@simbimbo/brainstem 0.0.2 → 0.0.4

package/brainstem/api.py

@@ -1,27 +1,111 @@
 from __future__ import annotations
 
 from datetime import datetime
+import os
+import secrets
+import sys
+from dataclasses import asdict
 from typing import Any, Dict, List, Optional
 
 import json
-from fastapi import FastAPI, HTTPException, Query
-from fastapi.responses import JSONResponse
+from fastapi import Depends, FastAPI, Header, HTTPException, Query
 from pydantic import BaseModel, Field
 
-from .ingest import canonicalize_raw_input_envelopes
+from .ingest import ReplayAttempt, replay_raw_envelopes_by_ids, run_ingest_pipeline
 from .interesting import interesting_items
+from .config import get_runtime_config
+from .fingerprint import normalize_message
+from . import __version__
 from .models import Candidate, RawInputEnvelope
-from .recurrence import build_recurrence_candidates
-from .storage import init_db, list_candidates, store_candidates, store_events, store_signatures
-from .ingest import signatures_for_events
+from .storage import (
+    RAW_ENVELOPE_STATUSES,
+    extract_source_raw_envelope_ids,
+    get_ingest_stats,
+    list_candidates,
+    list_signatures,
+    get_raw_envelope_by_id,
+    get_raw_envelopes_by_ids,
+    get_source_dimension_summaries,
+    get_source_status_summaries,
+    list_canonical_events,
+    list_recent_failed_raw_envelopes,
+    list_recent_raw_envelopes,
+)
 
 
 app = FastAPI(title="brAInstem Runtime")
+RUNTIME_CONFIG = get_runtime_config()
+API_TOKEN_ENV_VAR = RUNTIME_CONFIG.api_token_env_var
+API_TOKEN_HEADER = "X-API-Token"
+RUNTIME_DEFAULTS = asdict(RUNTIME_CONFIG.defaults)
+RUNTIME_LIMITS = {k: v for k, v in asdict(RUNTIME_CONFIG.limits).items() if k != "replay_allowed_statuses"}
+MAX_REPLAY_IDS = RUNTIME_LIMITS["replay_raw_max_ids"]
+DEFAULT_INGEST_THRESHOLD = RUNTIME_DEFAULTS["ingest_threshold"]
+DEFAULT_BATCH_THRESHOLD = RUNTIME_DEFAULTS["batch_threshold"]
+DEFAULT_INTERESTING_LIMIT = RUNTIME_DEFAULTS["interesting_limit"]
+DEFAULT_FAILURE_LIMIT = RUNTIME_DEFAULTS["failure_limit"]
+DEFAULT_INGEST_RECENT_LIMIT = RUNTIME_DEFAULTS["ingest_recent_limit"]
+DEFAULT_SOURCES_LIMIT = RUNTIME_DEFAULTS["sources_limit"]
+DEFAULT_SOURCES_STATUS_LIMIT = RUNTIME_DEFAULTS["sources_status_limit"]
+DEFAULT_REPLAY_THRESHOLD = RUNTIME_DEFAULTS["replay_threshold"]
+DEFAULT_REPLAY_ALLOWED_STATUSES = tuple(RUNTIME_CONFIG.limits.replay_allowed_statuses)
+CAPABILITIES = {
+    "ingest_endpoints": {
+        "single_event": True,
+        "batch_events": True,
+        "replay_raw": True,
+    },
+    "inspection_endpoints": {
+        "interesting": True,
+        "candidates": True,
+        "signatures": True,
+        "canonical_events": True,
+        "stats": True,
+        "raw_envelopes": True,
+        "failures": True,
+        "ingest_recent": True,
+        "sources": True,
+    },
+}
+
+
+def _configured_api_token() -> str:
+    return os.getenv(API_TOKEN_ENV_VAR, "").strip()
+
+
+def is_api_token_auth_enabled() -> bool:
+    return bool(_configured_api_token())
+
+
+def _extract_bearer_token(authorization: Optional[str]) -> Optional[str]:
+    if not authorization:
+        return None
+    scheme, separator, token = authorization.partition(" ")
+    if separator != " ":
+        return None
+    if scheme.lower() != "bearer":
+        return None
+    return token.strip() or None
+
+
+def _require_api_token(
+    x_api_token: Optional[str] = Header(default=None, alias=API_TOKEN_HEADER),
+    authorization: Optional[str] = Header(default=None),
+) -> None:
+    configured_token = _configured_api_token()
+    if not configured_token:
+        return
+
+    provided_token = x_api_token or _extract_bearer_token(authorization)
+    if not provided_token or not secrets.compare_digest(provided_token, configured_token):
+        raise HTTPException(status_code=401, detail="missing or invalid API token")
 
 
 class RawEnvelopeRequest(BaseModel):
     tenant_id: str
     source_type: str
+    source_id: str = ""
+    source_name: str = ""
     message_raw: str
     timestamp: Optional[str] = None
     host: str = ""
@@ -41,14 +125,24 @@ class IngestEventRequest(RawEnvelopeRequest):
 
 class IngestBatchRequest(BaseModel):
     events: List[RawEnvelopeRequest]
-    threshold: int = Field(default=2, ge=1)
+    threshold: int = Field(default=DEFAULT_BATCH_THRESHOLD, ge=1)
     db_path: Optional[str] = None
 
 
+class ReplayRawRequest(BaseModel):
+    db_path: str
+    raw_envelope_ids: List[int] = Field(default_factory=list, min_length=1, max_length=MAX_REPLAY_IDS)
+    threshold: int = Field(default=DEFAULT_REPLAY_THRESHOLD, ge=1)
+    force: bool = False
+    allowed_statuses: List[str] = Field(default_factory=lambda: list(DEFAULT_REPLAY_ALLOWED_STATUSES))
+
+
 def _raw_envelope_from_request(payload: RawEnvelopeRequest) -> RawInputEnvelope:
     return RawInputEnvelope(
         tenant_id=payload.tenant_id,
         source_type=payload.source_type,
+        source_id=payload.source_id,
+        source_name=payload.source_name,
         timestamp=payload.timestamp or datetime.utcnow().isoformat() + "Z",
         message_raw=payload.message_raw,
         host=payload.host,
@@ -78,18 +172,166 @@ def _candidate_from_row(row) -> Candidate:
     )
 
 
+def _candidate_inspection_from_row(row, db_path: str | None) -> Dict[str, Any]:
+    candidate = _candidate_from_row(row)
+    inspected = interesting_items([candidate], limit=1)
+    summary = inspected[0] if inspected else {
+        "title": candidate.title,
+        "summary": candidate.summary,
+        "decision_band": candidate.decision_band,
+        "attention_band": None,
+        "attention_score": candidate.score_total,
+        "score_total": candidate.score_total,
+        "attention_explanation": [],
++        "score_breakdown": candidate.score_breakdown,
+    }
+
+    raw_envelope_ids = extract_source_raw_envelope_ids(row["metadata_json"])
+    raw_envelopes = []
+    if raw_envelope_ids:
+        raw_envelope_rows = get_raw_envelopes_by_ids(raw_envelope_ids, db_path=db_path)
+        raw_envelope_index = {raw_row["id"]: raw_row for raw_row in raw_envelope_rows}
+        raw_envelopes = [
+            _raw_envelope_from_row(raw_envelope_index[row_id])
+            for row_id in raw_envelope_ids
+            if row_id in raw_envelope_index
+        ]
+
+    return {
+        **summary,
+        "id": row["id"],
+        "candidate_type": candidate.candidate_type,
+        "confidence": candidate.confidence,
+        "source_signature_ids": candidate.source_signature_ids,
+        "source_event_ids": candidate.source_event_ids,
+        "score_breakdown": candidate.score_breakdown,
+        "raw_envelope_ids": raw_envelope_ids,
+        "raw_envelopes": raw_envelopes,
+    }
+
+
+def _signature_inspection_from_row(row, db_path: str | None) -> Dict[str, Any]:
+    metadata = json.loads(row["metadata_json"] or "{}")
+    if not isinstance(metadata, dict):
+        metadata = {}
+    raw_envelope_ids = extract_source_raw_envelope_ids(row["metadata_json"])
+    occurrence_count = int(row["occurrence_count"]) if row["occurrence_count"] is not None else 0
+    raw_envelope_count = len(raw_envelope_ids)
+
+    return {
+        "signature_key": row["signature_key"],
+        "event_family": row["event_family"],
+        "normalized_pattern": row["normalized_pattern"],
+        "service": row["service"],
+        "occurrence_count": occurrence_count,
+        "raw_envelope_ids": raw_envelope_ids,
+        "raw_envelope_count": raw_envelope_count,
+        "recurrence": {
+            "occurrence_count": occurrence_count,
+            "raw_envelope_count": raw_envelope_count,
+            "signature_id": row["id"],
+        },
+        "metadata": metadata,
+    }
+
+
+def _canonical_event_from_row(row) -> Dict[str, Any]:
+    message_raw = row["message_raw"] or ""
+    return {
+        "raw_envelope_id": row["id"],
+        "tenant_id": row["tenant_id"],
+        "source": row["source_type"],
+        "source_type": row["source_type"],
+        "message_raw": message_raw,
+        "timestamp": row["timestamp"],
+        "host": row["host"] or "",
+        "service": row["service"] or "",
+        "severity": row["severity"] or "info",
+        "message_normalized": normalize_message(message_raw),
+    }
+
+
+def _raw_envelope_from_row(row) -> Dict[str, Any]:
+    return {
+        "id": row["id"],
+        "tenant_id": row["tenant_id"],
+        "source_type": row["source_type"],
+        "source_id": row["source_id"],
+        "source_name": row["source_name"],
+        "timestamp": row["timestamp"],
+        "host": row["host"],
+        "service": row["service"],
+        "severity": row["severity"],
+        "asset_id": row["asset_id"],
+        "source_path": row["source_path"],
+        "facility": row["facility"],
+        "message_raw": row["message_raw"],
+        "structured_fields": json.loads(row["structured_fields_json"] or "{}"),
+        "correlation_keys": json.loads(row["correlation_keys_json"] or "{}"),
+        "metadata": json.loads(row["metadata_json"] or "{}"),
+        "canonicalization_status": row["canonicalization_status"],
+        "failure_reason": row["failure_reason"],
+    }
+
+
+def _replay_attempt_from_item(item: ReplayAttempt) -> Dict[str, Any]:
+    return {
+        "raw_envelope_id": item.raw_envelope_id,
+        "reason": item.reason,
+        "status": item.status,
+    }
+
+
+def _runtime_summary() -> Dict[str, Any]:
+    runtime_config = get_runtime_config()
+    return {
+        "version": __version__,
+        "runtime": {
+            "python_version": ".".join(str(item) for item in sys.version_info[:3]),
+            "api_token_env": runtime_config.api_token_env_var,
+            "config": runtime_config.as_dict(),
+        },
+        "capability_flags": CAPABILITIES,
+        "auth_state": {
+            "api_token_configured": is_api_token_auth_enabled(),
+            "supports_x_api_token_header": True,
+            "supports_bearer_header": True,
+        },
+        "defaults": dict(RUNTIME_DEFAULTS),
+        "limits": dict(RUNTIME_LIMITS),
+    }
+
+
+def _status_payload() -> Dict[str, Any]:
+    runtime_summary = _runtime_summary()
+    return {
+        "ok": True,
+        "status": "ok",
+        "runtime": runtime_summary,
+        "api_token_enabled": runtime_summary["auth_state"]["api_token_configured"],
+    }
+
+
 def _run_ingest_batch(raw_events: List[RawInputEnvelope], *, threshold: int, db_path: Optional[str]) -> Dict[str, Any]:
-    events = canonicalize_raw_input_envelopes(raw_events)
+    result = run_ingest_pipeline(raw_events, threshold=threshold, db_path=db_path)
+    events = result.events
+    parse_failed = result.parse_failed
+    item_results = [asdict(item) for item in result.item_results]
+
     if not events:
-        return {"ok": True, "event_count": 0, "signature_count": 0, "candidate_count": 0, "interesting_items": []}
+        return {
+            "ok": True,
+            "event_count": 0,
+            "signature_count": 0,
+            "candidate_count": 0,
+            "item_count": len(raw_events),
+            "item_results": item_results,
+            "parse_failed": parse_failed,
+            "interesting_items": [],
+        }
 
-    signatures = signatures_for_events(events)
-    candidates = build_recurrence_candidates(events, signatures, threshold=threshold)
-    if db_path:
-        init_db(db_path)
-        store_events(events, db_path)
-        store_signatures(signatures, db_path)
-        store_candidates(candidates, db_path)
+    signatures = result.signatures
+    candidates = result.candidates
 
     return {
         "ok": True,
@@ -97,26 +339,61 @@ def _run_ingest_batch(raw_events: List[RawInputEnvelope], *, threshold: int, db_
         "event_count": len(events),
         "signature_count": len({sig.signature_key for sig in signatures}),
         "candidate_count": len(candidates),
+        "item_count": len(raw_events),
+        "item_results": item_results,
+        "parse_failed": parse_failed,
         "interesting_items": interesting_items(candidates, limit=max(1, 5)),
     }
 
 
-@app.post("/ingest/event")
-def ingest_event(payload: IngestEventRequest, threshold: int = 2, db_path: Optional[str] = None) -> Dict[str, Any]:
+@app.post("/replay/raw", dependencies=[Depends(_require_api_token)])
+def replay_raw(payload: ReplayRawRequest) -> Dict[str, Any]:
+    if not payload.raw_envelope_ids:
+        raise HTTPException(status_code=422, detail="raw_envelope_ids is required")
+    if payload.allowed_statuses:
+        invalid = [status for status in payload.allowed_statuses if status not in RAW_ENVELOPE_STATUSES]
+        if invalid:
+            raise HTTPException(
+                status_code=422,
+                detail=f"invalid status in allowed_statuses: {invalid}; expected one of: {', '.join(RAW_ENVELOPE_STATUSES)}",
+            )
+
+    result = replay_raw_envelopes_by_ids(
+        payload.raw_envelope_ids,
+        db_path=payload.db_path,
+        threshold=payload.threshold,
+        force=payload.force,
+        allowed_statuses=payload.allowed_statuses,
+    )
+    return {
+        "ok": True,
+        "db_path": payload.db_path,
+        "requested_raw_envelope_ids": result.requested_raw_envelope_ids,
+        "attempted_raw_envelope_ids": result.attempted_raw_envelope_ids,
+        "skipped": [_replay_attempt_from_item(item) for item in result.skipped],
+        "event_count": len(result.events),
+        "signature_count": len(result.signatures),
+        "candidate_count": len(result.candidates),
+        "parse_failed": result.parse_failed,
+    }
+
+
+@app.post("/ingest/event", dependencies=[Depends(_require_api_token)])
+def ingest_event(payload: IngestEventRequest, threshold: int = DEFAULT_INGEST_THRESHOLD, db_path: Optional[str] = None) -> Dict[str, Any]:
     if threshold < 1:
         raise HTTPException(status_code=422, detail="threshold must be >= 1")
     return _run_ingest_batch([_raw_envelope_from_request(payload)], threshold=threshold, db_path=db_path)
 
 
-@app.post("/ingest/batch")
+@app.post("/ingest/batch", dependencies=[Depends(_require_api_token)])
 def ingest_batch(payload: IngestBatchRequest) -> Dict[str, Any]:
     raw_events = [_raw_envelope_from_request(event) for event in payload.events]
     return _run_ingest_batch(raw_events, threshold=payload.threshold, db_path=payload.db_path)
 
 
-@app.get("/interesting")
+@app.get("/interesting", dependencies=[Depends(_require_api_token)])
 def get_interesting(
-    limit: int = Query(default=5, ge=1),
+    limit: int = Query(default=DEFAULT_INTERESTING_LIMIT, ge=1),
     db_path: Optional[str] = None,
 ) -> Dict[str, Any]:
     if not db_path:
@@ -126,6 +403,189 @@ def get_interesting(
     return {"ok": True, "items": interesting_items(candidates, limit=limit)}
 
 
+@app.get("/candidates", dependencies=[Depends(_require_api_token)])
+def get_candidates(
+    limit: int = Query(default=DEFAULT_INTERESTING_LIMIT, ge=1),
+    db_path: Optional[str] = None,
+    candidate_type: Optional[str] = None,
+    decision_band: Optional[str] = None,
+    min_score_total: Optional[float] = Query(default=None, ge=0),
+) -> Dict[str, Any]:
+    if not db_path:
+        return {"ok": True, "count": 0, "items": []}
+
+    rows = list_candidates(
+        db_path=db_path,
+        limit=limit,
+        candidate_type=candidate_type,
+        decision_band=decision_band,
+        min_score_total=min_score_total,
+    )
+    items = [_candidate_inspection_from_row(row, db_path=db_path) for row in rows]
+    return {"ok": True, "count": len(items), "items": items}
+
+
+@app.get("/signatures", dependencies=[Depends(_require_api_token)])
+def get_signatures(
+    limit: int = Query(default=DEFAULT_INTERESTING_LIMIT, ge=1),
+    db_path: Optional[str] = None,
+    event_family: Optional[str] = None,
+    service: Optional[str] = None,
+    min_occurrence_count: Optional[int] = Query(default=None, ge=1),
+) -> Dict[str, Any]:
+    if not db_path:
+        return {"ok": True, "count": 0, "items": []}
+
+    rows = list_signatures(
+        db_path=db_path,
+        limit=limit,
+        event_family=event_family,
+        service=service,
+        min_occurrence_count=min_occurrence_count,
+    )
+    items = [_signature_inspection_from_row(row, db_path=db_path) for row in rows]
+    return {"ok": True, "count": len(items), "items": items}
+
+
+@app.get("/stats", dependencies=[Depends(_require_api_token)])
+def get_stats(db_path: Optional[str] = None) -> Dict[str, Any]:
+    return {"ok": True, **get_ingest_stats(db_path)}
+
+
+@app.get("/failures", dependencies=[Depends(_require_api_token)])
+def get_failures(
+    limit: int = Query(default=DEFAULT_FAILURE_LIMIT, ge=1),
+    status: Optional[str] = None,
+    db_path: Optional[str] = None,
+) -> Dict[str, Any]:
+    if status is not None and status not in RAW_ENVELOPE_STATUSES:
+        raise HTTPException(
+            status_code=422,
+            detail=f"invalid status '{status}'; expected one of: {', '.join(RAW_ENVELOPE_STATUSES)}",
+        )
+
+    rows = list_recent_failed_raw_envelopes(db_path=db_path, status=status, limit=limit)
+    items = [_raw_envelope_from_row(row) for row in rows]
+    return {"ok": True, "items": items, "count": len(items), "status": status}
+
+
+@app.get("/raw_envelopes", dependencies=[Depends(_require_api_token)])
+def get_raw_envelopes(
+    limit: int = Query(default=DEFAULT_INGEST_RECENT_LIMIT, ge=1),
+    status: Optional[str] = None,
+    tenant_id: Optional[str] = None,
+    source_type: Optional[str] = None,
+    source_id: Optional[str] = None,
+    source_path: Optional[str] = None,
+    db_path: Optional[str] = None,
+) -> Dict[str, Any]:
+    if status is not None and status not in RAW_ENVELOPE_STATUSES:
+        raise HTTPException(
+            status_code=422,
+            detail=f"invalid status '{status}'; expected one of: {', '.join(RAW_ENVELOPE_STATUSES)}",
+        )
+    rows = list_recent_raw_envelopes(
+        db_path=db_path,
+        status=status,
+        limit=limit,
+        tenant_id=tenant_id,
+        source_type=source_type,
+        source_id=source_id,
+        source_path=source_path,
+        failures_only=False,
+    )
+    items = [_raw_envelope_from_row(row) for row in rows]
+    return {"ok": True, "items": items, "count": len(items)}
+
+
+@app.get("/ingest/recent", dependencies=[Depends(_require_api_token)])
+def get_ingest_recent(
+    limit: int = Query(default=DEFAULT_INGEST_RECENT_LIMIT, ge=1),
+    status: Optional[str] = None,
+    db_path: Optional[str] = None,
+) -> Dict[str, Any]:
+    if status is not None and status not in RAW_ENVELOPE_STATUSES:
+        raise HTTPException(
+            status_code=422,
+            detail=f"invalid status '{status}'; expected one of: {', '.join(RAW_ENVELOPE_STATUSES)}",
+        )
+    rows = list_recent_raw_envelopes(db_path=db_path, status=status, limit=limit, failures_only=False)
+    items = [_raw_envelope_from_row(row) for row in rows]
+    return {"ok": True, "items": items, "count": len(items), "status": status}
+
+
+@app.get("/canonical_events", dependencies=[Depends(_require_api_token)])
+def get_canonical_events(
+    limit: int = Query(default=DEFAULT_INGEST_RECENT_LIMIT, ge=1),
+    tenant_id: Optional[str] = None,
+    source: Optional[str] = None,
+    host: Optional[str] = None,
+    service: Optional[str] = None,
+    severity: Optional[str] = None,
+    db_path: Optional[str] = None,
+) -> Dict[str, Any]:
+    if not db_path:
+        return {"ok": True, "items": [], "count": 0}
+
+    rows = list_canonical_events(
+        db_path=db_path,
+        limit=limit,
+        tenant_id=tenant_id,
+        source_type=source,
+        host=host,
+        service=service,
+        severity=severity,
+    )
+    items = [_canonical_event_from_row(row) for row in rows]
+    return {"ok": True, "items": items, "count": len(items)}
+
+
+@app.get("/sources", dependencies=[Depends(_require_api_token)])
+def get_sources(
+    limit: int = Query(default=DEFAULT_SOURCES_LIMIT, ge=1),
+    db_path: Optional[str] = None,
+) -> Dict[str, Any]:
+    return {"ok": True, "items": get_source_dimension_summaries(db_path=db_path, limit=limit)}
+
+
+@app.get("/sources/status", dependencies=[Depends(_require_api_token)])
+def get_sources_status(
+    limit: int = Query(default=DEFAULT_SOURCES_STATUS_LIMIT, ge=1),
+    tenant_id: Optional[str] = None,
+    source_type: Optional[str] = None,
+    source_id: Optional[str] = None,
+    source_path: Optional[str] = None,
+    db_path: Optional[str] = None,
+) -> Dict[str, Any]:
+    items = get_source_status_summaries(
+        db_path=db_path,
+        limit=limit,
+        tenant_id=tenant_id,
+        source_type=source_type,
+        source_id=source_id,
+        source_path=source_path,
+    )
+    return {"ok": True, "items": items, "count": len(items)}
+
+
+@app.get("/failures/{raw_envelope_id}", dependencies=[Depends(_require_api_token)])
+def get_failure(raw_envelope_id: int, db_path: Optional[str] = None) -> Dict[str, Any]:
+    row = get_raw_envelope_by_id(raw_envelope_id, db_path=db_path)
+    if row is None:
+        raise HTTPException(status_code=404, detail="raw envelope not found")
+    return {"ok": True, "item": _raw_envelope_from_row(row)}
+
+
 @app.get("/healthz")
-def healthz() -> Dict[str, str]:
-    return JSONResponse(content={"ok": True, "status": "ok"})
+def healthz() -> Dict[str, Any]:
+    return _status_payload()
+
+
+@app.get("/runtime")
+def runtime() -> Dict[str, Any]:
+    return {"ok": True, "runtime": _runtime_summary()}
+
+
+@app.get("/status")
+def status() -> Dict[str, Any]:
+    return _status_payload()

package/brainstem/config.py

@@ -0,0 +1,70 @@
+from __future__ import annotations
+
+import os
+from dataclasses import asdict, dataclass
+from pathlib import Path
+from typing import Any, Dict
+
+
+def resolve_default_db_path() -> str:
+    configured_db_path = os.getenv("BRAINSTEM_DB_PATH", "").strip()
+    if configured_db_path:
+        return configured_db_path
+    return str(Path(".brainstem-state") / "brainstem.sqlite3")
+
+
+@dataclass(frozen=True)
+class ListenerConfig:
+    syslog_host: str = "127.0.0.1"
+    syslog_port: int = 5514
+    syslog_source_path: str = "/dev/udp"
+    syslog_socket_timeout: float = 0.5
+    ingest_threshold: int = 2
+
+
+@dataclass(frozen=True)
+class RuntimeDefaults:
+    ingest_threshold: int = 2
+    batch_threshold: int = 2
+    interesting_limit: int = 5
+    failure_limit: int = 20
+    ingest_recent_limit: int = 20
+    sources_limit: int = 10
+    sources_status_limit: int = 20
+    replay_threshold: int = 2
+
+
+@dataclass(frozen=True)
+class RuntimeLimits:
+    replay_raw_max_ids: int = 32
+    status_filter_limit: int = 20
+    replay_allowed_statuses: tuple[str, ...] = ("received", "parse_failed")
+
+
+@dataclass(frozen=True)
+class DBConfig:
+    default_path: str
+
+
+@dataclass(frozen=True)
+class RuntimeConfig:
+    api_token_env_var: str = "BRAINSTEM_API_TOKEN"
+    listener: ListenerConfig = ListenerConfig()
+    defaults: RuntimeDefaults = RuntimeDefaults()
+    limits: RuntimeLimits = RuntimeLimits()
+    db: DBConfig = DBConfig(default_path=resolve_default_db_path())
+
+    def as_dict(self) -> Dict[str, Any]:
+        return {
+            "api_token_env_var": self.api_token_env_var,
+            "listener": asdict(self.listener),
+            "defaults": asdict(self.defaults),
+            "limits": asdict(self.limits),
+            "db": asdict(self.db),
+        }
+
+
+def get_runtime_config() -> RuntimeConfig:
+    return RuntimeConfig(
+        db=DBConfig(default_path=resolve_default_db_path()),
+    )