuration for JWKS-based identity providers.
type IDPClaimMappings ¶
type IDPClaimMappings struct {
OrganizationClaimName string `koanf:"organization_claim_name"`
OrgNameClaimName string `koanf:"org_name_claim_name"`
OrgHandleClaimName string `koanf:"org_handle_claim_name"`
UserIDClaimName string `koanf:"user_id_claim_name"`
UsernameClaimName string `koanf:"username_claim_name"`
EmailClaimName string `koanf:"email_claim_name"`
ScopeClaimName string `koanf:"scope_claim_name"`
RolesClaimPath string `koanf:"roles_claim_path"`
}
IDPClaimMappings holds JWT claim name mappings for an IDP.
type JWT ¶
type JWT struct {
Enabled bool `koanf:"enabled"`
SecretKey string `koanf:"secret_key"`
Issuer string `koanf:"issuer"`
SkipValidation bool `koanf:"skip_validation"`
}
JWT holds configuration for local HMAC JWT authentication.
type Server ¶
type Server struct {
LogLevel string `koanf:"log_level"`
LogFormat string `koanf:"log_format"`
Port string `koanf:"port"`
DBSchemaPath string `koanf:"db_schema_path"`
OpenAPISpecPath string `koanf:"openapi_spec_path"`
LLMTemplateDefinitionsPath string `koanf:"llm_template_definitions_path"`
Database Database `koanf:"database"`
Auth Auth `koanf:"auth"`
WebSocket WebSocket `koanf:"websocket"`
DefaultDevPortal DefaultDevPortal `koanf:"default_devportal"`
Deployments Deployments `koanf:"deployments"`
ArtifactLimits ArtifactLimits `koanf:"artifact_limits"`
TLS TLS `koanf:"tls"`
CORS CORS `koanf:"cors"`
APIKey APIKey `koanf:"api_key"`
Gateway Gateway `koanf:"gateway"`
EventHub EventHub `koanf:"event_hub"`
Webhook Webhook `koanf:"webhook"`
EnableScopeValidation bool `koanf:"enable_scope_validation"`
}
Server holds the configuration parameters for the application.
func GetConfig ¶
func GetConfig() *Server
GetConfig returns the singleton config instance, loading it on first call.
func LoadConfig ¶
LoadConfig loads configuration with priority: env vars > config file > defaults. configPath may be empty — when omitted only env vars and defaults are used.
type TLS ¶
type TLS struct {
CertDir string `koanf:"cert_dir"`
}
TLS holds TLS certificate configuration.
type WebSocket ¶
type WebSocket struct {
MaxConnections int `koanf:"max_connections"`
ConnectionTimeout int `koanf:"connection_timeout"`
RateLimitPerMin int `koanf:"rate_limit_per_min"`
MaxConnectionsPerOrg int `koanf:"max_connections_per_org"`
MetricsLogEnabled bool `koanf:"metrics_log_enabled"`
MetricsLogInterval int `koanf:"metrics_log_interval"`
}
WebSocket holds WebSocket-specific configuration.
type Webhook ¶
type Webhook struct {
// Enabled controls whether the webhook endpoint is registered.
Enabled bool `koanf:"enabled"`
// Secret is the HMAC-SHA256 shared secret used to verify request signatures.
Secret string `koanf:"secret"`
// PrivateKeyPath points to the PEM RSA private key used to decrypt encrypted_key fields.
// Optional: required only for events that carry encrypted secrets (API key generate/regenerate).
PrivateKeyPath string `koanf:"private_key_path"`
// GatewayType filters events meant for this platform type. Events with a different
// gateway_type are accepted as a no-op.
GatewayType string `koanf:"gateway_type"`
// SignatureTolerance bounds how old a signed request may be (replay protection).
SignatureTolerance time.Duration `koanf:"signature_tolerance"`
// MaxBodySize caps the request body size in bytes.
MaxBodySize int64 `koanf:"max_body_size"`
// SignatureHeader is the header carrying the "t=...,v1=..." signature.
SignatureHeader string `koanf:"signature_header"`
}
Webhook holds configuration for the control-plane webhook receiver. The Developer Portal delivers signed events (API key / subscription changes) to this endpoint. See docs-local/platform-api-webhook.md.