Merge branch 'main' into query-referenced-docs

Author: thoraxe

README.md

@@ -15,46 +15,49 @@ The service includes comprehensive user data collection capabilities for various
 
 <!-- vim-markdown-toc GFM -->
 
-* [lightspeed-stack](#lightspeed-stack)
-  * [About The Project](#about-the-project)
 * [Architecture](#architecture)
 * [Prerequisites](#prerequisites)
 * [Installation](#installation)
 * [Configuration](#configuration)
-  * [Integration with Llama Stack](#integration-with-llama-stack)
-  * [Llama Stack as separate server](#llama-stack-as-separate-server)
-    * [Llama Stack project and configuration](#llama-stack-project-and-configuration)
-    * [Check connection to Llama Stack](#check-connection-to-llama-stack)
-  * [Llama Stack as client library](#llama-stack-as-client-library)
-  * [System prompt](#system-prompt)
-  * [Safety Shields](#safety-shields)
-  * [Authentication](#authentication)
-    * [K8s based authentication](#k8s-based-authentication)
-    * [JSON Web Keyset based authentication](#json-web-keyset-based-authentication)
-    * [No-op authentication](#no-op-authentication)
+    * [Integration with Llama Stack](#integration-with-llama-stack)
+    * [Llama Stack as separate server](#llama-stack-as-separate-server)
+        * [MCP Server and Tool Configuration](#mcp-server-and-tool-configuration)
+            * [Configuring MCP Servers](#configuring-mcp-servers)
+            * [Configuring MCP Headers](#configuring-mcp-headers)
+        * [Llama Stack project and configuration](#llama-stack-project-and-configuration)
+        * [Check connection to Llama Stack](#check-connection-to-llama-stack)
+    * [Llama Stack as client library](#llama-stack-as-client-library)
+    * [User data collection](#user-data-collection)
+    * [System prompt](#system-prompt)
+    * [Safety Shields](#safety-shields)
+    * [Authentication](#authentication)
+        * [K8s based authentication](#k8s-based-authentication)
+        * [JSON Web Keyset based authentication](#json-web-keyset-based-authentication)
+        * [No-op authentication](#no-op-authentication)
 * [Usage](#usage)
-  * [Make targets](#make-targets)
-  * [Running Linux container image](#running-linux-container-image)
+    * [Make targets](#make-targets)
+    * [Running Linux container image](#running-linux-container-image)
 * [Endpoints](#endpoints)
-  * [OpenAPI specification](#openapi-specification)
-  * [Readiness Endpoint](#readiness-endpoint)
-  * [Liveness Endpoint](#liveness-endpoint)
+    * [OpenAPI specification](#openapi-specification)
+    * [Readiness Endpoint](#readiness-endpoint)
+    * [Liveness Endpoint](#liveness-endpoint)
 * [Publish the service as Python package on PyPI](#publish-the-service-as-python-package-on-pypi)
-  * [Generate distribution archives to be uploaded into Python registry](#generate-distribution-archives-to-be-uploaded-into-python-registry)
-  * [Upload distribution archives into selected Python registry](#upload-distribution-archives-into-selected-python-registry)
-  * [Packages on PyPI and Test PyPI](#packages-on-pypi-and-test-pypi)
+    * [Generate distribution archives to be uploaded into Python registry](#generate-distribution-archives-to-be-uploaded-into-python-registry)
+    * [Upload distribution archives into selected Python registry](#upload-distribution-archives-into-selected-python-registry)
+    * [Packages on PyPI and Test PyPI](#packages-on-pypi-and-test-pypi)
 * [Contributing](#contributing)
 * [Testing](#testing)
 * [License](#license)
 * [Additional tools](#additional-tools)
-  * [Utility to generate OpenAPI schema](#utility-to-generate-openapi-schema)
-    * [Path](#path)
-    * [Usage](#usage-1)
-* [Project structure](#project-structure)
-  * [Configuration classes](#configuration-classes)
-  * [REST API](#rest-api)
+    * [Utility to generate OpenAPI schema](#utility-to-generate-openapi-schema)
+        * [Path](#path)
+        * [Usage](#usage-1)
 * [Data Export Integration](#data-export-integration)
-
+    * [Quick Integration](#quick-integration)
+    * [Documentation](#documentation)
+* [Project structure](#project-structure)
+    * [Configuration classes](#configuration-classes)
+    * [REST API](#rest-api)
 
 <!-- vim-markdown-toc -->
 
@@ -400,6 +403,49 @@ authentication:
   module: "noop-with-token"
 ```
 
+## CORS
+
+It is possible to configure CORS handling. This configuration is part of service configuration:
+
+```yaml
+service:
+  host: localhost
+  port: 8080
+  auth_enabled: false
+  workers: 1
+  color_log: true
+  access_log: true
+  cors:
+    allow_origins:
+      - http://foo.bar.baz
+      - http://test.com
+    allow_credentials: true
+    allow_methods:
+      - *
+    allow_headers:
+      - *
+```
+
+### Default values
+
+```yaml
+  cors:
+    allow_origins:
+      - *
+    allow_credentials: false
+    allow_methods:
+      - *
+    allow_headers:
+      - *
+```
+
+## Allow credentials
+
+Credentials are not allowed with wildcard origins per CORS/Fetch spec.
+See https://fastapi.tiangolo.com/tutorial/cors/
+
+
+
 # Usage
 
 ```

docs/config.png

@@ -9,9 +9,17 @@ class "AuthenticationConfiguration" as src.models.config.AuthenticationConfigura
   skip_tls_verification : bool
   check_authentication_model() -> Self
 }
+class "CORSConfiguration" as src.models.config.CORSConfiguration {
+  allow_credentials : bool
+  allow_headers : list[str]
+  allow_methods : list[str]
+  allow_origins : list[str]
+  check_cors_configuration() -> Self
+}
 class "Configuration" as src.models.config.Configuration {
-  authentication : Optional[AuthenticationConfiguration]
+  authentication
   customization : Optional[Customization]
+  database
   inference
   llama_stack
   mcp_servers : list[ModelContextProtocolServer]
@@ -26,7 +34,13 @@ class "Customization" as src.models.config.Customization {
   system_prompt_path : Optional[FilePath]
   check_customization_model() -> Self
 }
-
+class "DatabaseConfiguration" as src.models.config.DatabaseConfiguration {
+  config
+  db_type
+  postgres : Optional[PostgreSQLDatabaseConfiguration]
+  sqlite : Optional[SQLiteDatabaseConfiguration]
+  check_database_configuration() -> Self
+}
 class "InferenceConfiguration" as src.models.config.InferenceConfiguration {
   default_model : Optional[str]
   default_provider : Optional[str]
@@ -52,10 +66,26 @@ class "ModelContextProtocolServer" as src.models.config.ModelContextProtocolServ
   provider_id : str
   url : str
 }
+class "PostgreSQLDatabaseConfiguration" as src.models.config.PostgreSQLDatabaseConfiguration {
+  ca_cert_path : Optional[FilePath]
+  db : str
+  gss_encmode : str
+  host : str
+  namespace : Optional[str]
+  password : str
+  port : int
+  ssl_mode : str
+  user : str
+  check_postgres_configuration() -> Self
+}
+class "SQLiteDatabaseConfiguration" as src.models.config.SQLiteDatabaseConfiguration {
+  db_path : str
+}
 class "ServiceConfiguration" as src.models.config.ServiceConfiguration {
   access_log : bool
   auth_enabled : bool
   color_log : bool
+  cors
   host : str
   port : int
   tls_config
@@ -75,10 +105,13 @@ class "UserDataCollection" as src.models.config.UserDataCollection {
   transcripts_storage : Optional[str]
   check_storage_location_is_set_when_needed() -> Self
 }
-
+src.models.config.AuthenticationConfiguration --* src.models.config.Configuration : authentication
+src.models.config.CORSConfiguration --* src.models.config.ServiceConfiguration : cors
+src.models.config.DatabaseConfiguration --* src.models.config.Configuration : database
 src.models.config.InferenceConfiguration --* src.models.config.Configuration : inference
 src.models.config.JwtConfiguration --* src.models.config.JwkConfiguration : jwt_configuration
 src.models.config.LlamaStackConfiguration --* src.models.config.Configuration : llama_stack
+src.models.config.SQLiteDatabaseConfiguration --* src.models.config.DatabaseConfiguration : sqlite
 src.models.config.ServiceConfiguration --* src.models.config.Configuration : service
 src.models.config.TLSConfiguration --* src.models.config.ServiceConfiguration : tls_config
 src.models.config.UserDataCollection --* src.models.config.Configuration : user_data_collection