e744336385
C-6: ConnectorRuntime enforces capability_mask per operation.
READ-only ACs cannot invoke MUTATE operations (wipe, lock, retire).
C-7: AC validated against database (exists, active, not expired)
before connector invocation.
C-9: Delegated AC capability bounded by delegator's capability.
C-10: Command counter uses atomic SQL increment with limit check.
M-23: expire_stale() uses same atomic SQL pattern.
H-1: Sensitive credential fields hidden from repr/logs via repr=False.
H-2: Stub backend requires ALLOW_STUB_CREDENTIALS=true to activate.
H-3: Kerberos backend raises CredentialResolutionError instead of
returning stub ticket.
H-4: Chronicle INTENT emitted before execution, RESULT after.
H-5: device_id validated as UUID before Graph API URL interpolation.
H-8: ConnectorRuntime enforces governance for all connector invocations.
Signed-off-by: Tyler King <tking@guildhouse.dev>
61 lines
2.4 KiB
Python
61 lines
2.4 KiB
Python
from pydantic_settings import BaseSettings, SettingsConfigDict
|
|
from typing import Optional
|
|
|
|
class Settings(BaseSettings):
|
|
model_config = SettingsConfigDict(env_file=".env", case_sensitive=False, extra="ignore")
|
|
broker_did: str = "did:web:gsap-broker.example.com"
|
|
broker_name: str = "fastapi-gsap"
|
|
ac_ttl_minutes: int = 30
|
|
chronicle_webhook_url: Optional[str] = None
|
|
keycloak_domain: str = "example.com"
|
|
keycloak_did_template: str = "did:web:{domain}/principal/{alias}"
|
|
keycloak_elevated_role_suffix: str = "-elevated"
|
|
database_url: str = "sqlite+aiosqlite:///./gsap_broker.db"
|
|
cors_origins: list[str] = ["http://localhost:3000", "http://localhost:8000"]
|
|
|
|
# ─── Delegation lifecycle (absorbed from llm-principal-broker) ───
|
|
# The delegation router lives in gsap_broker/delegations/ and shares
|
|
# the same async engine as the rest of GSAP. It used to be a separate
|
|
# service (llm-principal-broker) that called this broker over HTTP;
|
|
# now it's an in-process router that invokes the authorize handler
|
|
# directly. See gsap_broker/delegations/router.py.
|
|
|
|
# Keycloak Admin API (for the Keycloak agent registrar)
|
|
keycloak_url: str = "http://localhost:8080"
|
|
keycloak_realm: str = "substrate"
|
|
keycloak_admin_client_id: str = "llm-broker-admin"
|
|
keycloak_admin_client_secret: str = ""
|
|
|
|
# Agent registrar driver: auto | keycloak | entra | stub
|
|
agent_registrar: str = "auto"
|
|
|
|
# Microsoft Entra Agent ID
|
|
entra_tenant_id: str = ""
|
|
entra_client_id: str = ""
|
|
entra_client_secret: str = ""
|
|
entra_agent_blueprint_id: str = ""
|
|
|
|
# ── Intune / Device Management ──
|
|
intune_enabled: bool = False
|
|
intune_compliance_required: bool = False # global default for accord templates
|
|
intune_compliance_strict: bool = False # reject if no device_id present
|
|
intune_compliance_cache_ttl: int = 300 # seconds
|
|
|
|
# ── Session connectors ──
|
|
bascule_enabled: bool = False
|
|
powershell_enabled: bool = False
|
|
ansible_enabled: bool = False
|
|
|
|
# ── Credential backend ──
|
|
# "auto" | "entra" | "stub"
|
|
# auto: use Entra if entra_client_secret is set, else stub
|
|
credential_backend: str = "auto"
|
|
# Fix H-2: stub backend requires explicit opt-in
|
|
allow_stub_credentials: bool = False
|
|
|
|
# Delegation defaults
|
|
default_delegation_ttl_minutes: int = 60
|
|
default_max_commands: int = 500
|
|
max_delegation_depth: int = 1
|
|
|
|
settings = Settings()
|