apunkt/gomcp
1
0
Fork 0
mirror of https://github.com/syntrex-lab/gomcp.git synced 2026-04-26 04:46:22 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Release prep: 54 engines, self-hosted signatures, i18n, dashboard updates

Browse source
This commit is contained in:
DmitrL-dev 2026-03-23 16:45:40 +10:00
parent 694e32be26
commit 41cbfd6e0a
178 changed files with 36008 additions and 399 deletions
Download patch file Download diff file Expand all files Collapse all files

200
internal/config/config.go Normal file
View file

@ -0,0 +1,200 @@
package config
import (
"fmt"
"os"
"time"
"gopkg.in/yaml.v3"
)
// Config is the root configuration loaded from syntrex.yaml (§19.3, §21).
type Config struct {
Server ServerConfig `yaml:"server"`
SOC SOCConfig `yaml:"soc"`
RBAC RBACConfig `yaml:"rbac"`
Webhooks []WebhookConfig `yaml:"webhooks"`
ThreatIntel ThreatIntelConfig `yaml:"threat_intel"`
Sovereign SovereignConfig `yaml:"sovereign"`
P2P P2PConfig `yaml:"p2p"`
Logging LoggingConfig `yaml:"logging"`
}
// ServerConfig defines HTTP server settings.
type ServerConfig struct {
Port int `yaml:"port"`
ReadTimeout time.Duration `yaml:"read_timeout"`
WriteTimeout time.Duration `yaml:"write_timeout"`
RateLimitPerMin int `yaml:"rate_limit_per_min"`
CORSAllowOrigins []string `yaml:"cors_allow_origins"`
}
// SOCConfig defines SOC pipeline settings (§7).
type SOCConfig struct {
DataDir string `yaml:"data_dir"`
MaxEventsPerHour int `yaml:"max_events_per_hour"`
ClusterEnabled bool `yaml:"cluster_enabled"`
ClusterEps float64 `yaml:"cluster_eps"`
ClusterMinPts int `yaml:"cluster_min_pts"`
KillChainEnabled bool `yaml:"kill_chain_enabled"`
SSEBufferSize int `yaml:"sse_buffer_size"`
}
// RBACConfig defines API key authentication (§17).
type RBACConfig struct {
Enabled bool `yaml:"enabled"`
Keys []KeyEntry `yaml:"keys"`
}
// KeyEntry is a pre-configured API key.
type KeyEntry struct {
Key string `yaml:"key"`
Role string `yaml:"role"`
Name string `yaml:"name"`
}
// WebhookConfig defines a SOAR webhook (§15).
type WebhookConfig struct {
ID string `yaml:"id"`
URL string `yaml:"url"`
Events []string `yaml:"events"`
Headers map[string]string `yaml:"headers"`
Active bool `yaml:"active"`
Retries int `yaml:"retries"`
}
// ThreatIntelConfig defines IOC feed sources (§6).
type ThreatIntelConfig struct {
Enabled bool `yaml:"enabled"`
RefreshInterval time.Duration `yaml:"refresh_interval"`
Feeds []FeedConfig `yaml:"feeds"`
}
// FeedConfig is a single threat intel feed.
type FeedConfig struct {
Name string `yaml:"name"`
URL string `yaml:"url"`
Format string `yaml:"format"` // stix, csv, json
Enabled bool `yaml:"enabled"`
}
// SovereignConfig implements §21 — air-gapped deployment mode.
type SovereignConfig struct {
Enabled bool `yaml:"enabled"`
Mode string `yaml:"mode"` // airgap, restricted, open
DisableExternalAPI bool `yaml:"disable_external_api"`
DisableTelemetry bool `yaml:"disable_telemetry"`
LocalModelsOnly bool `yaml:"local_models_only"`
DataRetentionDays int `yaml:"data_retention_days"`
EncryptAtRest bool `yaml:"encrypt_at_rest"`
AuditAllRequests bool `yaml:"audit_all_requests"`
MaxPeers int `yaml:"max_peers"`
}
// P2PConfig defines SOC mesh sync settings (§14).
type P2PConfig struct {
Enabled bool `yaml:"enabled"`
ListenAddr string `yaml:"listen_addr"`
Peers []PeerConfig `yaml:"peers"`
}
// PeerConfig is a pre-configured P2P peer.
type PeerConfig struct {
ID string `yaml:"id"`
Name string `yaml:"name"`
Endpoint string `yaml:"endpoint"`
Trust string `yaml:"trust"` // full, partial, readonly
}
// LoggingConfig defines structured logging settings.
type LoggingConfig struct {
Level string `yaml:"level"` // debug, info, warn, error
Format string `yaml:"format"` // json, text
AccessLog bool `yaml:"access_log"`
AuditLog bool `yaml:"audit_log"`
OutputFile string `yaml:"output_file"`
}
// Load reads and parses config from a YAML file.
func Load(path string) (*Config, error) {
data, err := os.ReadFile(path)
if err != nil {
return nil, fmt.Errorf("config: read %s: %w", path, err)
}
cfg := DefaultConfig()
if err := yaml.Unmarshal(data, cfg); err != nil {
return nil, fmt.Errorf("config: parse %s: %w", path, err)
}
if err := cfg.Validate(); err != nil {
return nil, fmt.Errorf("config: validate: %w", err)
}
return cfg, nil
}
// DefaultConfig returns sensible defaults.
func DefaultConfig() *Config {
return &Config{
Server: ServerConfig{
Port: 9100,
ReadTimeout: 10 * time.Second,
WriteTimeout: 30 * time.Second,
RateLimitPerMin: 100,
},
SOC: SOCConfig{
DataDir: ".syntrex",
MaxEventsPerHour: 10000,
ClusterEnabled: true,
ClusterEps: 0.5,
ClusterMinPts: 3,
KillChainEnabled: true,
SSEBufferSize: 256,
},
RBAC: RBACConfig{
Enabled: false,
},
ThreatIntel: ThreatIntelConfig{
RefreshInterval: 30 * time.Minute,
},
Sovereign: SovereignConfig{
Mode: "open",
DataRetentionDays: 90,
MaxPeers: 10,
},
Logging: LoggingConfig{
Level: "info",
Format: "json",
AccessLog: true,
AuditLog: true,
},
}
}
// Validate checks config for consistency.
func (c *Config) Validate() error {
if c.Server.Port < 1 || c.Server.Port > 65535 {
return fmt.Errorf("server.port must be 1-65535, got %d", c.Server.Port)
}
if c.Sovereign.Enabled && c.Sovereign.Mode == "" {
return fmt.Errorf("sovereign.mode required when sovereign.enabled=true")
}
if c.Sovereign.Enabled && c.Sovereign.Mode == "airgap" {
// Enforce: no external APIs, no telemetry, local only
c.Sovereign.DisableExternalAPI = true
c.Sovereign.DisableTelemetry = true
c.Sovereign.LocalModelsOnly = true
}
return nil
}
// IsSovereign returns whether sovereign mode is active.
func (c *Config) IsSovereign() bool {
return c.Sovereign.Enabled
}
// IsAirGapped returns whether the deployment is fully air-gapped.
func (c *Config) IsAirGapped() bool {
return c.Sovereign.Enabled && c.Sovereign.Mode == "airgap"
}