团子
4c6271a21a
- CF Worker with shared/personal scope layering - Python CLI client (cfg) with sync/get/set/list/delete - Agent registration script - Auth via bearer token, sha256 hash lookup
1.8 KiB
1.8 KiB
Config Service
Layered KV config store with scope-based override. Built on Cloudflare Workers + KV.
Concept
Like git config's system → global → local layering:
- shared — team-wide config (e.g.
CF_ACCOUNT_ID,AWS_REGION) - personal — per-agent overrides (e.g.
GITEA_TOKEN,GH_TOKEN)
Read: personal wins over shared. Write: must specify scope.
Auth
Each agent has a token. The service stores sha256(token) → agent_id mappings.
Agents can read/write their own personal scope and read (but not write) the shared scope.
Shared scope writes require an admin token.
API
GET /config/:key → returns personal value, fallback to shared
GET /config?scope=shared → list all shared keys
GET /config?scope=personal → list all personal keys
PUT /config/:key → write to personal scope (default)
PUT /config/:key?scope=shared → write to shared scope (admin only)
DELETE /config/:key → delete from personal scope
DELETE /config/:key?scope=shared → delete from shared (admin only)
POST /config/sync → returns all resolved keys (personal over shared)
Auth header: Authorization: Bearer <token>
Storage Layout (KV)
auth:<sha256(token)> → { "agent_id": "tuanzi", "role": "agent|admin" }
shared:<key> → { "value": "...", "updated_at": "..." }
personal:<agent_id>:<key> → { "value": "...", "updated_at": "..." }
CLI
cfg get <KEY> # read (personal > shared)
cfg set <KEY> <VALUE> # write to personal
cfg set --shared <KEY> <VALUE> # write to shared (admin)
cfg list # list all resolved
cfg list --scope shared # list shared only
cfg sync # sync all to local cache
cfg delete <KEY> # delete from personal