mirror of
https://github.com/aljazceru/enclava.git
synced 2025-12-17 07:24:34 +01:00
144 lines
4.6 KiB
Python
144 lines
4.6 KiB
Python
"""
|
|
Configuration settings for the application
|
|
"""
|
|
|
|
import os
|
|
from typing import List, Optional, Union
|
|
from pydantic import field_validator
|
|
from pydantic_settings import BaseSettings
|
|
|
|
|
|
class Settings(BaseSettings):
|
|
"""Application settings"""
|
|
|
|
# Application
|
|
APP_NAME: str = "Enclava"
|
|
APP_DEBUG: bool = False
|
|
APP_LOG_LEVEL: str = "INFO"
|
|
APP_HOST: str = "0.0.0.0"
|
|
APP_PORT: int = 8000
|
|
|
|
# Detailed logging for LLM interactions
|
|
LOG_LLM_PROMPTS: bool = False # Set to True to log prompts and context sent to LLM
|
|
|
|
# Database
|
|
DATABASE_URL: str = "postgresql://empire_user:empire_pass@localhost:5432/empire_db"
|
|
|
|
# Redis
|
|
REDIS_URL: str = "redis://localhost:6379"
|
|
|
|
# Security
|
|
JWT_SECRET: str = "your-super-secret-jwt-key-here"
|
|
JWT_ALGORITHM: str = "HS256"
|
|
ACCESS_TOKEN_EXPIRE_MINUTES: int = 30
|
|
REFRESH_TOKEN_EXPIRE_MINUTES: int = 60 * 24 * 7 # 7 days
|
|
SESSION_EXPIRE_MINUTES: int = 60 * 24 # 24 hours
|
|
API_KEY_PREFIX: str = "en_"
|
|
|
|
# Admin user provisioning
|
|
ADMIN_USER: str = "admin"
|
|
ADMIN_PASSWORD: str = "admin123"
|
|
ADMIN_EMAIL: Optional[str] = None
|
|
|
|
# Base URL for deriving CORS origins
|
|
BASE_URL: str = "localhost"
|
|
|
|
@field_validator('CORS_ORIGINS', mode='before')
|
|
@classmethod
|
|
def derive_cors_origins(cls, v, info):
|
|
"""Derive CORS origins from BASE_URL if not explicitly set"""
|
|
if v is None:
|
|
base_url = info.data.get('BASE_URL', 'localhost')
|
|
return [f"http://{base_url}"]
|
|
return v if isinstance(v, list) else [v]
|
|
|
|
# CORS origins (derived from BASE_URL)
|
|
CORS_ORIGINS: Optional[List[str]] = None
|
|
|
|
# LLM Service Configuration (replaced LiteLLM)
|
|
# LLM service configuration is now handled in app/services/llm/config.py
|
|
|
|
# LLM Service Security (removed encryption - credentials handled by proxy)
|
|
|
|
# Plugin System Security
|
|
PLUGIN_ENCRYPTION_KEY: Optional[str] = None # Key for encrypting plugin secrets and configurations
|
|
|
|
# API Keys for LLM providers
|
|
OPENAI_API_KEY: Optional[str] = None
|
|
ANTHROPIC_API_KEY: Optional[str] = None
|
|
GOOGLE_API_KEY: Optional[str] = None
|
|
PRIVATEMODE_API_KEY: Optional[str] = None
|
|
PRIVATEMODE_PROXY_URL: str = "http://privatemode-proxy:8080/v1"
|
|
|
|
# Qdrant
|
|
QDRANT_HOST: str = "localhost"
|
|
QDRANT_PORT: int = 6333
|
|
QDRANT_API_KEY: Optional[str] = None
|
|
|
|
# API & Security Settings
|
|
API_SECURITY_ENABLED: bool = True
|
|
API_THREAT_DETECTION_ENABLED: bool = True
|
|
API_IP_REPUTATION_ENABLED: bool = True
|
|
API_ANOMALY_DETECTION_ENABLED: bool = True
|
|
|
|
# Rate Limiting Configuration
|
|
API_RATE_LIMITING_ENABLED: bool = True
|
|
|
|
# Authenticated users (JWT token)
|
|
API_RATE_LIMIT_AUTHENTICATED_PER_MINUTE: int = 300
|
|
API_RATE_LIMIT_AUTHENTICATED_PER_HOUR: int = 5000
|
|
|
|
# API key users (programmatic access)
|
|
API_RATE_LIMIT_API_KEY_PER_MINUTE: int = 1000
|
|
API_RATE_LIMIT_API_KEY_PER_HOUR: int = 20000
|
|
|
|
# Premium/Enterprise API keys
|
|
API_RATE_LIMIT_PREMIUM_PER_MINUTE: int = 5000
|
|
API_RATE_LIMIT_PREMIUM_PER_HOUR: int = 100000
|
|
|
|
# Security Thresholds
|
|
API_SECURITY_RISK_THRESHOLD: float = 0.8 # Block requests above this risk score
|
|
API_SECURITY_WARNING_THRESHOLD: float = 0.6 # Log warnings above this threshold
|
|
API_SECURITY_ANOMALY_THRESHOLD: float = 0.7 # Flag anomalies above this threshold
|
|
|
|
# Request Size Limits
|
|
API_MAX_REQUEST_BODY_SIZE: int = 10 * 1024 * 1024 # 10MB
|
|
API_MAX_REQUEST_BODY_SIZE_PREMIUM: int = 50 * 1024 * 1024 # 50MB for premium
|
|
|
|
# IP Security
|
|
API_BLOCKED_IPS: List[str] = [] # IPs to always block
|
|
API_ALLOWED_IPS: List[str] = [] # IPs to always allow (empty = allow all)
|
|
API_IP_REPUTATION_CACHE_TTL: int = 3600 # 1 hour
|
|
|
|
# Security Headers
|
|
API_SECURITY_HEADERS_ENABLED: bool = True
|
|
API_CSP_HEADER: str = "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'"
|
|
|
|
# Monitoring
|
|
PROMETHEUS_ENABLED: bool = True
|
|
PROMETHEUS_PORT: int = 9090
|
|
|
|
# File uploads
|
|
MAX_UPLOAD_SIZE: int = 10 * 1024 * 1024 # 10MB
|
|
|
|
# Module configuration
|
|
MODULES_CONFIG_PATH: str = "config/modules.yaml"
|
|
|
|
# Plugin configuration
|
|
PLUGINS_DIR: str = "/plugins"
|
|
PLUGINS_CONFIG_PATH: str = "config/plugins.yaml"
|
|
PLUGIN_REPOSITORY_URL: str = "https://plugins.enclava.com"
|
|
|
|
# Logging
|
|
LOG_FORMAT: str = "json"
|
|
LOG_LEVEL: str = "INFO"
|
|
|
|
|
|
model_config = {
|
|
"env_file": ".env",
|
|
"case_sensitive": True
|
|
}
|
|
|
|
|
|
# Global settings instance
|
|
settings = Settings() |