smooth_operator_server/config.rs
1//! Server configuration, read entirely from the environment.
2//!
3//! No secret is ever hardcoded. The gateway key is optional at *startup* — the
4//! server still binds and answers protocol-only actions (`ping`,
5//! `create_conversation_session`) without it — but `send_message` returns a
6//! clean `error` event when the key is absent, so protocol conformance can be
7//! tested with zero credentials.
8//!
9//! ## Environment variables (the contract every language E2E harness reuses)
10//!
11//! | var | default | meaning |
12//! | --- | --- | --- |
13//! | `SMOOTH_AGENT_BIND` | `127.0.0.1` | IP address to bind. Set `0.0.0.0` in k8s/containers so the Service/Ingress can reach the pod. |
14//! | `SMOOTH_AGENT_PORT` | `8787` | TCP port to bind. |
15//! | `SMOOAI_GATEWAY_URL` | `https://llm.smoo.ai/v1` | OpenAI-compatible LLM gateway base URL. |
16//! | `SMOOAI_GATEWAY_KEY` | *(unset)* | Gateway API key. When unset, `send_message` errors cleanly. |
17//! | `SMOOTH_AGENT_MODEL` | `claude-haiku-4-5` | Model id requested from the gateway. |
18//! | `SMOOTH_AGENT_SEED_KB` | *(unset)* | When `1`, seed a couple of distinctive demo docs on startup. |
19//! | `SMOOTH_AGENT_MAX_ITERATIONS` | `6` | Agent-loop iteration cap per turn. |
20//! | `SMOOTH_AGENT_MAX_TOKENS` | `512` | `max_tokens` sent to the gateway (kept low — paid endpoint). |
21//! | `SMOOTH_AGENT_STORAGE` | `memory` | Storage backend: `memory` \| `postgres` \| `dynamodb`. |
22//! | `SMOOTH_AGENT_BACKPLANE` | `memory` | Connection backplane: `memory` (single-process) \| `redis`/`valkey` \| `nats`. A distributed backend is required for >1 replica and to let non-AI publishers push events via `Backplane::publish`. |
23//! | `SMOOTH_AGENT_BACKPLANE_URL` | *(unset)* | Bus URL for `redis`/`nats` (e.g. `redis://valkey:6379`, `nats://nats:4222`); falls back to `SMOOTH_AGENT_REDIS_URL` / `SMOOTH_AGENT_NATS_URL`. |
24//! | `WIDGET_AUTH_STRICT` | *(unset → `false`)* | Fail-closed embeddable-widget auth: when `1`/`true`, a session for an agent the [`WidgetAuthProvider`](smooth_operator::widget_auth::WidgetAuthProvider) has no policy for is rejected. Origin + `authContext` are always enforced for policied agents. |
25//! | `SMOOTH_AGENT_CONFIRM_TOOLS` | *(unset → off)* | Comma-separated tool-name substrings that require **human confirmation** before the agent may run them (write-confirmation HITL). A turn that calls a matching tool parks and emits a `write_confirmation_required` event; the client resumes it with `confirm_tool_action` (`{sessionId, requestId, approved}`). Empty = no tool ever requires confirmation (byte-for-byte unchanged). |
26//! | `WIDGET_AUTH_URL` | *(unset → permissive)* | When set, install an [`HttpWidgetAuth`](smooth_operator::widget_auth::HttpWidgetAuth) provider resolving each agent's embed policy from `{url}/{agentId}` — enforce widget auth against a host policy service with no custom binary. |
27//! | `WIDGET_AUTH_BEARER` | *(unset)* | Optional bearer token sent to `WIDGET_AUTH_URL` (e.g. an M2M token). |
28//! | `WIDGET_AUTH_TTL_SECS` | `60` | Policy cache TTL for `WIDGET_AUTH_URL` (incl. cached 404 no-policy results). |
29//!
30//! ### Auth (load-bearing — the admin API's `require_role` reads these)
31//!
32//! Parsed by [`smooth_operator::auth::AuthConfig::from_env`], not [`ServerConfig`],
33//! but documented here because they gate `/admin` and the binary refuses to start
34//! when they're misconfigured. See [`smooth_operator::auth`] for the full contract.
35//!
36//! | var | default | meaning |
37//! | --- | --- | --- |
38//! | `AUTH_MODE` | *(unset → admin disabled, 401)* | `jwt` (BYO) \| `smoo` (hosted) \| `none` (dev only). Unset boots `/ws` but `/admin` returns 401 until configured. |
39//! | `AUTH_JWT_HS256_SECRET` | — | HS256 shared secret (for `jwt`/`smoo`). |
40//! | `AUTH_JWT_RS256_PUBLIC_KEY` | — | RS256 PEM public key (takes precedence over HS256). |
41//! | `AUTH_JWT_ISSUER` | — | Required `iss` claim (required for `smoo`; optional for `jwt`). |
42//! | `AUTH_JWT_AUDIENCE` | — | Required `aud` claim (optional). |
43//!
44//! ### Embedding (the retrieval/index path)
45//!
46//! The `/index` path (and the `dev-support` example) select the embedder from the
47//! gateway config above: with `SMOOAI_GATEWAY_KEY` set, the real **`GatewayEmbedder`**
48//! (`text-embedding-3-small`, 1536-d) is used for semantic retrieval; without it,
49//! the network-free **`DeterministicEmbedder`** (FNV-1a hash, 1024-d) is used and a
50//! warning is logged. See [`crate::embedder`].
51
52use smooth_operator_core::llm::{ApiFormat, RetryPolicy};
53use smooth_operator_core::LlmConfig;
54
55/// Default bind address (loopback; override with `0.0.0.0` in containers).
56pub const DEFAULT_BIND: &str = "127.0.0.1";
57/// Default WebSocket bind port.
58pub const DEFAULT_PORT: u16 = 8787;
59/// Default OpenAI-compatible LLM gateway.
60pub const DEFAULT_GATEWAY_URL: &str = "https://llm.smoo.ai/v1";
61/// Default (cheap) model.
62pub const DEFAULT_MODEL: &str = "claude-haiku-4-5";
63/// Default agent-loop iteration cap.
64pub const DEFAULT_MAX_ITERATIONS: u32 = 6;
65/// Default `max_tokens` per LLM call.
66pub const DEFAULT_MAX_TOKENS: u32 = 512;
67
68/// Which storage backend the server runs on. Selected via `SMOOTH_AGENT_STORAGE`
69/// (`memory` / `postgres` / `dynamodb`); the **admin stores** (connector configs,
70/// settings, indexing runs) follow the same backend so they're durable wherever
71/// the conversations / knowledge live.
72#[derive(Debug, Clone, Copy, PartialEq, Eq)]
73pub enum StorageBackend {
74 /// Process-local in-memory (the default — local dev / tests). Admin stores
75 /// are the in-memory impls (lost on restart).
76 Memory,
77 /// Postgres + pgvector. Admin stores persist to the same database.
78 Postgres,
79 /// DynamoDB single-table (AWS-serverless). Admin stores persist to the same
80 /// table.
81 Dynamodb,
82}
83
84impl StorageBackend {
85 /// Parse from the `SMOOTH_AGENT_STORAGE` wire value (case-insensitive).
86 /// Unknown / empty falls back to [`StorageBackend::Memory`].
87 #[must_use]
88 pub fn parse(value: &str) -> Self {
89 match value.trim().to_ascii_lowercase().as_str() {
90 "postgres" | "pg" | "postgresql" => Self::Postgres,
91 "dynamodb" | "ddb" | "dynamo" => Self::Dynamodb,
92 _ => Self::Memory,
93 }
94 }
95}
96
97/// Fully-resolved server configuration.
98#[derive(Debug, Clone)]
99pub struct ServerConfig {
100 /// IP address to bind (`127.0.0.1` for local dev, `0.0.0.0` in containers).
101 pub bind: String,
102 /// Port to bind.
103 pub port: u16,
104 /// LLM gateway base URL.
105 pub gateway_url: String,
106 /// Optional gateway API key. `None` means LLM turns are unavailable and
107 /// `send_message` returns a clean error.
108 pub gateway_key: Option<String>,
109 /// Model id.
110 pub model: String,
111 /// Whether to seed the knowledge base with demo docs on startup.
112 pub seed_kb: bool,
113 /// Agent-loop iteration cap per turn.
114 pub max_iterations: u32,
115 /// `max_tokens` per LLM call.
116 pub max_tokens: u32,
117 /// Storage backend (drives both the storage adapter and the matching durable
118 /// admin stores). Defaults to [`StorageBackend::Memory`].
119 pub storage: StorageBackend,
120 /// Fail-closed embeddable-widget auth: when `true`, a session for an agent
121 /// the [`WidgetAuthProvider`](smooth_operator::widget_auth::WidgetAuthProvider)
122 /// has **no** policy for is **rejected** (unknown/unregistered agents can't be
123 /// embedded). When `false` (default), an absent policy is allowed — so the
124 /// permissive default provider leaves `/ws` open. Set `WIDGET_AUTH_STRICT=1`
125 /// in front of a real provider. Origin + `authContext` are always enforced
126 /// for agents that *do* have a policy, regardless of this flag.
127 pub widget_auth_strict: bool,
128 /// **Write-confirmation HITL**: tool-name substrings that require human
129 /// approval before the agent may run them. When non-empty, a turn that calls
130 /// a matching tool **parks** and emits a `confirm_tool_action_required` event;
131 /// the client resumes it with `confirm_tool_action`. Read from
132 /// `SMOOTH_AGENT_CONFIRM_TOOLS` (comma-separated). Empty (the default) means
133 /// no tool ever requires confirmation — no turn parks, byte-for-byte
134 /// unchanged from before HITL. Matched by core's `ConfirmationHook` (`contains`).
135 pub confirm_tools: Vec<String>,
136 /// Cheap fast-tier model for the post-turn conversation-workflow judge
137 /// (SMOODEV-590). Independent of [`model`](Self::model) so the judge stays
138 /// cheap even when a turn runs on a bigger model. Read from
139 /// `SMOOTH_AGENT_JUDGE_MODEL`; defaults to [`DEFAULT_MODEL`] (haiku-tier).
140 pub judge_model: String,
141}
142
143impl ServerConfig {
144 /// Read configuration from the environment, applying documented defaults.
145 #[must_use]
146 pub fn from_env() -> Self {
147 let bind = std::env::var("SMOOTH_AGENT_BIND")
148 .ok()
149 .map(|s| s.trim().to_string())
150 .filter(|s| !s.is_empty())
151 .unwrap_or_else(|| DEFAULT_BIND.to_string());
152
153 let port = std::env::var("SMOOTH_AGENT_PORT")
154 .ok()
155 .and_then(|s| s.trim().parse::<u16>().ok())
156 .unwrap_or(DEFAULT_PORT);
157
158 let gateway_url = std::env::var("SMOOAI_GATEWAY_URL")
159 .ok()
160 .map(|s| s.trim().to_string())
161 .filter(|s| !s.is_empty())
162 .unwrap_or_else(|| DEFAULT_GATEWAY_URL.to_string());
163
164 let gateway_key = std::env::var("SMOOAI_GATEWAY_KEY")
165 .ok()
166 .map(|s| s.trim().to_string())
167 .filter(|s| !s.is_empty());
168
169 let model = std::env::var("SMOOTH_AGENT_MODEL")
170 .ok()
171 .map(|s| s.trim().to_string())
172 .filter(|s| !s.is_empty())
173 .unwrap_or_else(|| DEFAULT_MODEL.to_string());
174
175 let seed_kb = std::env::var("SMOOTH_AGENT_SEED_KB").as_deref() == Ok("1");
176
177 let max_iterations = std::env::var("SMOOTH_AGENT_MAX_ITERATIONS")
178 .ok()
179 .and_then(|s| s.trim().parse::<u32>().ok())
180 .filter(|n| *n > 0)
181 .unwrap_or(DEFAULT_MAX_ITERATIONS);
182
183 let max_tokens = std::env::var("SMOOTH_AGENT_MAX_TOKENS")
184 .ok()
185 .and_then(|s| s.trim().parse::<u32>().ok())
186 .filter(|n| *n > 0)
187 .unwrap_or(DEFAULT_MAX_TOKENS);
188
189 let storage = std::env::var("SMOOTH_AGENT_STORAGE")
190 .ok()
191 .map(|s| StorageBackend::parse(&s))
192 .unwrap_or(StorageBackend::Memory);
193
194 let widget_auth_strict = std::env::var("WIDGET_AUTH_STRICT")
195 .ok()
196 .map(|s| {
197 let s = s.trim().to_ascii_lowercase();
198 s == "1" || s == "true" || s == "yes"
199 })
200 .unwrap_or(false);
201
202 let confirm_tools = std::env::var("SMOOTH_AGENT_CONFIRM_TOOLS")
203 .ok()
204 .map(|s| parse_confirm_tools(&s))
205 .unwrap_or_default();
206
207 let judge_model = std::env::var("SMOOTH_AGENT_JUDGE_MODEL")
208 .ok()
209 .map(|s| s.trim().to_string())
210 .filter(|s| !s.is_empty())
211 .unwrap_or_else(|| DEFAULT_MODEL.to_string());
212
213 Self {
214 bind,
215 port,
216 gateway_url,
217 gateway_key,
218 model,
219 seed_kb,
220 max_iterations,
221 max_tokens,
222 storage,
223 widget_auth_strict,
224 confirm_tools,
225 judge_model,
226 }
227 }
228
229 /// The configured write-confirmation tool patterns, or `None` when none are
230 /// configured (so the runner installs no `ConfirmationHook` and the turn
231 /// behaves exactly as before HITL). `Some` only when at least one non-empty
232 /// pattern is set.
233 #[must_use]
234 pub fn confirmation_tool_patterns(&self) -> Option<Vec<String>> {
235 if self.confirm_tools.is_empty() {
236 None
237 } else {
238 Some(self.confirm_tools.clone())
239 }
240 }
241
242 /// `true` when a gateway key is present, so LLM turns can actually run.
243 #[must_use]
244 pub fn has_llm(&self) -> bool {
245 self.gateway_key.is_some()
246 }
247
248 /// Build the smooth-operator [`LlmConfig`] for live turns using the server's
249 /// configured (env) gateway key.
250 ///
251 /// Returns `None` when no gateway key is configured (callers should emit a
252 /// clean protocol `error` rather than attempting a turn).
253 ///
254 /// In a multi-tenant flavor the per-turn key comes from a
255 /// [`GatewayKeyResolver`](smooth_operator::gateway_key::GatewayKeyResolver)
256 /// instead; use [`llm_config_with_key`](Self::llm_config_with_key) once the
257 /// per-org key is resolved.
258 #[must_use]
259 pub fn llm_config(&self) -> Option<LlmConfig> {
260 let key = self.gateway_key.clone()?;
261 Some(self.llm_config_with_key(key))
262 }
263
264 /// Build the smooth-operator [`LlmConfig`] for live turns with an explicit
265 /// gateway key (gateway URL, model, and limits still come from this config).
266 ///
267 /// This is the per-org seam's entry point: a
268 /// [`GatewayKeyResolver`](smooth_operator::gateway_key::GatewayKeyResolver)
269 /// resolves the key for the turn's org (falling back to the env key), and the
270 /// resolved key is threaded through here. With the default env resolver this
271 /// produces exactly the same config as [`llm_config`](Self::llm_config).
272 #[must_use]
273 pub fn llm_config_with_key(&self, key: String) -> LlmConfig {
274 LlmConfig {
275 api_url: self.gateway_url.clone(),
276 api_key: key,
277 model: self.model.clone(),
278 max_tokens: self.max_tokens,
279 temperature: 0.0,
280 retry_policy: RetryPolicy::default(),
281 api_format: ApiFormat::OpenAiCompat,
282 }
283 }
284
285 /// Build an [`LlmConfig`] **without** requiring a gateway key, for the
286 /// test-only path where a [`MockLlmClient`](smooth_operator_core::llm_provider::MockLlmClient)
287 /// is injected (the scenario-parity corpus). The mock replaces the client
288 /// built from this config, so its url/key/model are never used to make a
289 /// network call — this just satisfies the engine's `LlmConfig` argument so a
290 /// keyless deterministic turn can run. Not reachable on the production path
291 /// (only consulted when `chat_provider` is `Some`).
292 #[must_use]
293 pub fn placeholder_llm_config(&self) -> LlmConfig {
294 LlmConfig {
295 api_url: self.gateway_url.clone(),
296 api_key: "mock-no-network".to_string(),
297 model: self.model.clone(),
298 max_tokens: self.max_tokens,
299 temperature: 0.0,
300 retry_policy: RetryPolicy::default(),
301 api_format: ApiFormat::OpenAiCompat,
302 }
303 }
304}
305
306/// Parse the comma-separated `SMOOTH_AGENT_CONFIRM_TOOLS` value into trimmed,
307/// non-empty tool-name patterns. Whitespace-only / empty entries are dropped so
308/// `","` or `" "` yields no patterns (HITL stays off).
309fn parse_confirm_tools(raw: &str) -> Vec<String> {
310 raw.split(',')
311 .map(str::trim)
312 .filter(|s| !s.is_empty())
313 .map(str::to_string)
314 .collect()
315}
316
317#[cfg(test)]
318mod tests {
319 use super::*;
320
321 #[test]
322 fn defaults_apply_when_env_absent() {
323 // Build a config directly (env-independent) to assert default constants
324 // line up with the documented contract.
325 let cfg = ServerConfig {
326 bind: DEFAULT_BIND.to_string(),
327 port: DEFAULT_PORT,
328 gateway_url: DEFAULT_GATEWAY_URL.to_string(),
329 gateway_key: None,
330 model: DEFAULT_MODEL.to_string(),
331 seed_kb: false,
332 max_iterations: DEFAULT_MAX_ITERATIONS,
333 max_tokens: DEFAULT_MAX_TOKENS,
334 storage: StorageBackend::Memory,
335 widget_auth_strict: false,
336 confirm_tools: Vec::new(),
337 judge_model: DEFAULT_MODEL.to_string(),
338 };
339 assert_eq!(cfg.port, 8787);
340 assert_eq!(cfg.storage, StorageBackend::Memory);
341 assert_eq!(cfg.gateway_url, "https://llm.smoo.ai/v1");
342 assert_eq!(cfg.model, "claude-haiku-4-5");
343 assert!(!cfg.has_llm());
344 assert!(cfg.llm_config().is_none());
345 }
346
347 #[test]
348 fn llm_config_built_when_key_present() {
349 let cfg = ServerConfig {
350 bind: DEFAULT_BIND.to_string(),
351 port: 1,
352 gateway_url: "https://example.test/v1".into(),
353 gateway_key: Some("sk-test".into()),
354 model: "m".into(),
355 seed_kb: false,
356 max_iterations: 4,
357 max_tokens: 128,
358 storage: StorageBackend::Memory,
359 widget_auth_strict: false,
360 confirm_tools: Vec::new(),
361 judge_model: DEFAULT_MODEL.to_string(),
362 };
363 assert!(cfg.has_llm());
364 let llm = cfg.llm_config().expect("llm config");
365 assert_eq!(llm.api_url, "https://example.test/v1");
366 assert_eq!(llm.model, "m");
367 assert_eq!(llm.max_tokens, 128);
368 assert!(matches!(llm.api_format, ApiFormat::OpenAiCompat));
369 }
370
371 #[test]
372 fn storage_backend_parse_maps_aliases_and_defaults_memory() {
373 assert_eq!(StorageBackend::parse("postgres"), StorageBackend::Postgres);
374 assert_eq!(StorageBackend::parse(" PG "), StorageBackend::Postgres);
375 assert_eq!(
376 StorageBackend::parse("PostgreSQL"),
377 StorageBackend::Postgres
378 );
379 assert_eq!(StorageBackend::parse("dynamodb"), StorageBackend::Dynamodb);
380 assert_eq!(StorageBackend::parse("ddb"), StorageBackend::Dynamodb);
381 assert_eq!(StorageBackend::parse("Dynamo"), StorageBackend::Dynamodb);
382 // Memory is the default for the explicit value, unknown values, and empty.
383 assert_eq!(StorageBackend::parse("memory"), StorageBackend::Memory);
384 assert_eq!(StorageBackend::parse("sqlite"), StorageBackend::Memory);
385 assert_eq!(StorageBackend::parse(""), StorageBackend::Memory);
386 }
387}