Skip to content

chore(gateway): align config_schema.json with config DTOs #1812

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
irvingouj@Devolutions (irvingoujAtDevolution) wants to merge 3 commits into
base: master
Choose a base branch
from
Open

chore(gateway): align config_schema.json with config DTOs #1812

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
04f3420
chore(gateway): align config_schema.json with config DTOs
irvingoujAtDevolution Jun 2, 2026
c42aadc
fix(gateway): address config schema review comments
irvingoujAtDevolution Jun 2, 2026
252cc5b
Potential fix for pull request finding
CBenoit Jun 3, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
157 changes: 145 additions & 12 deletions config_schema.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,10 @@
"$ref": "#/definitions/CertStoreLocation",
"description": "Location of the System Certificate Store to use for TLS."
},
"TlsVerifyStrict": {
"type": "boolean",
"description": "Enables strict TLS certificate verification (SAN presence and serverAuth EKU). If unset, the runtime default is false (compat mode); explicitly setting false is treated as an opt-out."
},
Comment thread
irvingoujAtDevolution marked this conversation as resolved.
Comment thread
CBenoit marked this conversation as resolved.
"CredSspCertificateFile": {
"type": "string",
"description": "Path to the certificate to use for CredSSP credential injection (overrides TLS certificate)."
Expand Down Expand Up @@ -92,6 +96,11 @@
"type": "string",
"description": "Path to the recordings folder."
},
"MinRecordingStorageFreeSpace": {
"type": "integer",
"minimum": 0,
"description": "Minimum free space (in bytes) on the recording storage volume below which the gateway returns HTTP 507 on recording push. Omit to skip this threshold check."
},
Comment thread
irvingoujAtDevolution marked this conversation as resolved.
"Ngrok": {
"$ref": "#/definitions/NgrokConf",
"description": "JSON object describing the ngrok configuration for ingress listeners."
Expand Down Expand Up @@ -127,14 +136,24 @@
},
"description": "Array of plugin paths."
},
"JobQueueDatabase": {
"type": "string",
"description": "(Unstable) Path to the SQLite database file for the job queue."
},
"TrafficAuditDatabase": {
"type": "string",
"description": "(Unstable) Path to the SQLite database file for the traffic audit repository."
},
"AgentTunnel": {
"$ref": "#/definitions/AgentTunnelConf",
"description": "(Unstable) QUIC-based agent tunnel configuration."
},
"__debug__": {
"$ref": "#/definitions/DebugConf",
"description": "Debug configuration."
}
},
"required": [
"Listeners"
],
"required": [],
"additionalProperties": true,
"definitions": {
"ConfDataPubKeyFormat": {
Expand Down Expand Up @@ -335,7 +354,7 @@
{
"type": "object",
"properties": {
"proto": {
"Proto": {
"type": "string",
"enum": [
"tcp"
Expand Down Expand Up @@ -368,15 +387,15 @@
}
},
"required": [
"proto",
"Proto",
"RemoteAddr"
],
"additionalProperties": false
},
{
"type": "object",
"properties": {
"proto": {
"Proto": {
"type": "string",
"enum": [
"http"
Expand Down Expand Up @@ -417,7 +436,7 @@
}
},
"required": [
"proto",
"Proto",
"Domain"
],
"additionalProperties": false
Expand Down Expand Up @@ -517,23 +536,23 @@
"$ref": "#/definitions/OllamaProviderConf",
"description": "Ollama provider configuration."
},
"LmStudio": {
"Lmstudio": {
"$ref": "#/definitions/LmStudioProviderConf",
"description": "LM Studio provider configuration."
},
"Anthropic": {
"$ref": "#/definitions/AnthropicProviderConf",
"description": "Anthropic AI provider configuration."
},
"OpenAi": {
"Openai": {
"$ref": "#/definitions/OpenAiProviderConf",
"description": "OpenAI provider configuration."
},
"OpenRouter": {
"Openrouter": {
"$ref": "#/definitions/OpenRouterProviderConf",
"description": "OpenRouter provider configuration."
},
"AzureOpenAi": {
"AzureOpenai": {
"$ref": "#/definitions/AzureOpenAiProviderConf",
"description": "Azure OpenAI provider configuration."
}
Expand Down Expand Up @@ -707,6 +726,16 @@
"type": "string",
"description": "Path to lib XMF files."
},
"ws_keep_alive_interval": {
"type": "integer",
"minimum": 0,
"default": 45,
"description": "WebSocket keep-alive interval in seconds (interval before a Ping is sent). Default is 45."
},
Comment thread
irvingoujAtDevolution marked this conversation as resolved.
"kerberos": {
"$ref": "#/definitions/KerberosConfig",
"description": "Kerberos application server configuration, used only during RDP proxying."
},
"enable_unstable": {
"type": "boolean",
"default": false,
Expand All @@ -718,6 +747,110 @@
"TargetAddr": {
"type": "string",
"description": "Target address."
},
"AgentTunnelConf": {
"type": "object",
"properties": {
"Enabled": {
"type": "boolean",
"default": false,
"description": "Whether the agent tunnel listener is enabled."
},
"ListenPort": {
"type": "integer",
"minimum": 0,
"maximum": 65535,
"default": 4433,
"description": "UDP port for the QUIC listener (default: 4433)."
}
Comment thread
irvingoujAtDevolution marked this conversation as resolved.
},
"additionalProperties": false
},
"KerberosConfig": {
"type": "object",
"properties": {
"kerberos_server": {
"$ref": "#/definitions/KerberosServer",
"description": "Kerberos server and KDC configuration."
},
"kdc_url": {
"type": "string",
"format": "uri",
"description": "Real KDC address for the Kerberos proxy client."
}
},
"required": [
"kerberos_server"
],
"additionalProperties": false
},
"KerberosServer": {
"type": "object",
"properties": {
"users": {
"type": "array",
"items": {
"$ref": "#/definitions/DomainUser"
},
"description": "User credentials inside the fake KDC."
},
"max_time_skew": {
"type": "integer",
"minimum": 0,
"description": "Maximum allowed time difference (in seconds) between client and proxy clocks."
},
Comment thread
irvingoujAtDevolution marked this conversation as resolved.
"krbtgt_key": {
"type": "array",
"items": {
"type": "integer",
"minimum": 0,
"maximum": 255
},
"description": "krbtgt service key bytes, used to encrypt/decrypt TGT tickets."
},
"ticket_decryption_key": {
"type": "array",
"items": {
"type": "integer",
"minimum": 0,
"maximum": 255
},
"description": "Ticket decryption key bytes, used to decrypt the TGS ticket sent by the client. Required unless using Kerberos U2U authentication."
},
"service_user": {
"$ref": "#/definitions/DomainUser",
"description": "Domain user credentials for Kerberos U2U authentication. Only needed for U2U."
}
},
"required": [
"users",
"max_time_skew",
"krbtgt_key"
],
"additionalProperties": false
},
"DomainUser": {
"type": "object",
"properties": {
"fqdn": {
"type": "string",
"description": "Username in FQDN format (e.g. \"pw13@example.com\"). The domain part must match the internal KDC realm."
},
"password": {
"type": "string",
"description": "User password."
},
"salt": {
"type": "string",
"description": "Salt for generating the user's key (usually {REALM}{username}, e.g. \"EXAMPLEpw13\")."
}
},
"required": [
"fqdn",
"password",
"salt"
],
"additionalProperties": false
}
}
}
}
Loading