window — callers fall back to their own default or skip the token-based
trigger.
+
+
providers
+
array
+
Unified-mode synthesis input (Decision S5): a high-level,
+backend-agnostic list of inference providers the synthesizer expands
+into Llama Stack provider entries. Lives at the configuration root so it
+survives a future backend change. A non-empty list signals unified mode.
+Empty (the default) leaves legacy/remote modes unaffected. The sibling
+default_model / default_provider keep their query-time routing meaning
+and are independent of this list.
+
JsonPathOperator
@@ -1253,6 +1264,18 @@
LlamaStackConfiguration
If enabled, Lightspeed Core can be started even when Llama Stack is
not accessible (valid for server mode only)
+
+
config
+
+
Backend-specific knobs for unified mode, where LCORE synthesizes the
+Llama Stack run.yaml instead of reading an external file. Holds the
+baseline selector, an optional profile path, and a raw native_override
+escape hatch. Backend-agnostic high-level sections
+(e.g. inference.providers) live at the configuration root, not here.
+Mutually exclusive with library_client_config_path; that cross-field
+check lives on the root Configuration model. When set in library mode,
+library_client_config_path is not required.
+
ModelContextProtocolServer
@@ -2054,6 +2077,117 @@
TrustedProxyServiceAccount
+
UnifiedInferenceProvider
+
A high-level inference provider entry for unified-mode synthesis.
+
Operators describe inference providers at this high level
+(backend-agnostic vocabulary) instead of authoring raw Llama Stack
+provider blocks. The synthesizer
+(apply_high_level_inference) expands each entry into a
+Llama Stack providers.inference entry, mapping
+type to a provider_type and emitting
+${env.<VAR>} references for secrets (never literal
+values).
+
Attributes: type: Canonical provider identifier. Vendor-neutral so it
+survives a future backend change; each backend-specific synthesizer maps
+it to its own provider vocabulary. api_key_env: Name of the environment
+variable holding the provider API key. Emitted verbatim as
+${env.<name>} so the secret never lands on disk
+resolved. allowed_models: Optional allow-list of model identifiers
+passed through to the synthesized provider config. extra: Additional
+provider-config keys merged verbatim into the synthesized provider’s
+config block — an escape hatch for provider-specific knobs
+not modeled here.
+
+
+
+
+
+
+
+
+
Field
+
Type
+
Description
+
+
+
+
+
type
+
string
+
Canonical, backend-agnostic provider identifier mapped to a Llama
+Stack provider_type by the synthesizer.
+
+
+
api_key_env
+
string
+
Name of the environment variable holding the provider API key.
+Emitted as a ${env.name} reference so the secret is never written to
+disk in resolved form.
+
+
+
allowed_models
+
array
+
Optional allow-list of model identifiers for this provider.
+
+
+
extra
+
object
+
Additional provider-config keys merged verbatim into the synthesized
+provider’s config block.
+
+
+
+
UnifiedLlamaStackConfig
+
Backend-specific knobs for unified-mode Llama Stack synthesis.
+
Per Decision S5 of the design spike, backend-agnostic high-level
+sections (inference, …) live at the configuration root, not here. This
+block holds only the Llama-Stack-specific synthesis controls: which
+baseline to start from, an optional profile file, and a raw
+native_override escape hatch.
+
Attributes: baseline: Synthesis starting point. “default” begins from
+LCORE’s built-in baseline (src/data/default_run.yaml); “empty” begins
+from an empty dict (used by the migration tool for an exact round-trip).
+Ignored when profile is set. profile: Optional path to a
+user-authored run.yaml-shaped file used as the synthesis baseline.
+Relative paths resolve against the directory of the loaded
+lightspeed-stack.yaml. native_override: Raw Llama Stack schema
+deep-merged last (maps merge recursively, lists and scalars replace).
+The escape hatch for anything the high-level sections do not
+express.
+
+
+
+
+
+
+
+
+
Field
+
Type
+
Description
+
+
+
+
+
baseline
+
string
+
Synthesis starting point: ‘default’ uses LCORE’s built-in baseline,
+‘empty’ starts from {}. Ignored when ‘profile’ is set.
+
+
+
profile
+
string
+
Path to a run.yaml-shaped baseline file. Relative paths resolve
+against the directory of the loaded lightspeed-stack.yaml.
+
+
+
native_override
+
object
+
Raw Llama Stack schema deep-merged last (maps merge recursively;
+lists and scalars replace).
+
+
+
UserDataCollection
User data collection configuration.
diff --git a/docs/config.json b/docs/config.json
index 9e24cc0d8..b55b901af 100644
--- a/docs/config.json
+++ b/docs/config.json
@@ -888,6 +888,14 @@
"description": "Map of fully-qualified model identifier (e.g., \"openai/gpt-4o-mini\") to context window size in tokens. Used by the conversation compaction trigger to decide when older turns must be summarized before the input exceeds the window. Models absent from this map have no registered window — callers fall back to their own default or skip the token-based trigger.",
"title": "Per-model context window sizes (tokens)",
"type": "object"
+ },
+ "providers": {
+ "description": "Unified-mode synthesis input (Decision S5): a high-level, backend-agnostic list of inference providers the synthesizer expands into Llama Stack provider entries. Lives at the configuration root so it survives a future backend change. A non-empty list signals unified mode. Empty (the default) leaves legacy/remote modes unaffected. The sibling default_model / default_provider keep their query-time routing meaning and are independent of this list.",
+ "items": {
+ "$ref": "#/components/schemas/UnifiedInferenceProvider"
+ },
+ "title": "High-level inference providers",
+ "type": "array"
}
},
"title": "InferenceConfiguration",
@@ -1056,6 +1064,19 @@
"default": false,
"description": "If enabled, Lightspeed Core can be started even when Llama Stack is not accessible (valid for server mode only)",
"title": "Allow degraded mode"
+ },
+ "config": {
+ "anyOf": [
+ {
+ "$ref": "#/components/schemas/UnifiedLlamaStackConfig"
+ },
+ {
+ "type": "null"
+ }
+ ],
+ "default": null,
+ "description": "Backend-specific knobs for unified mode, where LCORE synthesizes the Llama Stack run.yaml instead of reading an external file. Holds the baseline selector, an optional profile path, and a raw native_override escape hatch. Backend-agnostic high-level sections (e.g. inference.providers) live at the configuration root, not here. Mutually exclusive with library_client_config_path; that cross-field check lives on the root Configuration model. When set in library mode, library_client_config_path is not required.",
+ "title": "Unified Llama Stack configuration"
}
},
"title": "LlamaStackConfiguration",
@@ -1682,6 +1703,82 @@
"title": "TrustedProxyServiceAccount",
"type": "object"
},
+ "UnifiedInferenceProvider": {
+ "additionalProperties": false,
+ "description": "A high-level inference provider entry for unified-mode synthesis.\n\nOperators describe inference providers at this high level (backend-agnostic\nvocabulary) instead of authoring raw Llama Stack provider blocks. The\nsynthesizer (`apply_high_level_inference`) expands each entry into a Llama\nStack `providers.inference` entry, mapping `type` to a `provider_type` and\nemitting `${env.}` references for secrets (never literal values).\n\nAttributes:\n type: Canonical provider identifier. Vendor-neutral so it survives a\n future backend change; each backend-specific synthesizer maps it to\n its own provider vocabulary.\n api_key_env: Name of the environment variable holding the provider API\n key. Emitted verbatim as `${env.}` so the secret never lands\n on disk resolved.\n allowed_models: Optional allow-list of model identifiers passed through\n to the synthesized provider config.\n extra: Additional provider-config keys merged verbatim into the\n synthesized provider's `config` block — an escape hatch for\n provider-specific knobs not modeled here.",
+ "properties": {
+ "type": {
+ "description": "Canonical, backend-agnostic provider identifier mapped to a Llama Stack provider_type by the synthesizer.",
+ "enum": [
+ "openai",
+ "sentence_transformers",
+ "azure",
+ "vertexai",
+ "watsonx",
+ "vllm_rhaiis",
+ "vllm_rhel_ai"
+ ],
+ "title": "Provider type",
+ "type": "string"
+ },
+ "api_key_env": {
+ "type": "string",
+ "nullable": true,
+ "default": null,
+ "description": "Name of the environment variable holding the provider API key. Emitted as a ${env.} reference so the secret is never written to disk in resolved form.",
+ "title": "API key environment variable"
+ },
+ "allowed_models": {
+ "type": "array",
+ "nullable": true,
+ "default": null,
+ "description": "Optional allow-list of model identifiers for this provider.",
+ "title": "Allowed models"
+ },
+ "extra": {
+ "additionalProperties": true,
+ "description": "Additional provider-config keys merged verbatim into the synthesized provider's config block.",
+ "title": "Extra provider config",
+ "type": "object"
+ }
+ },
+ "required": [
+ "type"
+ ],
+ "title": "UnifiedInferenceProvider",
+ "type": "object"
+ },
+ "UnifiedLlamaStackConfig": {
+ "additionalProperties": false,
+ "description": "Backend-specific knobs for unified-mode Llama Stack synthesis.\n\nPer Decision S5 of the design spike, backend-agnostic high-level sections\n(inference, ...) live at the configuration root, not here. This block holds\nonly the Llama-Stack-specific synthesis controls: which baseline to start\nfrom, an optional profile file, and a raw native_override escape hatch.\n\nAttributes:\n baseline: Synthesis starting point. \"default\" begins from LCORE's\n built-in baseline (src/data/default_run.yaml); \"empty\" begins from\n an empty dict (used by the migration tool for an exact round-trip).\n Ignored when `profile` is set.\n profile: Optional path to a user-authored run.yaml-shaped file used as\n the synthesis baseline. Relative paths resolve against the directory\n of the loaded lightspeed-stack.yaml.\n native_override: Raw Llama Stack schema deep-merged last (maps merge\n recursively, lists and scalars replace). The escape hatch for\n anything the high-level sections do not express.",
+ "properties": {
+ "baseline": {
+ "default": "default",
+ "description": "Synthesis starting point: 'default' uses LCORE's built-in baseline, 'empty' starts from {}. Ignored when 'profile' is set.",
+ "enum": [
+ "default",
+ "empty"
+ ],
+ "title": "Baseline selector",
+ "type": "string"
+ },
+ "profile": {
+ "type": "string",
+ "nullable": true,
+ "default": null,
+ "description": "Path to a run.yaml-shaped baseline file. Relative paths resolve against the directory of the loaded lightspeed-stack.yaml.",
+ "title": "Profile path"
+ },
+ "native_override": {
+ "additionalProperties": true,
+ "description": "Raw Llama Stack schema deep-merged last (maps merge recursively; lists and scalars replace).",
+ "title": "Native override",
+ "type": "object"
+ }
+ },
+ "title": "UnifiedLlamaStackConfig",
+ "type": "object"
+ },
"UserDataCollection": {
"additionalProperties": false,
"description": "User data collection configuration.",
diff --git a/docs/config.md b/docs/config.md
index ad74e4f21..e7ebc5f90 100644
--- a/docs/config.md
+++ b/docs/config.md
@@ -147,20 +147,20 @@ Microsoft Entra ID authentication attributes for Azure.
BYOK (Bring Your Own Knowledge) RAG configuration.
-| Field | Type | Description |
-|---------------------|---------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| rag_id | string | Unique RAG ID |
-| rag_type | string | Type of RAG database (e.g. 'inline::faiss', 'remote::pgvector'). |
-| embedding_model | string | Embedding model identification |
-| embedding_dimension | integer | Dimensionality of embedding vectors. |
-| vector_db_id | string | Vector database identification. |
-| db_path | string | Path to RAG database. Required for inline::faiss. |
-| score_multiplier | number | Multiplier applied to relevance scores from this vector store. Used to weight results when querying multiple knowledge sources. Values > 1 boost this store's results; values < 1 reduce them. |
-| host | string | PostgreSQL host for remote::pgvector. Defaults to ${env.POSTGRES_HOST} when rag_type is remote::pgvector. |
-| port | string | PostgreSQL port for remote::pgvector. Defaults to ${env.POSTGRES_PORT} when rag_type is remote::pgvector. |
-| db | string | PostgreSQL database name for remote::pgvector. Defaults to ${env.POSTGRES_DATABASE} when rag_type is remote::pgvector. |
-| user | string | PostgreSQL user for remote::pgvector. Defaults to ${env.POSTGRES_USER} when rag_type is remote::pgvector. |
-| password | string | PostgreSQL password for remote::pgvector. Defaults to ${env.POSTGRES_PASSWORD} when rag_type is remote::pgvector. |
+| Field | Type | Description |
+|---------------------|---------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| rag_id | string | Unique RAG ID |
+| rag_type | string | Type of RAG database (e.g. 'inline::faiss', 'remote::pgvector'). |
+| embedding_model | string | Embedding model identification |
+| embedding_dimension | integer | Dimensionality of embedding vectors. |
+| vector_db_id | string | Vector database identification. |
+| db_path | string | Path to RAG database. Required for inline::faiss. |
+| score_multiplier | number | Multiplier applied to relevance scores from this vector store. Used to weight results when querying multiple knowledge sources. Values > 1 boost this store's results; values <; 1 reduce them. |
+| host | string | PostgreSQL host for remote::pgvector. Defaults to ${env.POSTGRES_HOST} when rag_type is remote::pgvector. |
+| port | string | PostgreSQL port for remote::pgvector. Defaults to ${env.POSTGRES_PORT} when rag_type is remote::pgvector. |
+| db | string | PostgreSQL database name for remote::pgvector. Defaults to ${env.POSTGRES_DATABASE} when rag_type is remote::pgvector. |
+| user | string | PostgreSQL user for remote::pgvector. Defaults to ${env.POSTGRES_USER} when rag_type is remote::pgvector. |
+| password | string | PostgreSQL password for remote::pgvector. Defaults to ${env.POSTGRES_PASSWORD} when rag_type is remote::pgvector. |
## CORSConfiguration
@@ -332,11 +332,12 @@ In-memory cache configuration.
Inference configuration.
-| Field | Type | Description |
-|------------------|--------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| default_model | string | Identification of default model used when no other model is specified. |
-| default_provider | string | Identification of default provider used when no other model is specified. |
-| context_windows | object | Map of fully-qualified model identifier (e.g., "openai/gpt-4o-mini") to context window size in tokens. Used by the conversation compaction trigger to decide when older turns must be summarized before the input exceeds the window. Models absent from this map have no registered window — callers fall back to their own default or skip the token-based trigger. |
+| Field | Type | Description |
+|------------------|--------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| default_model | string | Identification of default model used when no other model is specified. |
+| default_provider | string | Identification of default provider used when no other model is specified. |
+| context_windows | object | Map of fully-qualified model identifier (e.g., "openai/gpt-4o-mini") to context window size in tokens. Used by the conversation compaction trigger to decide when older turns must be summarized before the input exceeds the window. Models absent from this map have no registered window — callers fall back to their own default or skip the token-based trigger. |
+| providers | array | Unified-mode synthesis input (Decision S5): a high-level, backend-agnostic list of inference providers the synthesizer expands into Llama Stack provider entries. Lives at the configuration root so it survives a future backend change. A non-empty list signals unified mode. Empty (the default) leaves legacy/remote modes unaffected. The sibling default_model / default_provider keep their query-time routing meaning and are independent of this list. |
## JsonPathOperator
@@ -428,16 +429,17 @@ Useful resources:
- [Build AI Applications with Llama Stack](https://llamastack.github.io/)
-| Field | Type | Description |
-|----------------------------|---------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| url | string | URL to Llama Stack service; used when library mode is disabled. Must be a valid HTTP or HTTPS URL. |
-| api_key | string | API key to access Llama Stack service |
-| use_as_library_client | boolean | When set to true Llama Stack will be used in library mode, not in server mode (default) |
-| library_client_config_path | string | Path to configuration file used when Llama Stack is run in library mode |
-| timeout | integer | Timeout in seconds for requests to Llama Stack service. Default is 180 seconds (3 minutes) to accommodate long-running RAG queries. |
-| max_retries | integer | Maximum number of connection attempts before giving up. Used on startup to connect to Llama Stack and retrieve its version. Connection attempts are retried with a fixed delay to handle the case where Llama Stack is still starting up (e.g., when running as a sidecar in the same pod). |
-| retry_delay | integer | Delay in seconds between retry attempts. Used on startup to connect to Llama Stack and retrieve its version. Connection attempts are retried with a fixed delay to handle the case where Llama Stack is still starting up (e.g., when running as a sidecar in the same pod). |
-| allow_degraded_mode | boolean | If enabled, Lightspeed Core can be started even when Llama Stack is not accessible (valid for server mode only) |
+| Field | Type | Description |
+|----------------------------|---------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| url | string | URL to Llama Stack service; used when library mode is disabled. Must be a valid HTTP or HTTPS URL. |
+| api_key | string | API key to access Llama Stack service |
+| use_as_library_client | boolean | When set to true Llama Stack will be used in library mode, not in server mode (default) |
+| library_client_config_path | string | Path to configuration file used when Llama Stack is run in library mode |
+| timeout | integer | Timeout in seconds for requests to Llama Stack service. Default is 180 seconds (3 minutes) to accommodate long-running RAG queries. |
+| max_retries | integer | Maximum number of connection attempts before giving up. Used on startup to connect to Llama Stack and retrieve its version. Connection attempts are retried with a fixed delay to handle the case where Llama Stack is still starting up (e.g., when running as a sidecar in the same pod). |
+| retry_delay | integer | Delay in seconds between retry attempts. Used on startup to connect to Llama Stack and retrieve its version. Connection attempts are retried with a fixed delay to handle the case where Llama Stack is still starting up (e.g., when running as a sidecar in the same pod). |
+| allow_degraded_mode | boolean | If enabled, Lightspeed Core can be started even when Llama Stack is not accessible (valid for server mode only) |
+| config | | Backend-specific knobs for unified mode, where LCORE synthesizes the Llama Stack run.yaml instead of reading an external file. Holds the baseline selector, an optional profile path, and a raw native_override escape hatch. Backend-agnostic high-level sections (e.g. inference.providers) live at the configuration root, not here. Mutually exclusive with library_client_config_path; that cross-field check lives on the root Configuration model. When set in library mode, library_client_config_path is not required. |
## ModelContextProtocolServer
@@ -775,6 +777,69 @@ A Kubernetes ServiceAccount identity for trusted-proxy allowlist.
| name | string | Name of the Kubernetes ServiceAccount. |
+## UnifiedInferenceProvider
+
+
+A high-level inference provider entry for unified-mode synthesis.
+
+Operators describe inference providers at this high level (backend-agnostic
+vocabulary) instead of authoring raw Llama Stack provider blocks. The
+synthesizer (`apply_high_level_inference`) expands each entry into a Llama
+Stack `providers.inference` entry, mapping `type` to a `provider_type` and
+emitting `${env.}` references for secrets (never literal values).
+
+Attributes:
+ type: Canonical provider identifier. Vendor-neutral so it survives a
+ future backend change; each backend-specific synthesizer maps it to
+ its own provider vocabulary.
+ api_key_env: Name of the environment variable holding the provider API
+ key. Emitted verbatim as `${env.}` so the secret never lands
+ on disk resolved.
+ allowed_models: Optional allow-list of model identifiers passed through
+ to the synthesized provider config.
+ extra: Additional provider-config keys merged verbatim into the
+ synthesized provider's `config` block — an escape hatch for
+ provider-specific knobs not modeled here.
+
+
+| Field | Type | Description |
+|----------------|--------|--------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| type | string | Canonical, backend-agnostic provider identifier mapped to a Llama Stack provider_type by the synthesizer. |
+| api_key_env | string | Name of the environment variable holding the provider API key. Emitted as a ${env.} reference so the secret is never written to disk in resolved form. |
+| allowed_models | array | Optional allow-list of model identifiers for this provider. |
+| extra | object | Additional provider-config keys merged verbatim into the synthesized provider's config block. |
+
+
+## UnifiedLlamaStackConfig
+
+
+Backend-specific knobs for unified-mode Llama Stack synthesis.
+
+Per Decision S5 of the design spike, backend-agnostic high-level sections
+(inference, ...) live at the configuration root, not here. This block holds
+only the Llama-Stack-specific synthesis controls: which baseline to start
+from, an optional profile file, and a raw native_override escape hatch.
+
+Attributes:
+ baseline: Synthesis starting point. "default" begins from LCORE's
+ built-in baseline (src/data/default_run.yaml); "empty" begins from
+ an empty dict (used by the migration tool for an exact round-trip).
+ Ignored when `profile` is set.
+ profile: Optional path to a user-authored run.yaml-shaped file used as
+ the synthesis baseline. Relative paths resolve against the directory
+ of the loaded lightspeed-stack.yaml.
+ native_override: Raw Llama Stack schema deep-merged last (maps merge
+ recursively, lists and scalars replace). The escape hatch for
+ anything the high-level sections do not express.
+
+
+| Field | Type | Description |
+|-----------------|--------|----------------------------------------------------------------------------------------------------------------------------|
+| baseline | string | Synthesis starting point: 'default' uses LCORE's built-in baseline, 'empty' starts from {}. Ignored when 'profile' is set. |
+| profile | string | Path to a run.yaml-shaped baseline file. Relative paths resolve against the directory of the loaded lightspeed-stack.yaml. |
+| native_override | object | Raw Llama Stack schema deep-merged last (maps merge recursively; lists and scalars replace). |
+
+
## UserDataCollection
diff --git a/docs/config.png b/docs/config.png
index 4e9c71970..7efdb6562 100644
Binary files a/docs/config.png and b/docs/config.png differ
diff --git a/docs/config.puml b/docs/config.puml
index 433d5d1d3..430742af8 100644
--- a/docs/config.puml
+++ b/docs/config.puml
@@ -1,118 +1,119 @@
@startuml classes
set namespaceSeparator none
class "A2AStateConfiguration" as src.models.config.A2AStateConfiguration {
- config : Optional[SQLiteDatabaseConfiguration | PostgreSQLDatabaseConfiguration]
+ config
postgres : Optional[PostgreSQLDatabaseConfiguration]
sqlite : Optional[SQLiteDatabaseConfiguration]
- storage_type : Literal['memory', 'sqlite', 'postgres']
+ storage_type
check_a2a_state_configuration() -> Self
}
class "APIKeyTokenConfiguration" as src.models.config.APIKeyTokenConfiguration {
- api_key : Optional[SecretStr]
+ api_key : SecretStr
}
class "AccessRule" as src.models.config.AccessRule {
- actions : Optional[list[Action]]
- role : Optional[str]
+ actions : list[Action]
+ role : str
}
class "Action" as src.models.config.Action {
name
}
class "ApprovalFilter" as src.models.config.ApprovalFilter {
- always : Optional[list[str]]
- never : Optional[list[str]]
+ always : list[str]
+ never : list[str]
validate_no_overlap() -> Self
}
class "ApprovalsConfiguration" as src.models.config.ApprovalsConfiguration {
- approval_retention_days : Optional[PositiveInt]
- approval_timeout_seconds : Optional[PositiveInt]
+ approval_retention_days
+ approval_timeout_seconds
}
class "AuthenticationConfiguration" as src.models.config.AuthenticationConfiguration {
api_key_config : Optional[APIKeyTokenConfiguration]
- api_key_configuration : APIKeyTokenConfiguration
+ api_key_configuration
jwk_config : Optional[JwkConfiguration]
- jwk_configuration : JwkConfiguration
+ jwk_configuration
k8s_ca_cert_path : Optional[FilePath]
k8s_cluster_api : Optional[AnyHttpUrl]
module : str
rh_identity_config : Optional[RHIdentityConfiguration]
- rh_identity_configuration : RHIdentityConfiguration
- skip_for_health_probes : Optional[bool]
- skip_for_metrics : Optional[bool]
+ rh_identity_configuration
+ skip_for_health_probes : bool
+ skip_for_metrics : bool
skip_tls_verification : bool
trusted_proxy_config : Optional[TrustedProxyConfiguration]
- trusted_proxy_configuration : TrustedProxyConfiguration
+ trusted_proxy_configuration
check_authentication_model() -> Self
}
class "AuthorizationConfiguration" as src.models.config.AuthorizationConfiguration {
- access_rules : Optional[list[AccessRule]]
+ access_rules : list[AccessRule]
}
class "AzureEntraIdConfiguration" as src.models.config.AzureEntraIdConfiguration {
client_id : SecretStr
client_secret : SecretStr
- scope : Optional[str]
+ scope : str
tenant_id : SecretStr
}
class "ByokRag" as src.models.config.ByokRag {
db : Optional[str]
db_path : Optional[str]
- embedding_dimension : Optional[PositiveInt]
- embedding_model : Optional[str]
+ embedding_dimension
+ embedding_model : str
host : Optional[str]
password : Optional[SecretStr]
port : Optional[str]
- rag_id : Optional[str]
- rag_type : Optional[str]
- score_multiplier : Optional[float]
+ rag_id : str
+ rag_type : str
+ score_multiplier : float
user : Optional[str]
- vector_db_id : Optional[str]
+ vector_db_id : str
validate_rag_type_fields() -> Self
}
class "CORSConfiguration" as src.models.config.CORSConfiguration {
- allow_credentials : Optional[bool]
- allow_headers : Optional[list[str]]
- allow_methods : Optional[list[str]]
- allow_origins : Optional[list[str]]
+ allow_credentials : bool
+ allow_headers : list[str]
+ allow_methods : list[str]
+ allow_origins : list[str]
check_cors_configuration() -> Self
}
class "CompactionConfiguration" as src.models.config.CompactionConfiguration {
- buffer_max_ratio : Optional[float]
- buffer_turns : Optional[NonNegativeInt]
- enabled : Optional[bool]
- threshold_ratio : Optional[float]
- token_floor : Optional[NonNegativeInt]
+ buffer_max_ratio : float
+ buffer_turns
+ enabled : bool
+ threshold_ratio : float
+ token_floor
}
class "Configuration" as src.models.config.Configuration {
- a2a_state : Optional[A2AStateConfiguration]
- approvals : Optional[ApprovalsConfiguration]
- authentication : Optional[AuthenticationConfiguration]
+ a2a_state
+ approvals
+ authentication
authorization : Optional[AuthorizationConfiguration]
azure_entra_id : Optional[AzureEntraIdConfiguration]
- byok_rag : Optional[list[ByokRag]]
- compaction : Optional[CompactionConfiguration]
- conversation_cache : Optional[ConversationHistoryConfiguration]
+ byok_rag : list[ByokRag]
+ compaction
+ conversation_cache
customization : Optional[Customization]
- database : Optional[DatabaseConfiguration]
- deployment_environment : Optional[str]
- inference : Optional[InferenceConfiguration]
- llama_stack : Optional[LlamaStackConfiguration]
- mcp_servers : Optional[list[ModelContextProtocolServer]]
- name : Optional[str]
- okp : Optional[OkpConfiguration]
- quota_handlers : Optional[QuotaHandlersConfiguration]
- rag : Optional[RagConfiguration]
- reranker : Optional[RerankerConfiguration]
- rlsapi_v1 : Optional[RlsapiV1Configuration]
- service : Optional[ServiceConfiguration]
+ database
+ deployment_environment : str
+ inference
+ llama_stack
+ mcp_servers : list[ModelContextProtocolServer]
+ name : str
+ okp
+ quota_handlers
+ rag
+ reranker
+ rlsapi_v1
+ service
skills : Optional[SkillsConfiguration]
splunk : Optional[SplunkConfiguration]
- user_data_collection : Optional[UserDataCollection]
+ user_data_collection
+ check_unified_vs_legacy() -> Self
dump(filename: str | Path) -> None
validate_mcp_auth_headers() -> Self
validate_reranker_auto_enable() -> Self
validate_rlsapi_v1_quota_configuration() -> Self
}
class "ConfigurationBase" as src.models.config.ConfigurationBase {
- model_config : ConfigDict
+ model_config
}
class "ConversationHistoryConfiguration" as src.models.config.ConversationHistoryConfiguration {
memory : Optional[InMemoryCacheConfig]
@@ -122,8 +123,8 @@ class "ConversationHistoryConfiguration" as src.models.config.ConversationHistor
check_cache_configuration() -> Self
}
class "CustomProfile" as src.models.config.CustomProfile {
- path : Optional[str]
- prompts : Optional[dict[str, str]]
+ path : str
+ prompts : dict[str, str]
get_prompts() -> dict[str, str]
}
class "Customization" as src.models.config.Customization {
@@ -138,40 +139,41 @@ class "Customization" as src.models.config.Customization {
check_customization_model() -> Self
}
class "DatabaseConfiguration" as src.models.config.DatabaseConfiguration {
- config : SQLiteDatabaseConfiguration | PostgreSQLDatabaseConfiguration
- db_type : Literal['sqlite', 'postgres']
+ config
+ db_type
postgres : Optional[PostgreSQLDatabaseConfiguration]
sqlite : Optional[SQLiteDatabaseConfiguration]
check_database_configuration() -> Self
}
class "InMemoryCacheConfig" as src.models.config.InMemoryCacheConfig {
- max_entries : Optional[PositiveInt]
+ max_entries
}
class "InferenceConfiguration" as src.models.config.InferenceConfiguration {
- context_windows : Optional[dict[str, PositiveInt]]
+ context_windows : dict[str, PositiveInt]
default_model : Optional[str]
default_provider : Optional[str]
+ providers : list[UnifiedInferenceProvider]
check_default_model_and_provider() -> Self
}
class "JsonPathOperator" as src.models.config.JsonPathOperator {
name
}
class "JwkConfiguration" as src.models.config.JwkConfiguration {
- jwt_configuration : Optional[JwtConfiguration]
- url : Optional[AnyHttpUrl]
+ jwt_configuration
+ url
}
class "JwtConfiguration" as src.models.config.JwtConfiguration {
- role_rules : Optional[list[JwtRoleRule]]
- user_id_claim : Optional[str]
- username_claim : Optional[str]
+ role_rules : list[JwtRoleRule]
+ user_id_claim : str
+ username_claim : str
}
class "JwtRoleRule" as src.models.config.JwtRoleRule {
- compiled_regex : Optional[Pattern[str]]
- jsonpath : Optional[str]
- negate : Optional[bool]
- operator : Optional[JsonPathOperator]
- roles : Optional[list[str]]
- value : Optional[Any]
+ compiled_regex
+ jsonpath : str
+ negate : bool
+ operator
+ roles : list[str]
+ value : Any
check_jsonpath() -> Self
check_regex_pattern() -> Self
check_roles() -> Self
@@ -179,107 +181,108 @@ class "JwtRoleRule" as src.models.config.JwtRoleRule {
class "LlamaStackConfiguration" as src.models.config.LlamaStackConfiguration {
allow_degraded_mode : Optional[bool]
api_key : Optional[SecretStr]
+ config : Optional['UnifiedLlamaStackConfig']
library_client_config_path : Optional[str]
- max_retries : Optional[PositiveInt]
- retry_delay : Optional[PositiveInt]
- timeout : Optional[PositiveInt]
+ max_retries
+ retry_delay
+ timeout
url : Optional[AnyHttpUrl]
use_as_library_client : Optional[bool]
check_llama_stack_model() -> Self
}
class "ModelContextProtocolServer" as src.models.config.ModelContextProtocolServer {
- authorization_headers : Optional[dict[str, str]]
- headers : Optional[list[str]]
- name : Optional[str]
- provider_id : Optional[str]
- require_approval : Optional[Literal['always', 'never'] | ApprovalFilter]
- resolved_authorization_headers : dict[str, str]
+ authorization_headers : dict[str, str]
+ headers : list[str]
+ name : str
+ provider_id : str
+ require_approval : Literal['always', 'never'] | ApprovalFilter
+ resolved_authorization_headers
timeout : Optional[PositiveInt]
- url : Optional[str]
+ url : str
resolve_auth_headers() -> Self
validate_headers(value: list[str]) -> list[str]
}
class "OkpConfiguration" as src.models.config.OkpConfiguration {
chunk_filter_query : Optional[str]
- offline : Optional[bool]
+ offline : bool
rhokp_url : Optional[AnyHttpUrl]
}
class "PostgreSQLDatabaseConfiguration" as src.models.config.PostgreSQLDatabaseConfiguration {
ca_cert_path : Optional[FilePath]
- db : Optional[str]
- gss_encmode : Optional[Literal['disable', 'prefer', 'require']]
- host : Optional[str]
+ db : str
+ gss_encmode : Literal['disable', 'prefer', 'require']
+ host : str
namespace : Optional[str]
- password : Optional[SecretStr]
- port : Optional[PositiveInt]
- ssl_mode : Optional[Literal['disable', 'allow', 'prefer', 'require', 'verify-ca', 'verify-full']]
- user : Optional[str]
+ password : SecretStr
+ port
+ ssl_mode : Literal['disable', 'allow', 'prefer', 'require', 'verify-ca', 'verify-full']
+ user : str
check_postgres_configuration() -> Self
}
class "QuotaHandlersConfiguration" as src.models.config.QuotaHandlersConfiguration {
- enable_token_history : Optional[bool]
- limiters : Optional[list[QuotaLimiterConfiguration]]
+ enable_token_history : bool
+ limiters : list[QuotaLimiterConfiguration]
postgres : Optional[PostgreSQLDatabaseConfiguration]
- scheduler : Optional[QuotaSchedulerConfiguration]
+ scheduler
sqlite : Optional[SQLiteDatabaseConfiguration]
}
class "QuotaLimiterConfiguration" as src.models.config.QuotaLimiterConfiguration {
- initial_quota : Optional[NonNegativeInt]
- name : Optional[str]
- period : Optional[str]
- quota_increase : Optional[NonNegativeInt]
- type : Optional[Literal['user_limiter', 'cluster_limiter']]
+ initial_quota
+ name : str
+ period : str
+ quota_increase
+ type : Literal['user_limiter', 'cluster_limiter']
}
class "QuotaSchedulerConfiguration" as src.models.config.QuotaSchedulerConfiguration {
- database_reconnection_count : Optional[PositiveInt]
- database_reconnection_delay : Optional[PositiveInt]
- period : Optional[PositiveInt]
+ database_reconnection_count
+ database_reconnection_delay
+ period
}
class "RHIdentityConfiguration" as src.models.config.RHIdentityConfiguration {
- max_header_size : Optional[PositiveInt]
+ max_header_size
required_entitlements : Optional[list[str]]
}
class "RagConfiguration" as src.models.config.RagConfiguration {
- inline : Optional[list[str]]
- tool : Optional[list[str]]
+ inline : list[str]
+ tool : list[str]
}
class "RerankerConfiguration" as src.models.config.RerankerConfiguration {
- enabled : Optional[bool]
- model : Optional[str]
+ enabled : bool
+ model : str
mark_as_explicitly_configured() -> Self
}
class "RlsapiV1Configuration" as src.models.config.RlsapiV1Configuration {
- allow_verbose_infer : Optional[bool]
+ allow_verbose_infer : bool
quota_subject : Optional[Literal['user_id', 'org_id', 'system_id']]
}
class "SQLiteDatabaseConfiguration" as src.models.config.SQLiteDatabaseConfiguration {
- db_path : Optional[str]
+ db_path : str
}
class "ServiceConfiguration" as src.models.config.ServiceConfiguration {
- access_log : Optional[bool]
- auth_enabled : Optional[bool]
+ access_log : bool
+ auth_enabled : bool
base_url : Optional[str]
- color_log : Optional[bool]
- cors : Optional[CORSConfiguration]
- host : Optional[str]
- port : Optional[PositiveInt]
- root_path : Optional[str]
- tls_config : Optional[TLSConfiguration]
- workers : Optional[PositiveInt]
+ color_log : bool
+ cors
+ host : str
+ port
+ root_path : str
+ tls_config
+ workers
check_service_configuration() -> Self
validate_root_path(value: str) -> str
}
class "SkillsConfiguration" as src.models.config.SkillsConfiguration {
- paths : Optional[list[Path]]
+ paths : list[Path]
}
class "SplunkConfiguration" as src.models.config.SplunkConfiguration {
- enabled : Optional[bool]
+ enabled : bool
index : Optional[str]
- source : Optional[str]
- timeout : Optional[PositiveInt]
+ source : str
+ timeout
token_path : Optional[FilePath]
url : Optional[str]
- verify_ssl : Optional[bool]
+ verify_ssl : bool
check_splunk_configuration() -> Self
}
class "TLSConfiguration" as src.models.config.TLSConfiguration {
@@ -290,16 +293,27 @@ class "TLSConfiguration" as src.models.config.TLSConfiguration {
}
class "TrustedProxyConfiguration" as src.models.config.TrustedProxyConfiguration {
allowed_service_accounts : Optional[list[TrustedProxyServiceAccount]]
- user_header : Optional[str]
+ user_header : str
}
class "TrustedProxyServiceAccount" as src.models.config.TrustedProxyServiceAccount {
- name : Optional[str]
- namespace : Optional[str]
+ name : str
+ namespace : str
+}
+class "UnifiedInferenceProvider" as src.models.config.UnifiedInferenceProvider {
+ allowed_models : Optional[list[str]]
+ api_key_env : Optional[str]
+ extra : dict[str, object]
+ type : Literal['openai', 'sentence_transformers', 'azure', 'vertexai', 'watsonx', 'vllm_rhaiis', 'vllm_rhel_ai']
+}
+class "UnifiedLlamaStackConfig" as src.models.config.UnifiedLlamaStackConfig {
+ baseline : Literal['default', 'empty']
+ native_override : dict[str, object]
+ profile : Optional[str]
}
class "UserDataCollection" as src.models.config.UserDataCollection {
- feedback_enabled : Optional[bool]
+ feedback_enabled : bool
feedback_storage : Optional[str]
- transcripts_enabled : Optional[bool]
+ transcripts_enabled : bool
transcripts_storage : Optional[str]
check_storage_location_is_set_when_needed() -> Self
}
@@ -341,7 +355,29 @@ src.models.config.SplunkConfiguration --|> src.models.config.ConfigurationBase
src.models.config.TLSConfiguration --|> src.models.config.ConfigurationBase
src.models.config.TrustedProxyConfiguration --|> src.models.config.ConfigurationBase
src.models.config.TrustedProxyServiceAccount --|> src.models.config.ConfigurationBase
+src.models.config.UnifiedInferenceProvider --|> src.models.config.ConfigurationBase
+src.models.config.UnifiedLlamaStackConfig --|> src.models.config.ConfigurationBase
src.models.config.UserDataCollection --|> src.models.config.ConfigurationBase
+src.models.config.A2AStateConfiguration --* src.models.config.Configuration : a2a_state
+src.models.config.ApprovalsConfiguration --* src.models.config.Configuration : approvals
+src.models.config.AuthenticationConfiguration --* src.models.config.Configuration : authentication
+src.models.config.CORSConfiguration --* src.models.config.ServiceConfiguration : cors
+src.models.config.CompactionConfiguration --* src.models.config.Configuration : compaction
+src.models.config.ConversationHistoryConfiguration --* src.models.config.Configuration : conversation_cache
src.models.config.CustomProfile --* src.models.config.Customization : custom_profile
+src.models.config.DatabaseConfiguration --* src.models.config.Configuration : database
+src.models.config.InferenceConfiguration --* src.models.config.Configuration : inference
+src.models.config.JsonPathOperator --* src.models.config.JwtRoleRule : operator
+src.models.config.JwtConfiguration --* src.models.config.JwkConfiguration : jwt_configuration
+src.models.config.LlamaStackConfiguration --* src.models.config.Configuration : llama_stack
+src.models.config.OkpConfiguration --* src.models.config.Configuration : okp
+src.models.config.QuotaHandlersConfiguration --* src.models.config.Configuration : quota_handlers
+src.models.config.QuotaSchedulerConfiguration --* src.models.config.QuotaHandlersConfiguration : scheduler
+src.models.config.RagConfiguration --* src.models.config.Configuration : rag
+src.models.config.RerankerConfiguration --* src.models.config.Configuration : reranker
+src.models.config.RlsapiV1Configuration --* src.models.config.Configuration : rlsapi_v1
src.models.config.SQLiteDatabaseConfiguration --* src.models.config.DatabaseConfiguration : sqlite
+src.models.config.ServiceConfiguration --* src.models.config.Configuration : service
+src.models.config.TLSConfiguration --* src.models.config.ServiceConfiguration : tls_config
+src.models.config.UserDataCollection --* src.models.config.Configuration : user_data_collection
@enduml
diff --git a/docs/config.svg b/docs/config.svg
index 901bfd949..f39cabe7d 100644
--- a/docs/config.svg
+++ b/docs/config.svg
@@ -1,818 +1,976 @@
-