config

package
v0.0.0-...-d3a3bb4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 25, 2026 License: AGPL-3.0 Imports: 16 Imported by: 0

Documentation

Overview

Package config loads and validates teep proxy configuration from an optional TOML file and environment variable overrides.

Load order:

  1. Built-in defaults (listen addr 127.0.0.1:8337, default enforced factors).
  2. TOML file at $TEEP_CONFIG, if set.
  3. Environment variables (TEEP_LISTEN_ADDR, VENICE_API_KEY, NEARAI_API_KEY, NANOGPT_API_KEY).

API keys are never logged; use RedactKey to produce a safe representation.

Index

Constants

View Source 
const (
	// DefaultListenAddr is the proxy's default listen address.
	// It deliberately binds only to loopback — never to all interfaces.
	DefaultListenAddr = "127.0.0.1:8337"

	// AttestationTimeout is the HTTP client timeout for attestation fetches.
	// 45 seconds accommodates Chutes' multi-GPU evidence endpoint which
	// consistently takes ~30 seconds for large TEE deployments.
	AttestationTimeout = 45 * time.Second
)

Variables

View Source 
var DefaultAllowFail = attestation.DefaultAllowFail

DefaultAllowFail lists the factor names that are allowed to fail without blocking the proxy. Every factor NOT in this list is enforced.

Functions

func MergedAllowFail 

func MergedAllowFail(providerName string, cfg *Config, offline bool) []string

MergedAllowFail returns the allow_fail list for a provider, applying a four-layer merge (first defined wins):

  1. Per-provider TOML override ([providers.X] allow_fail)
  2. Global TOML override (top-level allow_fail)
  3. Per-provider Go defaults (ProviderDefaultAllowFail)
  4. Global Go defaults (DefaultAllowFail)

When offline is true, factors that require network access (OnlineFactors) are automatically added to the result so they cannot block requests.

func MergedGatewayMeasurementPolicy 

func MergedGatewayMeasurementPolicy(providerName string, cfg *Config, goDefaults attestation.MeasurementPolicy) attestation.MeasurementPolicy

MergedGatewayMeasurementPolicy returns a gateway MeasurementPolicy with the same three-layer merge: per-provider TOML > global TOML > Go defaults.

func MergedMeasurementPolicy 

func MergedMeasurementPolicy(providerName string, cfg *Config, goDefaults attestation.MeasurementPolicy) attestation.MeasurementPolicy

MergedMeasurementPolicy returns a MeasurementPolicy that merges three layers: per-provider TOML > global TOML > Go defaults. For each allowlist field, the most specific non-empty layer wins.

func NewAttestationClient 

func NewAttestationClient(offline bool) *http.Client

NewAttestationClient returns an *http.Client with a 30-second timeout and tuned transport, suitable for fetching attestation data from TEE provider endpoints. The default MaxIdleConnsPerHost (2) is too low for providers that serve multiple models from the same host. In offline mode, CT checks are disabled to avoid external CT log list downloads.

func ProviderDefaultAllowFail 

func ProviderDefaultAllowFail() map[string][]string

ProviderDefaultAllowFail returns a defensive copy of the provider-specific default allow_fail lists. Callers must not rely on mutating the returned map or its slices to change enforcement behavior at runtime.

func RedactKey 

func RedactKey(key string) string

RedactKey returns a redacted representation of an API key safe for logging. It shows the first four characters followed by "****". If the key is shorter than four characters it is fully replaced with "****".

func UpdateConfig 

func UpdateConfig(path, providerName string, observed *ObservedMeasurements) error

UpdateConfig reads the TOML config at path, adds the observed measurement values to the [providers.<providerName>.policy] section (deduplicating), and writes the result back. If the existing config file is non-empty, its original contents are backed up to path+".bak".

If path is empty or the file does not exist, a new config is created.

Types

type Config 

type Config struct {
	// ListenAddr is the TCP address the proxy HTTP server binds to.
	ListenAddr string

	// Providers is the map of provider name → resolved provider config.
	Providers map[string]*Provider

	// AllowFail lists factor names that are allowed to fail without blocking.
	// Every factor NOT in this list is enforced. When nil (no TOML loaded or
	// programmatic config), MergedAllowFail selects per-provider or global
	// Go defaults. Use MergedAllowFail to obtain the effective list.
	AllowFail []string

	// ProviderAllowFail holds per-provider allow_fail overrides parsed from
	// [providers.X] TOML sections. Keys are provider names.
	ProviderAllowFail map[string][]string

	// MeasurementPolicy defines optional allowlists for TDX measurements.
	MeasurementPolicy attestation.MeasurementPolicy

	// GatewayMeasurementPolicy defines optional allowlists for gateway CVM
	// TDX measurements, separate from model backend measurements (GW-M-04).
	GatewayMeasurementPolicy attestation.MeasurementPolicy

	// ProviderPolicies holds per-provider measurement allowlists parsed from
	// [providers.X.policy] TOML sections. Keys are provider names.
	ProviderPolicies map[string]attestation.MeasurementPolicy

	// ProviderGatewayPolicies holds per-provider gateway measurement
	// allowlists parsed from [providers.X.policy] gateway_ fields.
	ProviderGatewayPolicies map[string]attestation.MeasurementPolicy

	// GlobalAllowFailDefined is true when the TOML config explicitly sets a
	// global allow_fail list (including an empty list), either via the root
	// allow_fail field or [policy].allow_fail. When false, MergedAllowFail
	// checks per-provider Go defaults before the global default.
	GlobalAllowFailDefined bool

	// Offline skips external verification calls (Intel PCS collateral,
	// Proof of Cloud registry, and Certificate Transparency checks).
	// Set via --offline flag at runtime.
	Offline bool

	// Force forwards requests even when enforced attestation factors fail.
	// Set via --force flag. WARNING: this reduces security guarantees.
	Force bool
}

Config is the fully resolved runtime configuration for the teep proxy.

func Load 

func Load() (*Config, error)

Load reads configuration from the optional TOML file (path from $TEEP_CONFIG) and applies environment variable overrides. It logs a warning to stderr if the listen address is non-loopback or if the config file has insecure permissions, but does not return an error for either condition.

type ObservedMeasurements 

type ObservedMeasurements struct {
	MRSeam string
	MRTD   string
	RTMR0  string
	RTMR1  string
	RTMR2  string
	RTMR3  string

	// Gateway fields (nearcloud only).
	GatewayMRSeam string
	GatewayMRTD   string
	GatewayRTMR0  string
	GatewayRTMR1  string
	GatewayRTMR2  string
	GatewayRTMR3  string
}

ObservedMeasurements holds TDX measurement values extracted from a verification report's metadata. Empty strings mean "not observed".

type PolicyConfig 

type PolicyConfig struct {
	AllowFail   []string `toml:"allow_fail"`
	MRTDAllow   []string `toml:"mrtd_allow"`
	MRSEAMAllow []string `toml:"mrseam_allow"`
	RTMR0Allow  []string `toml:"rtmr0_allow"`
	RTMR1Allow  []string `toml:"rtmr1_allow"`
	RTMR2Allow  []string `toml:"rtmr2_allow"`
	RTMR3Allow  []string `toml:"rtmr3_allow"`

	// Gateway-specific measurement allowlists (GW-M-04).
	GatewayMRTDAllow   []string `toml:"gateway_mrtd_allow"`
	GatewayMRSEAMAllow []string `toml:"gateway_mrseam_allow"`
	GatewayRTMR0Allow  []string `toml:"gateway_rtmr0_allow"`
	GatewayRTMR1Allow  []string `toml:"gateway_rtmr1_allow"`
	GatewayRTMR2Allow  []string `toml:"gateway_rtmr2_allow"`
	GatewayRTMR3Allow  []string `toml:"gateway_rtmr3_allow"`
}

PolicyConfig holds the optional [policy] section from the TOML file.

type Provider 

type Provider struct {
	Name    string
	BaseURL string
	APIKey  string
	E2EE    bool
}

Provider is a fully resolved provider configuration, ready for use by the proxy and attestation verifier. Attester and Preparer are populated in Phase 4.

type ProviderConfig 

type ProviderConfig struct {
	APIKey    string       `toml:"api_key"`
	APIKeyEnv string       `toml:"api_key_env"`
	BaseURL   string       `toml:"base_url"`
	E2EE      bool         `toml:"e2ee"`
	AllowFail []string     `toml:"allow_fail"`
	Policy    PolicyConfig `toml:"policy"`
}

ProviderConfig holds the TOML-parsed configuration for one provider. Either APIKey or APIKeyEnv must be set; APIKeyEnv takes precedence if both are present. The resolved key is exposed via the Provider struct, not here.

type RetryTransport 

type RetryTransport struct {
	Base        http.RoundTripper
	MaxAttempts int           // 0 → default 3
	MaxDelay    time.Duration // 0 → default 4s
}

RetryTransport retries requests on 5xx responses and network errors. For requests with a body it requires req.GetBody to be set so the body can be reset between attempts (http.NewRequestWithContext sets GetBody automatically when passed a *bytes.Reader). If a retry is needed and GetBody is nil for a request with a body, the last error is returned immediately rather than sending an empty body. GET requests have no body and are always retried unconditionally.

Base must be non-nil.

All attestation endpoints retried by this transport are effectively idempotent reads. Do not use for POST endpoints with side effects (nonce consumption, billing) without explicit consideration.

func (*RetryTransport) RoundTrip 

func (t *RetryTransport) RoundTrip(req *http.Request) (*http.Response, error)

RoundTrip executes the request, retrying on 5xx and network errors.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.