mirror of
https://github.com/OpenHands/OpenHands.git
synced 2025-12-26 05:48:36 +08:00
ad024b3e3e
Adds support for enterprise LLM gateways through TOML configuration files,
enabling OpenHands CLI usage in corporate environments with custom API
management solutions.
Features:
- Load gateway configuration from TOML file via --gateway-config flag
- Support for environment variable OPENHANDS_GATEWAY_CONFIG
- Environment variable expansion in config values (${ENV:VAR_NAME})
- Comprehensive example configuration file with documentation
- Clean separation from interactive setup flow
Implementation:
- Added gateway_config.py module for loading and parsing TOML configs
- Thread gateway config through CLI entry to agent initialization
- Apply gateway settings when creating LLM instance
- Update tests to handle new gateway_config_path parameter
- Remove interactive gateway setup to keep UI simple
This enables enterprise customers to configure:
- OAuth2/token authentication with identity providers
- Custom headers for routing and authorization
- Request body parameters for compliance/monitoring
- All without impacting the standard user experience
Note: Requires openhands-sdk>=1.0.0a6 once the SDK PR is merged.
Currently set to >=1.0.0a4 for compatibility.
54 lines
2.1 KiB
TOML
54 lines
2.1 KiB
TOML
# Enterprise Gateway Configuration Example for OpenHands CLI
|
|
# Configure OpenHands to work with enterprise LLM gateways
|
|
#
|
|
# Usage:
|
|
# 1. Copy this file and customize it.
|
|
# 2. Reference secrets with ${ENV:VAR_NAME} syntax.
|
|
# 3. Run: openhands --gateway-config /path/to/your-config.toml
|
|
# or export OPENHANDS_GATEWAY_CONFIG=/path/to/your-config.toml and run openhands
|
|
|
|
# Optional provider name for logging/debugging.
|
|
gateway_provider = "custom"
|
|
|
|
# === Identity Provider Configuration ===
|
|
# Remove this section entirely if the gateway does not require token exchange.
|
|
gateway_auth_url = "https://identity.example.com/oauth2/token"
|
|
gateway_auth_method = "POST"
|
|
gateway_auth_token_path = "access_token" # Required if using identity provider (dot notation supported)
|
|
gateway_auth_expires_in_path = "expires_in" # Optional; remove if response lacks expiry
|
|
gateway_auth_token_ttl = 3600 # Optional fallback (seconds). Remove for default (300s).
|
|
gateway_auth_verify_ssl = true # Set to false only for local/self-signed testing
|
|
|
|
[gateway_auth_headers]
|
|
# Headers sent to the identity provider. Remove if not needed.
|
|
Content-Type = "application/json"
|
|
X-Client-Id = "${ENV:GATEWAY_CLIENT_ID}"
|
|
X-Client-Secret = "${ENV:GATEWAY_CLIENT_SECRET}"
|
|
|
|
[gateway_auth_body]
|
|
# Request body for the identity provider. Remove if not needed.
|
|
grant_type = "client_credentials"
|
|
audience = "llm-gateway"
|
|
scope = "llm:access"
|
|
|
|
# === Gateway Request Configuration ===
|
|
gateway_token_header = "Authorization" # Optional. Remove to use default ("Authorization")
|
|
gateway_token_prefix = "Bearer " # Optional. Remove for no prefix
|
|
|
|
[custom_headers]
|
|
# Headers added to every LLM request. Remove entries you do not need.
|
|
X-Gateway-Context = "openhands-cli"
|
|
X-Request-Priority = "normal"
|
|
X-Tenant-Id = "${ENV:TENANT_ID}"
|
|
|
|
[extra_body_params] # Optional JSON body additions merged into the request payload.
|
|
|
|
[extra_body_params.metadata]
|
|
source = "cli"
|
|
version = "1.0"
|
|
user = "${ENV:USER}"
|
|
|
|
[extra_body_params.gateway_options]
|
|
retry_on_failure = true
|
|
timeout_seconds = 30
|