tking/fastapi-gsap
SHA256
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
fastapi-gsap/gsap_broker/settings.py
Tyler J King 4dff879c84 feat: wire credential resolver and connectors into broker startup 
All connectors registered conditionally based on settings.
CredentialResolver with Entra backend (production) or Stub
backend (dev mode). 15 new tests covering credential resolution,
session lifecycle, orchestrator workflows, and device routing.

Signed-off-by: Tyler King <tking@guildhouse.dev>
2026-04-14 06:03:57 -04:00

59 lines
2.4 KiB
Python
Raw Blame History

from pydantic_settings import BaseSettings, SettingsConfigDict
from typing import Optional
class Settings(BaseSettings):
model_config = SettingsConfigDict(env_file=".env", case_sensitive=False, extra="ignore")
broker_did: str = "did:web:gsap-broker.example.com"
broker_name: str = "fastapi-gsap"
ac_ttl_minutes: int = 30
chronicle_webhook_url: Optional[str] = None
keycloak_domain: str = "example.com"
keycloak_did_template: str = "did:web:{domain}/principal/{alias}"
keycloak_elevated_role_suffix: str = "-elevated"
database_url: str = "sqlite+aiosqlite:///./gsap_broker.db"
cors_origins: list[str] = ["http://localhost:3000", "http://localhost:8000"]
# ─── Delegation lifecycle (absorbed from llm-principal-broker) ───
# The delegation router lives in gsap_broker/delegations/ and shares
# the same async engine as the rest of GSAP. It used to be a separate
# service (llm-principal-broker) that called this broker over HTTP;
# now it's an in-process router that invokes the authorize handler
# directly. See gsap_broker/delegations/router.py.
# Keycloak Admin API (for the Keycloak agent registrar)
keycloak_url: str = "http://localhost:8080"
keycloak_realm: str = "substrate"
keycloak_admin_client_id: str = "llm-broker-admin"
keycloak_admin_client_secret: str = ""
# Agent registrar driver: auto | keycloak | entra | stub
agent_registrar: str = "auto"
# Microsoft Entra Agent ID
entra_tenant_id: str = ""
entra_client_id: str = ""
entra_client_secret: str = ""
entra_agent_blueprint_id: str = ""
# ── Intune / Device Management ──
intune_enabled: bool = False
intune_compliance_required: bool = False # global default for accord templates
intune_compliance_strict: bool = False # reject if no device_id present
intune_compliance_cache_ttl: int = 300 # seconds
# ── Session connectors ──
bascule_enabled: bool = False
powershell_enabled: bool = False
ansible_enabled: bool = False
# ── Credential backend ──
# "auto" | "entra" | "stub"
# auto: use Entra if entra_client_secret is set, else stub
credential_backend: str = "auto"
# Delegation defaults
default_delegation_ttl_minutes: int = 60
default_max_commands: int = 500
max_delegation_depth: int = 1
settings = Settings()
Reference in a new issue View git blame Copy permalink