config

package
v0.11.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 8, 2026 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func LimitReached

func LimitReached(currentCount, limit int) bool

LimitReached reports whether an organization currently holding currentCount artifacts of some kind has reached its configured limit. A limit <= 0 means unlimited, in which case this always returns false.

func SetConfigPath

func SetConfigPath(path string)

SetConfigPath configures the path to a config.toml file. Must be called before the first GetConfig() if a config file is used.

Types

type APIKey

type APIKey struct {
	HashingAlgorithms []string `koanf:"hashing_algorithms"`
}

APIKey holds API key-specific configuration.

type ArtifactLimits

type ArtifactLimits struct {
	MaxLLMProvidersPerOrg  int `koanf:"max_llm_providers_per_org"`
	MaxLLMProxiesPerOrg    int `koanf:"max_llm_proxies_per_org"`
	MaxMCPProxiesPerOrg    int `koanf:"max_mcp_proxies_per_org"`
	MaxWebSubAPIsPerOrg    int `koanf:"max_websub_apis_per_org"`
	MaxWebBrokerAPIsPerOrg int `koanf:"max_webbroker_apis_per_org"`
}

ArtifactLimits holds the maximum number of each artifact kind an organization may create. Each limit is optional: a value <= 0 (the default) means unlimited, so organizations may create as many artifacts of that kind as they want.

type Auth

type Auth struct {
	SkipPaths []string  `koanf:"skip_paths"`
	IDP       IDP       `koanf:"idp"`
	JWT       JWT       `koanf:"jwt"`
	FileBased FileBased `koanf:"file_based"`
}

Auth groups all authentication-related configuration.

type CORS

type CORS struct {
	// AllowedOrigins lists the exact origins permitted to make credentialed
	// cross-origin requests. Must not be ["*"] outside demo mode — wildcard
	// origins cannot be combined with credentialed requests.
	AllowedOrigins []string `koanf:"allowed_origins"`
}

CORS holds cross-origin resource sharing configuration.

type Database

type Database struct {
	// Driver supports: sqlite3, postgres/postgresql/pgx, sqlserver/mssql.
	Driver string `koanf:"driver"`
	// Path is the file path for SQLite databases.
	Path            string `koanf:"path"`
	Host            string `koanf:"host"`
	Port            int    `koanf:"port"`
	Name            string `koanf:"name"`
	User            string `koanf:"user"`
	Password        string `koanf:"password"`
	SSLMode         string `koanf:"ssl_mode"`
	MaxOpenConns    int    `koanf:"max_open_conns"`
	MaxIdleConns    int    `koanf:"max_idle_conns"`
	ConnMaxLifetime int    `koanf:"conn_max_lifetime"`

	EncryptionKey                  string `koanf:"encryption_key"`
	SubscriptionTokenEncryptionKey string `koanf:"subscription_token_encryption_key"`
	SecretEncryptionKey            string `koanf:"secret_encryption_key"`
	// SecretEncryptionKeyFile is the path to a 32-byte binary key file used for secret encryption.
	// Honoured in both demo and non-demo mode when neither SecretEncryptionKey nor
	// EncryptionKey is set. In demo mode the file is auto-generated on first startup and
	// reused on subsequent restarts; in non-demo mode the file must already exist (a missing
	// or unreadable file is fatal). Matches the gateway controller key-management pattern.
	SecretEncryptionKeyFile string `koanf:"secret_encryption_key_file"`
}

Database holds database-specific configuration.

type DefaultDevPortal

type DefaultDevPortal struct {
	Enabled       bool   `koanf:"enabled"`
	Name          string `koanf:"name"`
	Identifier    string `koanf:"identifier"`
	APIUrl        string `koanf:"api_url"`
	Hostname      string `koanf:"hostname"`
	APIKey        string `koanf:"api_key"`
	HeaderKeyName string `koanf:"header_key_name"`
	Timeout       int    `koanf:"timeout"`

	RoleClaimName         string `koanf:"role_claim_name"`
	GroupsClaimName       string `koanf:"groups_claim_name"`
	OrganizationClaimName string `koanf:"organization_claim_name"`
	AdminRole             string `koanf:"admin_role"`
	SubscriberRole        string `koanf:"subscriber_role"`
	SuperAdminRole        string `koanf:"super_admin_role"`
}

DefaultDevPortal holds default DevPortal configuration for new organizations.

type Deployments

type Deployments struct {
	MaxPerAPIGateway          int  `koanf:"max_per_api_gateway"`
	TransitionalStatusEnabled bool `koanf:"transitional_status_enabled"`
	TimeoutEnabled            bool `koanf:"timeout_enabled"`
	TimeoutInterval           int  `koanf:"timeout_interval"`
	TimeoutDuration           int  `koanf:"timeout_duration"`
}

Deployments holds deployment-specific configuration.

type EventHub

type EventHub struct {
	PollInterval    time.Duration `koanf:"poll_interval"`
	CleanupInterval time.Duration `koanf:"cleanup_interval"`
	RetentionPeriod time.Duration `koanf:"retention_period"`
}

EventHub holds EventHub-specific configuration for multi-replica HA event delivery.

type FileBased

type FileBased struct {
	Enabled      bool           `koanf:"enabled"`
	Organization FileBasedOrg   `koanf:"organization"`
	Users        FileBasedUsers `koanf:"users"`
}

FileBased holds configuration for local username/password authentication.

type FileBasedOrg

type FileBasedOrg struct {
	// ID is the organization handle (URL-safe slug), e.g. "default".
	ID string `koanf:"id"`

	// DisplayName is the human-readable name of the organization.
	DisplayName string `koanf:"display_name"`

	// Region is the deployment region for the organization.
	Region string `koanf:"region"`

	// UUID is the platform organization UUID. File-based auth has no external
	// IDP, so this value is stored as idp_organization_ref_uuid and emitted as
	// the `organization` claim in issued tokens.
	UUID string `koanf:"uuid"`
}

FileBasedOrg holds the single organization used in file-based auth mode.

type FileBasedUser

type FileBasedUser struct {
	Username     string `json:"username"     koanf:"username"`
	PasswordHash string `json:"password_hash" koanf:"password_hash"`
	Scopes       string `json:"scopes"       koanf:"scopes"`
}

FileBasedUser represents a built-in user for file-based auth mode.

type FileBasedUsers

type FileBasedUsers []FileBasedUser

FileBasedUsers is a slice of FileBasedUser that can be decoded from a JSON string (env var) or from a TOML array of tables ([[auth.file_based.users]]).

type Gateway

type Gateway struct {
	EnableVersionVerification           bool `koanf:"enable_version_verification"`
	EnableFunctionalityTypeVerification bool `koanf:"enable_functionality_type_verification"`
}

Gateway holds gateway-related configuration.

type IDP

type IDP struct {
	Enabled          bool             `koanf:"enabled"`
	Name             string           `koanf:"name"`
	JWKSUrl          string           `koanf:"jwks_url"`
	Issuer           []string         `koanf:"issuer"`
	Audience         []string         `koanf:"audience"`
	ValidationMode   string           `koanf:"validation_mode"`
	RoleMappingsFile string           `koanf:"role_mappings_file"`
	ClaimMappings    IDPClaimMappings `koanf:"claim_mappings"`
}

IDP holds configuration for JWKS-based identity providers.

type IDPClaimMappings

type IDPClaimMappings struct {
	OrganizationClaimName string `koanf:"organization_claim_name"`
	OrgNameClaimName      string `koanf:"org_name_claim_name"`
	OrgHandleClaimName    string `koanf:"org_handle_claim_name"`
	UserIDClaimName       string `koanf:"user_id_claim_name"`
	UsernameClaimName     string `koanf:"username_claim_name"`
	EmailClaimName        string `koanf:"email_claim_name"`
	ScopeClaimName        string `koanf:"scope_claim_name"`
	RolesClaimPath        string `koanf:"roles_claim_path"`
}

IDPClaimMappings holds JWT claim name mappings for an IDP.

type JWT

type JWT struct {
	Enabled        bool   `koanf:"enabled"`
	SecretKey      string `koanf:"secret_key"`
	Issuer         string `koanf:"issuer"`
	SkipValidation bool   `koanf:"skip_validation"`
}

JWT holds configuration for local HMAC JWT authentication.

type Server

type Server struct {
	LogLevel  string `koanf:"log_level"`
	LogFormat string `koanf:"log_format"`
	Port      string `koanf:"port"`

	DBSchemaPath               string `koanf:"db_schema_path"`
	OpenAPISpecPath            string `koanf:"openapi_spec_path"`
	LLMTemplateDefinitionsPath string `koanf:"llm_template_definitions_path"`

	Database         Database         `koanf:"database"`
	Auth             Auth             `koanf:"auth"`
	WebSocket        WebSocket        `koanf:"websocket"`
	DefaultDevPortal DefaultDevPortal `koanf:"default_devportal"`
	Deployments      Deployments      `koanf:"deployments"`
	ArtifactLimits   ArtifactLimits   `koanf:"artifact_limits"`
	TLS              TLS              `koanf:"tls"`
	CORS             CORS             `koanf:"cors"`
	APIKey           APIKey           `koanf:"api_key"`
	Gateway          Gateway          `koanf:"gateway"`
	EventHub         EventHub         `koanf:"event_hub"`
	Webhook          Webhook          `koanf:"webhook"`

	EnableScopeValidation bool `koanf:"enable_scope_validation"`
}

Server holds the configuration parameters for the application.

func GetConfig

func GetConfig() *Server

GetConfig returns the singleton config instance, loading it on first call.

func LoadConfig

func LoadConfig(configPath string) (*Server, error)

LoadConfig loads configuration with priority: env vars > config file > defaults. configPath may be empty — when omitted only env vars and defaults are used.

type TLS

type TLS struct {
	CertDir string `koanf:"cert_dir"`
}

TLS holds TLS certificate configuration.

type WebSocket

type WebSocket struct {
	MaxConnections       int  `koanf:"max_connections"`
	ConnectionTimeout    int  `koanf:"connection_timeout"`
	RateLimitPerMin      int  `koanf:"rate_limit_per_min"`
	MaxConnectionsPerOrg int  `koanf:"max_connections_per_org"`
	MetricsLogEnabled    bool `koanf:"metrics_log_enabled"`
	MetricsLogInterval   int  `koanf:"metrics_log_interval"`
}

WebSocket holds WebSocket-specific configuration.

type Webhook

type Webhook struct {
	// Enabled controls whether the webhook endpoint is registered.
	Enabled bool `koanf:"enabled"`
	// Secret is the HMAC-SHA256 shared secret used to verify request signatures.
	Secret string `koanf:"secret"`
	// PrivateKeyPath points to the PEM RSA private key used to decrypt encrypted_key fields.
	// Optional: required only for events that carry encrypted secrets (API key generate/regenerate).
	PrivateKeyPath string `koanf:"private_key_path"`
	// GatewayType filters events meant for this platform type. Events with a different
	// gateway_type are accepted as a no-op.
	GatewayType string `koanf:"gateway_type"`
	// SignatureTolerance bounds how old a signed request may be (replay protection).
	SignatureTolerance time.Duration `koanf:"signature_tolerance"`
	// MaxBodySize caps the request body size in bytes.
	MaxBodySize int64 `koanf:"max_body_size"`
	// SignatureHeader is the header carrying the "t=...,v1=..." signature.
	SignatureHeader string `koanf:"signature_header"`
}

Webhook holds configuration for the control-plane webhook receiver. The Developer Portal delivers signed events (API key / subscription changes) to this endpoint. See docs-local/platform-api-webhook.md.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL