Skip to main content

systemprompt_models/profile/
from_env.rs

1//! Profile creation from environment variables.
2//!
3//! This module provides functionality to create Profile configurations
4//! from environment variables, typically used in cloud/container deployments.
5
6use super::{
7    default_agent_registry, default_agents, default_artifacts, default_burst, default_content,
8    default_contexts, default_mcp, default_mcp_registry, default_oauth_auth, default_oauth_public,
9    default_stream, default_tasks, DatabaseConfig, ExtensionsConfig, PathsConfig, Profile,
10    ProfileType, RateLimitsConfig, RuntimeConfig, SecurityConfig, ServerConfig, SiteConfig,
11    TierMultipliers,
12};
13use anyhow::{Context, Result};
14
15impl Profile {
16    /// Creates a Profile from environment variables.
17    ///
18    /// This is primarily used for cloud deployments where configuration
19    /// is passed via environment variables rather than files.
20    pub fn from_env(profile_name: &str, display_name: &str) -> Result<Self> {
21        let require_env = |key: &str| -> Result<String> {
22            std::env::var(key)
23                .with_context(|| format!("Missing required environment variable: {}", key))
24        };
25
26        let db_type = get_env("DATABASE_TYPE")
27            .ok_or_else(|| anyhow::anyhow!("DATABASE_TYPE environment variable is required"))?;
28
29        Ok(Self {
30            name: profile_name.to_string(),
31            display_name: display_name.to_string(),
32            target: ProfileType::Cloud,
33            site: site_config_from_env(&require_env)?,
34            database: DatabaseConfig {
35                db_type,
36                external_db_access: false,
37            },
38            server: server_config_from_env(&require_env)?,
39            paths: paths_config_from_env(&require_env)?,
40            security: security_config_from_env()?,
41            rate_limits: rate_limits_from_env(),
42            runtime: runtime_config_from_env()?,
43            cloud: None,
44            secrets: None,
45            extensions: ExtensionsConfig::default(),
46        })
47    }
48}
49
50fn get_env(key: &str) -> Option<String> {
51    std::env::var(key).ok()
52}
53
54fn site_config_from_env(require_env: &dyn Fn(&str) -> Result<String>) -> Result<SiteConfig> {
55    Ok(SiteConfig {
56        name: require_env("SITENAME")?,
57        github_link: get_env("GITHUB_LINK"),
58    })
59}
60
61fn server_config_from_env(require_env: &dyn Fn(&str) -> Result<String>) -> Result<ServerConfig> {
62    Ok(ServerConfig {
63        host: require_env("HOST")?,
64        port: require_env("PORT")?.parse().context("Invalid PORT")?,
65        api_server_url: require_env("API_SERVER_URL")?,
66        api_internal_url: require_env("API_INTERNAL_URL")?,
67        api_external_url: require_env("API_EXTERNAL_URL")?,
68        use_https: get_env("USE_HTTPS").is_some_and(|v| v.to_lowercase() == "true"),
69        cors_allowed_origins: get_env("CORS_ALLOWED_ORIGINS")
70            .map(|s| s.split(',').map(|s| s.trim().to_string()).collect())
71            .unwrap_or_default(),
72    })
73}
74
75fn paths_config_from_env(require_env: &dyn Fn(&str) -> Result<String>) -> Result<PathsConfig> {
76    Ok(PathsConfig {
77        system: require_env("SYSTEM_PATH")?,
78        services: require_env("SYSTEMPROMPT_SERVICES_PATH")?,
79        bin: require_env("BIN_PATH")?,
80        storage: get_env("STORAGE_PATH"),
81        geoip_database: get_env("GEOIP_DATABASE_PATH"),
82        web_path: get_env("SYSTEMPROMPT_WEB_PATH"),
83    })
84}
85
86fn security_config_from_env() -> Result<SecurityConfig> {
87    use crate::auth::JwtAudience;
88
89    let issuer = get_env("JWT_ISSUER")
90        .ok_or_else(|| anyhow::anyhow!("JWT_ISSUER environment variable is required"))?;
91
92    let access_token_expiration = get_env("JWT_ACCESS_TOKEN_EXPIRATION")
93        .ok_or_else(|| {
94            anyhow::anyhow!("JWT_ACCESS_TOKEN_EXPIRATION environment variable is required")
95        })?
96        .parse()
97        .map_err(|e| anyhow::anyhow!("Failed to parse JWT_ACCESS_TOKEN_EXPIRATION: {e}"))?;
98
99    let refresh_token_expiration = get_env("JWT_REFRESH_TOKEN_EXPIRATION")
100        .ok_or_else(|| {
101            anyhow::anyhow!("JWT_REFRESH_TOKEN_EXPIRATION environment variable is required")
102        })?
103        .parse()
104        .map_err(|e| anyhow::anyhow!("Failed to parse JWT_REFRESH_TOKEN_EXPIRATION: {e}"))?;
105
106    let audiences = get_env("JWT_AUDIENCES")
107        .ok_or_else(|| anyhow::anyhow!("JWT_AUDIENCES environment variable is required"))?
108        .split(',')
109        .map(|s| s.trim().parse::<JwtAudience>())
110        .collect::<Result<Vec<_>>>()?;
111
112    Ok(SecurityConfig {
113        issuer,
114        access_token_expiration,
115        refresh_token_expiration,
116        audiences,
117    })
118}
119
120fn rate_limits_from_env() -> RateLimitsConfig {
121    let parse_rate = |key: &str, default: fn() -> u64| -> u64 {
122        get_env(key)
123            .and_then(|s| {
124                s.parse()
125                    .map_err(|e| {
126                        tracing::warn!(key = %key, value = %s, error = %e, "Failed to parse rate limit value");
127                        e
128                    })
129                    .ok()
130            })
131            .unwrap_or_else(default)
132    };
133
134    RateLimitsConfig {
135        disabled: get_env("RATE_LIMIT_DISABLED").is_some_and(|v| v.to_lowercase() == "true"),
136        oauth_public_per_second: parse_rate(
137            "RATE_LIMIT_OAUTH_PUBLIC_PER_SECOND",
138            default_oauth_public,
139        ),
140        oauth_auth_per_second: parse_rate("RATE_LIMIT_OAUTH_AUTH_PER_SECOND", default_oauth_auth),
141        contexts_per_second: parse_rate("RATE_LIMIT_CONTEXTS_PER_SECOND", default_contexts),
142        tasks_per_second: parse_rate("RATE_LIMIT_TASKS_PER_SECOND", default_tasks),
143        artifacts_per_second: parse_rate("RATE_LIMIT_ARTIFACTS_PER_SECOND", default_artifacts),
144        agent_registry_per_second: parse_rate(
145            "RATE_LIMIT_AGENT_REGISTRY_PER_SECOND",
146            default_agent_registry,
147        ),
148        agents_per_second: parse_rate("RATE_LIMIT_AGENTS_PER_SECOND", default_agents),
149        mcp_registry_per_second: parse_rate(
150            "RATE_LIMIT_MCP_REGISTRY_PER_SECOND",
151            default_mcp_registry,
152        ),
153        mcp_per_second: parse_rate("RATE_LIMIT_MCP_PER_SECOND", default_mcp),
154        stream_per_second: parse_rate("RATE_LIMIT_STREAM_PER_SECOND", default_stream),
155        content_per_second: parse_rate("RATE_LIMIT_CONTENT_PER_SECOND", default_content),
156        burst_multiplier: parse_rate("RATE_LIMIT_BURST_MULTIPLIER", default_burst),
157        tier_multipliers: TierMultipliers::default(),
158    }
159}
160
161fn runtime_config_from_env() -> Result<RuntimeConfig> {
162    let parse_or_default = |key: &str, default: &str| -> Result<String> {
163        Ok(get_env(key).unwrap_or_else(|| default.to_string()))
164    };
165
166    Ok(RuntimeConfig {
167        environment: parse_or_default("SYSTEMPROMPT_ENV", "development")?
168            .parse()
169            .map_err(|e| anyhow::anyhow!("{}", e))?,
170        log_level: parse_or_default("SYSTEMPROMPT_LOG_LEVEL", "normal")?
171            .parse()
172            .map_err(|e| anyhow::anyhow!("{}", e))?,
173        output_format: parse_or_default("SYSTEMPROMPT_OUTPUT_FORMAT", "text")?
174            .parse()
175            .map_err(|e| anyhow::anyhow!("{}", e))?,
176        no_color: get_env("NO_COLOR").is_some(),
177        non_interactive: get_env("CI").is_some(),
178    })
179}