config

package
v0.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 2, 2026 License: MIT Imports: 11 Imported by: 0

Documentation

Overview

Package config provides configuration management for agent applications. It supports loading from config files (JSON/YAML), environment variables, and integrates with OmniVault for unified secret management.

Configuration sources (in order of precedence):

  1. Environment variables (highest)
  2. Config file (config.json or config.yaml)
  3. Defaults (lowest)

Secrets are loaded separately via OmniVault providers.

Package config provides configuration file loading for agent applications.

Package config provides OmniVault integration for unified secret management.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetDefaultModel 

func GetDefaultModel(provider string) string

GetDefaultModel returns the default model for a given provider.

func GetProjectName 

func GetProjectName() string

GetProjectName attempts to detect the project name from config.json stackName or falls back to the current directory name.

Types

type A2AConfig 

type A2AConfig struct {
	Enabled  bool   `json:"enabled" yaml:"enabled"`
	AuthType string `json:"authType" yaml:"authType"` // jwt, apikey, oauth2
}

A2AConfig holds A2A protocol configuration.

type AgentConfig 

type AgentConfig struct {
	URL         string `json:"url" yaml:"url"`
	Description string `json:"description" yaml:"description"`
}

AgentConfig holds configuration for a single agent in multi-agent systems.

type Config 

type Config struct {
	// LLM Configuration
	LLMProvider string // "gemini", "claude", "openai", "ollama", "xai"
	LLMAPIKey   string
	LLMModel    string
	LLMBaseURL  string // For Ollama or custom endpoints

	// Provider-specific API keys
	GeminiAPIKey string
	ClaudeAPIKey string
	OpenAIAPIKey string
	XAIAPIKey    string
	OllamaURL    string

	// Search Configuration
	SearchProvider string // "serper", "serpapi"
	SerperAPIKey   string
	SerpAPIKey     string

	// Agent URLs (for multi-agent systems)
	AgentURLs map[string]string

	// A2A Protocol Configuration
	A2AEnabled   bool
	A2AAuthType  string // "jwt", "apikey", "oauth2"
	A2AAuthToken string

	// Observability Configuration
	ObservabilityEnabled  bool   // Enable LLM observability
	ObservabilityProvider string // "opik", "langfuse", "phoenix"
	ObservabilityAPIKey   string
	ObservabilityEndpoint string // Custom endpoint (optional)
	ObservabilityProject  string // Project name for grouping traces

	// Security Configuration
	SecurityEnabled      bool // Enable VaultGuard security checks
	SecurityMinScore     int  // Minimum security score (0-100)
	SecurityRequireEncry bool // Require disk encryption
	// contains filtered or unexported fields
}

Config holds the application configuration.

func Load 

func Load(ctx context.Context, opts LoadOptions) (*Config, error)

Load loads configuration from config file, environment variables, and secrets. This is the recommended way to load configuration as it:

  • Reads settings from config.json (LLM_PROVIDER, SEARCH_PROVIDER, etc.)
  • Allows environment variable overrides
  • Loads secrets from OmniVault (API keys)

Example: 

cfg, err := config.Load(ctx, config.LoadOptions{
    ConfigFile: "config.json",
})

func LoadConfig 

func LoadConfig() *Config

LoadConfig loads configuration from environment variables.

func LoadConfigWithSecrets 

func LoadConfigWithSecrets(ctx context.Context, secretsCfg SecretsConfig) (*Config, error)

LoadConfigWithSecrets loads configuration using OmniVault for secrets. This is the recommended way to load configuration in production as it supports multiple secret backends (env, AWS Secrets Manager, etc.).

func (*Config) Close 

func (c *Config) Close() error

Close releases resources held by the config (e.g., secrets client).

func (*Config) GetAgentURL 

func (c *Config) GetAgentURL(name string) string

GetAgentURL gets the URL for a named agent.

func (*Config) GetSecret 

func (c *Config) GetSecret(ctx context.Context, name string) (string, error)

GetSecret retrieves a secret from the configured secrets provider. Falls back to environment variables if no secrets provider is configured or if the secret is not found.

func (*Config) SecretsProvider 

func (c *Config) SecretsProvider() SecretsProvider

SecretsProvider returns the configured secrets provider name. Returns "env" if no secrets client is configured.

func (*Config) SetAgentURL 

func (c *Config) SetAgentURL(name, url string)

SetAgentURL sets a URL for a named agent.

type ConfigFile 

type ConfigFile struct {
	// LLM configuration
	LLM LLMConfig `json:"llm" yaml:"llm"`

	// Search configuration
	Search SearchConfig `json:"search" yaml:"search"`

	// Observability configuration
	Observability ObservabilityConfig `json:"observability" yaml:"observability"`

	// Agent URLs for multi-agent systems
	Agents map[string]AgentConfig `json:"agents" yaml:"agents"`

	// A2A Protocol configuration
	A2A A2AConfig `json:"a2a" yaml:"a2a"`

	// Security configuration
	Security SecurityConfig `json:"security" yaml:"security"`

	// Secrets configuration (provider settings, not actual secrets)
	Secrets SecretsFileConfig `json:"secrets" yaml:"secrets"`

	// Environment overrides (optional)
	Environment string `json:"environment" yaml:"environment"`
}

ConfigFile represents the structure of config.json/config.yaml. This is the source of truth for non-secret configuration.

func LoadConfigFile 

func LoadConfigFile(path string, projectName string) (*ConfigFile, error)

LoadConfigFile loads configuration from a JSON or YAML file. It searches in the following order:

  1. Explicit path provided
  2. config.json in current directory
  3. config.yaml in current directory
  4. ../config.json (parent directory)
  5. ~/.agentplexus/projects/{project}/config.json

func (*ConfigFile) Defaults 

func (c *ConfigFile) Defaults() *ConfigFile

Defaults returns a ConfigFile with sensible defaults.

func (*ConfigFile) MergeEnv 

func (c *ConfigFile) MergeEnv() *ConfigFile

MergeEnv merges environment variable overrides into the config. Environment variables take precedence over file values.

type LLMConfig 

type LLMConfig struct {
	Provider string `json:"provider" yaml:"provider"` // gemini, claude, openai, ollama, xai
	Model    string `json:"model" yaml:"model"`       // Model name override
	BaseURL  string `json:"baseUrl" yaml:"baseUrl"`   // Custom endpoint (for ollama)
}

LLMConfig holds LLM provider configuration.

type LoadOptions 

type LoadOptions struct {
	// ConfigFile is the path to config.json/config.yaml.
	// If empty, searches in standard locations.
	ConfigFile string

	// ProjectName is used for project-specific config lookup.
	// If empty, auto-detected from config.json stackName or directory name.
	ProjectName string

	// SecretsProvider specifies the secrets backend.
	// If empty, auto-detected based on environment.
	SecretsProvider SecretsProvider

	// SecretsPrefix is prepended to secret paths (e.g., "stats-agent/").
	SecretsPrefix string

	// SecretsRegion is the AWS region for aws-sm/aws-ssm providers.
	SecretsRegion string
}

LoadOptions configures how configuration is loaded.

type ObservabilityConfig 

type ObservabilityConfig struct {
	Enabled  bool   `json:"enabled" yaml:"enabled"`
	Provider string `json:"provider" yaml:"provider"` // opik, langfuse, phoenix
	Endpoint string `json:"endpoint" yaml:"endpoint"` // Custom endpoint
	Project  string `json:"project" yaml:"project"`   // Project name
}

ObservabilityConfig holds observability settings.

type SearchConfig 

type SearchConfig struct {
	Provider string `json:"provider" yaml:"provider"` // serper, serpapi
}

SearchConfig holds search provider configuration.

type SecretsClient 

type SecretsClient struct {
	// contains filtered or unexported fields
}

SecretsClient wraps OmniVault with agentkit-specific functionality.

func NewSecretsClient 

func NewSecretsClient(cfg SecretsConfig) (*SecretsClient, error)

NewSecretsClient creates a new secrets client with the given configuration.

func (*SecretsClient) Close 

func (sc *SecretsClient) Close() error

Close releases resources.

func (*SecretsClient) Exists 

func (sc *SecretsClient) Exists(ctx context.Context, name string) bool

Exists checks if a secret exists.

func (*SecretsClient) Get 

func (sc *SecretsClient) Get(ctx context.Context, name string) (string, error)

Get retrieves a secret by name. If a prefix is configured, it's prepended to the name. Falls back to environment variables if configured and secret not found.

func (*SecretsClient) GetField 

func (sc *SecretsClient) GetField(ctx context.Context, name, field string) (string, error)

GetField retrieves a specific field from a JSON secret. Useful for AWS Secrets Manager secrets with multiple key-value pairs.

func (*SecretsClient) Provider 

func (sc *SecretsClient) Provider() SecretsProvider

Provider returns the configured provider name.

type SecretsConfig 

type SecretsConfig struct {
	// Provider specifies which secrets backend to use.
	// Default: "env" (environment variables)
	Provider SecretsProvider

	// Prefix is prepended to secret paths (e.g., "stats-agent/" for AWS).
	// For AWS Secrets Manager, secrets are stored as "{prefix}{name}".
	Prefix string

	// Region is the AWS region (for aws-sm, aws-ssm providers).
	Region string

	// CustomVault allows injecting a custom vault implementation.
	// When set, this takes precedence over Provider.
	CustomVault vault.Vault

	// Logger is an optional structured logger.
	Logger *slog.Logger

	// FallbackToEnv enables falling back to environment variables
	// when a secret is not found in the configured provider.
	// Default: true
	FallbackToEnv bool
}

SecretsConfig holds configuration for OmniVault secrets management.

func DefaultSecretsConfig 

func DefaultSecretsConfig() SecretsConfig

DefaultSecretsConfig returns a SecretsConfig based on environment detection. It auto-detects the appropriate provider based on the runtime environment.

type SecretsFileConfig 

type SecretsFileConfig struct {
	Provider string `json:"provider" yaml:"provider"` // env, aws-sm, aws-ssm
	Prefix   string `json:"prefix" yaml:"prefix"`     // Secret path prefix
	Region   string `json:"region" yaml:"region"`     // AWS region
}

SecretsFileConfig holds secrets provider configuration (not actual secrets).

type SecretsProvider 

type SecretsProvider string

SecretsProvider specifies the secrets backend to use. 

const (
	// SecretsProviderEnv uses environment variables (default, local dev).
	SecretsProviderEnv SecretsProvider = "env"

	// SecretsProviderAWSSM uses AWS Secrets Manager.
	SecretsProviderAWSSM SecretsProvider = "aws-sm"

	// SecretsProviderAWSSSM uses AWS Systems Manager Parameter Store.
	SecretsProviderAWSSSM SecretsProvider = "aws-ssm"

	// SecretsProviderMemory uses in-memory storage (testing).
	SecretsProviderMemory SecretsProvider = "memory"
)

Known secrets providers.

type SecureConfig 

type SecureConfig struct {
	*Config
	// contains filtered or unexported fields
}

SecureConfig wraps Config with VaultGuard for secure credential access and optionally integrates with OmniVault for unified secret management.

func LoadSecureConfig 

func LoadSecureConfig(ctx context.Context, opts ...SecureConfigOption) (*SecureConfig, error)

LoadSecureConfig loads configuration with VaultGuard security checks. It enforces security policies based on the environment (local or cloud). Optionally integrates with OmniVault for unified secret management.

func (*SecureConfig) Close 

func (sc *SecureConfig) Close() error

Close cleans up resources.

func (*SecureConfig) Environment 

func (sc *SecureConfig) Environment() vaultguard.Environment

Environment returns the detected deployment environment.

func (*SecureConfig) GetCredential 

func (sc *SecureConfig) GetCredential(ctx context.Context, name string) (string, error)

GetCredential retrieves a credential from the secure vault.

func (*SecureConfig) GetRequiredCredentials 

func (sc *SecureConfig) GetRequiredCredentials(ctx context.Context, names ...string) (map[string]string, error)

GetRequiredCredentials retrieves multiple credentials, failing if any are missing.

func (*SecureConfig) SecurityResult 

func (sc *SecureConfig) SecurityResult() *vaultguard.SecurityResult

SecurityResult returns the security assessment result.

type SecureConfigOption 

type SecureConfigOption func(*secureConfigOptions)

SecureConfigOption configures secure config loading.

func WithAWSSecretsManager 

func WithAWSSecretsManager(prefix, region string) SecureConfigOption

WithAWSSecretsManager configures AWS Secrets Manager as the secrets provider. This is a convenience function for AWS deployments.

func WithAutoSecretsProvider 

func WithAutoSecretsProvider() SecureConfigOption

WithAutoSecretsProvider uses DefaultSecretsConfig to auto-detect the provider. In AWS environments, this will use AWS Secrets Manager; otherwise, env vars.

func WithDevPolicy 

func WithDevPolicy() SecureConfigOption

WithDevPolicy uses a permissive development policy.

func WithPolicy 

func WithPolicy(policy *vaultguard.Policy) SecureConfigOption

WithPolicy sets a custom security policy.

func WithSecretsProvider 

func WithSecretsProvider(cfg SecretsConfig) SecureConfigOption

WithSecretsProvider configures OmniVault as the secrets provider. When set, secrets are loaded from OmniVault first, with fallback to VaultGuard.

func WithStrictPolicy 

func WithStrictPolicy() SecureConfigOption

WithStrictPolicy uses a strict security policy.

type SecurityConfig 

type SecurityConfig struct {
	Enabled           bool `json:"enabled" yaml:"enabled"`
	MinScore          int  `json:"minScore" yaml:"minScore"`
	RequireEncryption bool `json:"requireEncryption" yaml:"requireEncryption"`
}

SecurityConfig holds security settings.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.