enya-agent 0.1.0

package/crates/enact-config/src/config.rs

@@ -0,0 +1,399 @@
+//! Configuration Types - Core configuration structure
+//!
+//! This module defines the configuration structure that matches the TypeScript schema.
+//! It's kept in sync with packages/enact-schemas/src/config.schemas.ts
+
+use serde::{Deserialize, Serialize};
+
+/// Runtime mode
+#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize, Default)]
+pub enum RuntimeMode {
+    #[default]
+    #[serde(rename = "local")]
+    Local,
+    #[serde(rename = "airgapped")]
+    AirGapped,
+    #[serde(rename = "cloud")]
+    Cloud,
+}
+
+impl RuntimeMode {
+    /// Parse a runtime mode string into the enum (defaults to Local)
+    pub fn from_str(value: &str) -> Self {
+        match value.to_ascii_lowercase().as_str() {
+            "airgapped" => RuntimeMode::AirGapped,
+            "cloud" => RuntimeMode::Cloud,
+            _ => RuntimeMode::Local,
+        }
+    }
+}
+
+
+impl ToString for RuntimeMode {
+    fn to_string(&self) -> String {
+        match self {
+            RuntimeMode::Local => "local".to_string(),
+            RuntimeMode::AirGapped => "airgapped".to_string(),
+            RuntimeMode::Cloud => "cloud".to_string(),
+        }
+    }
+}
+
+/// Provider configuration
+#[derive(Debug, Clone, Serialize, Deserialize, Default, PartialEq)]
+pub struct Providers {
+    pub azure: Option<AzureProvider>,
+    pub anthropic: Option<AnthropicProvider>,
+    pub openai: Option<OpenAIProvider>,
+    pub ollama: Option<OllamaProvider>,
+    pub google: Option<GoogleProvider>,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
+pub struct AzureProvider {
+    pub endpoint: Option<String>,
+    pub api_key: Option<String>,
+    pub deployment_name: Option<String>,
+    #[serde(default = "default_api_version")]
+    pub api_version: String,
+}
+
+fn default_api_version() -> String {
+    "2024-02-15-preview".to_string()
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
+pub struct AnthropicProvider {
+    pub api_key: Option<String>,
+    #[serde(default = "default_anthropic_base_url")]
+    pub base_url: String,
+}
+
+fn default_anthropic_base_url() -> String {
+    "https://api.anthropic.com".to_string()
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
+pub struct OpenAIProvider {
+    pub api_key: Option<String>,
+    #[serde(default = "default_openai_base_url")]
+    pub base_url: String,
+    pub organization: Option<String>,
+}
+
+fn default_openai_base_url() -> String {
+    "https://api.openai.com/v1".to_string()
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
+pub struct OllamaProvider {
+    #[serde(default = "default_ollama_base_url")]
+    pub base_url: String,
+}
+
+fn default_ollama_base_url() -> String {
+    "http://localhost:11434".to_string()
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
+pub struct GoogleProvider {
+    pub api_key: Option<String>,
+    #[serde(default = "default_google_base_url")]
+    pub base_url: String,
+}
+
+fn default_google_base_url() -> String {
+    "https://generativelanguage.googleapis.com/v1".to_string()
+}
+
+/// Runtime configuration
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
+pub struct Runtime {
+    #[serde(default)]
+    pub mode: RuntimeMode,
+    #[serde(default = "default_max_concurrent")]
+    pub max_concurrent_executions: u32,
+    #[serde(default = "default_timeout")]
+    pub default_timeout: u64,
+    #[serde(default = "default_true")]
+    pub enable_telemetry: bool,
+    #[serde(default = "default_true")]
+    pub allow_network: bool,
+}
+
+fn default_max_concurrent() -> u32 {
+    10
+}
+
+fn default_timeout() -> u64 {
+    30000
+}
+
+fn default_true() -> bool {
+    true
+}
+
+impl Default for Runtime {
+    fn default() -> Self {
+        Self {
+            mode: RuntimeMode::Local,
+            max_concurrent_executions: 10,
+            default_timeout: 30000,
+            enable_telemetry: true,
+            allow_network: true,
+        }
+    }
+}
+
+/// Storage configuration
+#[derive(Debug, Clone, Serialize, Deserialize, Default, PartialEq)]
+pub struct Storage {
+    #[serde(default = "default_event_store")]
+    pub event_store: EventStore,
+    #[serde(default = "default_state_store")]
+    pub state_store: StateStore,
+    #[serde(default = "default_filesystem_store")]
+    pub artifact_store: ArtifactStore,
+    #[serde(default = "default_sqlite_vector_store")]
+    pub vector_store: VectorStore,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
+pub struct EventStore {
+    #[serde(default = "default_sqlite")]
+    pub r#type: String,
+    pub path: Option<String>,
+    pub dsn: Option<String>,
+}
+
+fn default_sqlite() -> String {
+    "sqlite".to_string()
+}
+
+impl Default for EventStore {
+    fn default() -> Self {
+        Self {
+            r#type: "sqlite".to_string(),
+            path: None,
+            dsn: None,
+        }
+    }
+}
+
+fn default_event_store() -> EventStore {
+    EventStore::default()
+}
+
+impl Default for StateStore {
+    fn default() -> Self {
+        Self {
+            r#type: "sqlite".to_string(),
+            path: None,
+            dsn: None,
+        }
+    }
+}
+
+fn default_state_store() -> StateStore {
+    StateStore::default()
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
+pub struct StateStore {
+    #[serde(default = "default_sqlite")]
+    pub r#type: String,
+    pub path: Option<String>,
+    pub dsn: Option<String>,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
+pub struct ArtifactStore {
+    #[serde(default = "default_filesystem")]
+    pub r#type: String,
+    pub path: Option<String>,
+    #[serde(default = "default_zstd")]
+    pub compression: String,
+}
+
+fn default_filesystem() -> String {
+    "filesystem".to_string()
+}
+
+fn default_zstd() -> String {
+    "zstd".to_string()
+}
+
+impl Default for ArtifactStore {
+    fn default() -> Self {
+        Self {
+            r#type: "filesystem".to_string(),
+            path: None,
+            compression: "zstd".to_string(),
+        }
+    }
+}
+
+fn default_filesystem_store() -> ArtifactStore {
+    ArtifactStore::default()
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
+pub struct VectorStore {
+    #[serde(default = "default_sqlite")]
+    pub r#type: String,
+    pub url: Option<String>,
+    pub collection: Option<String>,
+    pub path: Option<String>,
+    pub dsn: Option<String>,
+}
+
+impl Default for VectorStore {
+    fn default() -> Self {
+        Self {
+            r#type: "sqlite".to_string(),
+            url: None,
+            collection: None,
+            path: None,
+            dsn: None,
+        }
+    }
+}
+
+fn default_sqlite_vector_store() -> VectorStore {
+    VectorStore::default()
+}
+
+/// Tools configuration
+#[derive(Debug, Clone, Serialize, Deserialize, Default, PartialEq)]
+pub struct Tools {
+    #[serde(default)]
+    pub ingestion: IngestionTools,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, Default, PartialEq)]
+pub struct IngestionTools {
+    #[serde(default = "default_pdf")]
+    pub pdf: PdfIngestion,
+    #[serde(default = "default_ocr")]
+    pub ocr: OcrIngestion,
+    #[serde(default = "default_embeddings")]
+    pub embeddings: EmbeddingsIngestion,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
+pub struct PdfIngestion {
+    #[serde(default = "default_pdfium")]
+    pub engine: String,
+}
+
+impl Default for PdfIngestion {
+    fn default() -> Self {
+        Self {
+            engine: "pdfium".to_string(),
+        }
+    }
+}
+
+fn default_pdfium() -> String {
+    "pdfium".to_string()
+}
+
+fn default_pdf() -> PdfIngestion {
+    PdfIngestion {
+        engine: "pdfium".to_string(),
+    }
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
+pub struct OcrIngestion {
+    #[serde(default = "default_tesseract")]
+    pub engine: String,
+    #[serde(default = "default_languages")]
+    pub languages: Vec<String>,
+}
+
+impl Default for OcrIngestion {
+    fn default() -> Self {
+        Self {
+            engine: "tesseract".to_string(),
+            languages: vec!["eng".to_string()],
+        }
+    }
+}
+
+fn default_tesseract() -> String {
+    "tesseract".to_string()
+}
+
+fn default_languages() -> Vec<String> {
+    vec!["eng".to_string()]
+}
+
+fn default_ocr() -> OcrIngestion {
+    OcrIngestion {
+        engine: "tesseract".to_string(),
+        languages: vec!["eng".to_string()],
+    }
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
+pub struct EmbeddingsIngestion {
+    #[serde(default = "default_fastembed")]
+    pub engine: String,
+    pub model: Option<String>,
+}
+
+impl Default for EmbeddingsIngestion {
+    fn default() -> Self {
+        Self {
+            engine: "fastembed".to_string(),
+            model: None,
+        }
+    }
+}
+
+fn default_fastembed() -> String {
+    "fastembed".to_string()
+}
+
+fn default_embeddings() -> EmbeddingsIngestion {
+    EmbeddingsIngestion {
+        engine: "fastembed".to_string(),
+        model: None,
+    }
+}
+
+/// Cloud configuration
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
+pub struct Cloud {
+    pub api_url: Option<String>,
+    pub tenant_id: Option<String>,
+    #[serde(default)]
+    pub auto_sync: bool,
+}
+
+/// Main configuration structure
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
+pub struct Config {
+    #[serde(default)]
+    pub providers: Providers,
+    #[serde(default)]
+    pub runtime: Runtime,
+    #[serde(default)]
+    pub storage: Storage,
+    #[serde(default)]
+    pub tools: Tools,
+    pub cloud: Option<Cloud>,
+}
+
+impl Default for Config {
+    fn default() -> Self {
+        Self {
+            providers: Providers::default(),
+            runtime: Runtime::default(),
+            storage: Storage::default(),
+            tools: Tools::default(),
+            cloud: None,
+        }
+    }
+}

package/crates/enact-config/src/encrypted_store.rs

@@ -0,0 +1,211 @@
+//! Encrypted File Storage - Secure storage for non-sensitive settings
+//!
+//! Stores configuration in an encrypted file using AES-256-GCM.
+//! The encryption key is derived from environment variables.
+
+use aes_gcm::{
+    aead::{Aead, AeadCore, KeyInit, OsRng},
+    Aes256Gcm, Key, Nonce,
+};
+use anyhow::{Context, Result};
+use serde::{Deserialize, Serialize};
+use std::{
+    fs,
+    path::{Path, PathBuf},
+};
+use tracing::debug;
+
+use crate::secrets::SecretManager;
+
+const ENCRYPTION_KEY_NAME: &str = "enact.config.encryption_key";
+const NONCE_SIZE: usize = 12; // 96 bits for GCM
+
+/// Encrypted configuration store
+pub struct EncryptedStore {
+    config_path: PathBuf,
+    secrets: SecretManager,
+}
+
+#[derive(Debug, Serialize, Deserialize)]
+struct EncryptedData {
+    nonce: Vec<u8>,
+    ciphertext: Vec<u8>,
+}
+
+impl EncryptedStore {
+    /// Create a new encrypted store
+    ///
+    /// # Arguments
+    /// * `config_path` - Path to the encrypted config file
+    pub fn new(config_path: impl AsRef<Path>) -> Result<Self> {
+        // Always use SecretManager
+        let secrets = SecretManager::new();
+        Self::with_secrets(config_path, secrets)
+    }
+
+    /// Create a new encrypted store with a specific secret manager
+    ///
+    /// # Arguments
+    /// * `config_path` - Path to the encrypted config file
+    /// * `secrets` - Secret manager to use
+    pub fn with_secrets(config_path: impl AsRef<Path>, secrets: SecretManager) -> Result<Self> {
+        let config_path = config_path.as_ref().to_path_buf();
+
+        // Ensure parent directory exists
+        if let Some(parent) = config_path.parent() {
+            fs::create_dir_all(parent).context("Failed to create config directory")?;
+        }
+
+        Ok(Self {
+            config_path,
+            secrets,
+        })
+    }
+
+    /// Get or create the encryption key
+    fn get_encryption_key(&self) -> Result<Key<Aes256Gcm>> {
+        // Try to get existing key from environment
+        if let Some(key_str) = self.secrets.get(ENCRYPTION_KEY_NAME)? {
+            // Decode hex string to key
+            let key_bytes = hex::decode(&key_str).context("Failed to decode encryption key")?;
+            if key_bytes.len() == 32 {
+                return Ok(*Key::<Aes256Gcm>::from_slice(&key_bytes));
+            }
+        }
+
+        // Generate new key if not found
+        // Since we can't persist it to .env automatically, we must warn the user
+        let key = Aes256Gcm::generate_key(&mut OsRng);
+        let key_hex = hex::encode(key.as_slice());
+
+        // Try to store in secrets (works if mock store, fails/warns if .env)
+        if let Err(_) = self.secrets.set(ENCRYPTION_KEY_NAME, &key_hex) {
+            eprintln!("⚠️  WARNING: No encryption key found in environment.");
+            eprintln!("   Generated temporary key: {}", key_hex);
+            eprintln!(
+                "   Set ENACT_CONFIG_ENCRYPTION_KEY={} in your .env file to persist configuration.",
+                key_hex
+            );
+        } else {
+            debug!("Generated and stored new encryption key (mock)");
+        }
+
+        debug!("Using generated encryption key");
+        Ok(key)
+    }
+
+    /// Encrypt and store configuration
+    ///
+    /// # Arguments
+    /// * `config` - The configuration to store (as JSON string)
+    pub fn save(&self, config: &str) -> Result<()> {
+        let key = self.get_encryption_key()?;
+        let cipher = Aes256Gcm::new(&key);
+
+        // Generate nonce
+        let nonce = Aes256Gcm::generate_nonce(&mut OsRng);
+
+        // Encrypt
+        let ciphertext = cipher
+            .encrypt(&nonce, config.as_bytes())
+            .map_err(|_| anyhow::anyhow!("Failed to encrypt configuration"))?;
+
+        // Store encrypted data
+        let encrypted_data = EncryptedData {
+            nonce: nonce.to_vec(),
+            ciphertext,
+        };
+
+        let json = serde_json::to_string_pretty(&encrypted_data)
+            .context("Failed to serialize encrypted data")?;
+
+        fs::write(&self.config_path, json).context("Failed to write encrypted config file")?;
+
+        debug!("Saved encrypted configuration to {:?}", self.config_path);
+        Ok(())
+    }
+
+    /// Load and decrypt configuration
+    ///
+    /// # Returns
+    /// * `Ok(Some(config))` if the config exists and was decrypted successfully
+    /// * `Ok(None)` if the config file doesn't exist
+    /// * `Err` if there was an error reading or decrypting
+    pub fn load(&self) -> Result<Option<String>> {
+        if !self.config_path.exists() {
+            debug!("Config file does not exist: {:?}", self.config_path);
+            return Ok(None);
+        }
+
+        let json = fs::read_to_string(&self.config_path)
+            .context("Failed to read encrypted config file")?;
+
+        let encrypted_data: EncryptedData =
+            serde_json::from_str(&json).context("Failed to parse encrypted config file")?;
+
+        let key = self.get_encryption_key()?;
+        let cipher = Aes256Gcm::new(&key);
+
+        // Reconstruct nonce
+        if encrypted_data.nonce.len() != NONCE_SIZE {
+            return Err(anyhow::anyhow!("Invalid nonce size"));
+        }
+        let nonce = Nonce::from_slice(&encrypted_data.nonce);
+
+        // Decrypt
+        let plaintext = cipher
+            .decrypt(nonce, encrypted_data.ciphertext.as_ref())
+            .map_err(|_| {
+                anyhow::anyhow!(
+                    "Failed to decrypt configuration - Check your ENACT_CONFIG_ENCRYPTION_KEY"
+                )
+            })?;
+
+        let config = String::from_utf8(plaintext)
+            .context("Failed to decode decrypted configuration as UTF-8")?;
+
+        debug!("Loaded encrypted configuration from {:?}", self.config_path);
+        Ok(Some(config))
+    }
+
+    /// Get the config file path
+    pub fn config_path(&self) -> &Path {
+        &self.config_path
+    }
+}
+
+/// Get the default config file path for the current platform
+pub fn default_config_path() -> Result<PathBuf> {
+    let config_dir = dirs::config_dir()
+        .or_else(|| dirs::home_dir().map(|h| h.join(".config")))
+        .context("Failed to determine config directory")?;
+
+    Ok(config_dir.join("enact").join("config.encrypted"))
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use tempfile::TempDir;
+
+    #[test]
+    fn test_encrypted_store() {
+        let temp_dir = TempDir::new().unwrap();
+        let config_path = temp_dir.path().join("test_config.encrypted");
+        // Use mock secrets for test to avoid stderr clutter and ensure key storage
+        let secrets = SecretManager::new_mock();
+        let store = EncryptedStore::with_secrets(&config_path, secrets).unwrap();
+
+        // Test save and load
+        let test_config = r#"{"test": "value", "number": 42}"#;
+        store.save(test_config).unwrap();
+
+        let loaded = store.load().unwrap();
+        assert_eq!(loaded, Some(test_config.to_string()));
+
+        // Test that it's actually encrypted
+        let file_contents = fs::read_to_string(&config_path).unwrap();
+        assert!(!file_contents.contains("test"));
+        assert!(!file_contents.contains("value"));
+    }
+}