Refactored to maintain a separate cloud version

Moves 12 packages from internal/ to pkg/ (config, id, validate, events, db, auth, lifecycle, scheduler, channels, audit, service) so they can be imported by the enterprise repo as a Go module dependency. Introduces pkg/cpextension (shared Extension interface + ServerContext) and pkg/cpserver (Run() entrypoint with functional options) so the enterprise main.go can call cpserver.Run(cpserver.WithExtensions(...)) without duplicating the 20-step server bootstrap. Adds db/migrations/embed.go for go:embed access to OSS SQL migrations from the enterprise module. cmd/control-plane/main.go is reduced to a 10-line wrapper around cpserver.Run.
2026-04-15 21:41:48 +06:00
parent 11d746dcfc
commit a5ad3731f2
113 changed files with 1137 additions and 543 deletions
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@ -0,0 +1,70 @@
+package config
+
+import (
+	"encoding/hex"
+	"os"
+
+	"github.com/joho/godotenv"
+)
+
+// Config holds the control plane configuration.
+type Config struct {
+	DatabaseURL string
+	RedisURL    string
+	ListenAddr  string
+	JWTSecret   string
+
+	// mTLS — CP→Agent channel. Both must be set to enable mTLS; omitting either
+	// disables cert issuance and leaves agent connections on plain HTTP (dev mode).
+	CACert string // WRENN_CA_CERT — PEM-encoded internal CA certificate
+	CAKey  string // WRENN_CA_KEY  — PEM-encoded internal CA private key
+
+	OAuthGitHubClientID     string
+	OAuthGitHubClientSecret string
+	OAuthRedirectURL        string
+	CPPublicURL             string
+
+	// Channels — encryption for channel secrets (AES-256-GCM).
+	EncryptionKeyHex string   // WRENN_ENCRYPTION_KEY raw hex string (for validation)
+	EncryptionKey    [32]byte // parsed 32-byte key
+}
+
+// Load reads configuration from a .env file (if present) and environment variables.
+// Real environment variables take precedence over .env values.
+func Load() Config {
+	// Best-effort load — missing .env file is fine.
+	_ = godotenv.Load()
+
+	cfg := Config{
+		DatabaseURL: envOrDefault("DATABASE_URL", "postgres://wrenn:wrenn@localhost:5432/wrenn?sslmode=disable"),
+		RedisURL:    envOrDefault("REDIS_URL", "redis://localhost:6379/0"),
+		ListenAddr:  envOrDefault("WRENN_CP_LISTEN_ADDR", ":8080"),
+		JWTSecret:   os.Getenv("JWT_SECRET"),
+
+		CACert: os.Getenv("WRENN_CA_CERT"),
+		CAKey:  os.Getenv("WRENN_CA_KEY"),
+
+		OAuthGitHubClientID:     os.Getenv("OAUTH_GITHUB_CLIENT_ID"),
+		OAuthGitHubClientSecret: os.Getenv("OAUTH_GITHUB_CLIENT_SECRET"),
+		OAuthRedirectURL:        envOrDefault("OAUTH_REDIRECT_URL", "https://app.wrenn.dev"),
+		CPPublicURL:             os.Getenv("CP_PUBLIC_URL"),
+
+		EncryptionKeyHex: os.Getenv("WRENN_ENCRYPTION_KEY"),
+	}
+
+	if cfg.EncryptionKeyHex != "" {
+		b, err := hex.DecodeString(cfg.EncryptionKeyHex)
+		if err == nil && len(b) == 32 {
+			copy(cfg.EncryptionKey[:], b)
+		}
+	}
+
+	return cfg
+}
+
+func envOrDefault(key, def string) string {
+	if v := os.Getenv(key); v != "" {
+		return v
+	}
+	return def
+}