Struct GatewayConfig 

pub struct GatewayConfig {
    pub enabled: bool,
    pub bind: String,
    pub port: u16,
    pub auth_token: Option<String>,
    pub rate_limit: u32,
    pub max_body_size: usize,
    pub webhook_send_timeout_secs: u64,
    pub trusted_proxy_cidrs: Vec<String>,
}

HTTP webhook gateway configuration, nested under [gateway] in TOML.

When enabled = true, an HTTP server accepts webhook payloads and injects them as user messages into the agent. Requires the gateway feature flag.

Example (TOML)

[gateway]
enabled = true
bind = "127.0.0.1"
port = 8090
auth_token = "secret"
rate_limit = 60
max_body_size = 1048576
webhook_send_timeout_secs = 5

Fields

enabled: bool

Enable the HTTP gateway. Default: false.

bind: String

IP address to bind the gateway to. Default: "127.0.0.1".

port: u16

Port to listen on. Default: 8090.

auth_token: Option<String>

Bearer token for request authentication. When set, all requests must include Authorization: Bearer <token>. Default: None (no auth).

rate_limit: u32

Maximum requests per minute. Must be > 0. Default: 120.

max_body_size: usize

Maximum request body size in bytes. Must be <= 10 MiB. Default: 1048576 (1 MiB).

webhook_send_timeout_secs: u64

Maximum seconds to wait for the agent to consume a webhook message before returning 503 Service Unavailable. Default: 5.

trusted_proxy_cidrs: Vec<String>

CIDR ranges of trusted reverse proxies (e.g. ["10.0.0.0/8", "172.16.0.0/12"]).

When non-empty, the rate limiter applies the rightmost-untrusted algorithm on the X-Forwarded-For header: it walks the header from right to left and picks the first IP address that does NOT fall within any listed CIDR. This is the correct algorithm when your proxy chain always appends, never prepends, so the rightmost entry added by the infrastructure is the one closest to your origin.

Leave empty (the default) to use the raw TCP peer address for rate limiting, which is correct for deployments without a reverse proxy.

Security note: only list CIDRs you fully control. Any IP in a trusted CIDR can forge X-Forwarded-For and bypass per-IP rate limiting.

Implementations

impl GatewayConfig

pub fn validate(&self) -> Result<(), String>

Validate gateway configuration values.

Errors

Returns an error string when:

• webhook_send_timeout_secs is 0 or exceeds 300
• max_body_size exceeds 10 MiB (10485760 bytes)
• rate_limit is 0 (causes division-by-zero in the token-bucket rate limiter)

Trait Implementations

impl Clone for GatewayConfig

fn clone(&self) -> GatewayConfig

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for GatewayConfig

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for GatewayConfig

fn default() -> Self

Returns the “default value” for a type.

impl<'de> Deserialize<'de> for GatewayConfig

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl Serialize for GatewayConfig

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>

where __S: Serializer,

Serialize this value into the given Serde serializer.