diff --git a/ai-hub/app/core/grpc/services/grpc_server.py b/ai-hub/app/core/grpc/services/grpc_server.py index d4f889a..148d9df 100644 --- a/ai-hub/app/core/grpc/services/grpc_server.py +++ b/ai-hub/app/core/grpc/services/grpc_server.py @@ -69,34 +69,6 @@ node.queue.put(agent_pb2.ServerTaskMessage( work_pool_update=agent_pb2.WorkPoolUpdate(available_task_ids=self.pool.list_available()) )) - - def SyncConfiguration(self, request, context): - """M4 Authenticated Handshake: Validate invite_token via Hub DB, then send policy.""" - node_id = request.node_id - invite_token = request.auth_token - - # --- M4: Token validation via Hub API --- - user_id = "default" - skill_cfg = {} - - if HUB_API_URL and _requests: - try: - resp = _requests.post( - f"{HUB_API_URL}{HUB_API_PATH}", - params={"node_id": node_id, "token": invite_token}, - timeout=5, - ) - payload = resp.json() or {} - if not payload.get("valid"): - reason = payload.get("reason", "Token rejected") or "Token rejected" - logger.warning(f"[🔒] SyncConfiguration REJECTED {node_id}: {reason}") - return agent_pb2.RegistrationResponse(success=False, error_message=reason) - - user_id = payload.get("user_id", "default") - skill_cfg = payload.get("skill_config", {}) - logger.info(f"[🔑] Token validated for {node_id} (owner: {user_id})") - except Exception as e: - logger.error(f"[⚠️] Hub token validation unavailable ({e}); proceeding as 'default' user.") def _build_sandbox_policy(self, skill_cfg): """Builds a SandboxPolicy protobuf from raw skill configuration.""" @@ -416,6 +388,12 @@ }) yield agent_pb2.HealthCheckResponse(server_time_ms=int(time.time()*1000)) +class LoggingInterceptor(grpc.ServerInterceptor): + def intercept_service(self, continuation, handler_call_details): + method = handler_call_details.method + logger.info(f"[gRPC] Incoming RPC Call: {method}") + return continuation(handler_call_details) + def serve_grpc(registry, port=50051): """Starts the gRPC Orchestrator Server for Agent Nodes.""" import grpc @@ -430,7 +408,11 @@ ('grpc.keepalive_timeout_ms', 10000), # Wait 10s for pong ('grpc.keepalive_permit_without_calls', True), ] - server = grpc.server(futures.ThreadPoolExecutor(max_workers=10), options=options) + server = grpc.server( + futures.ThreadPoolExecutor(max_workers=10), + options=options, + interceptors=(LoggingInterceptor(),) + ) orchestrator = AgentOrchestrator(registry) agent_pb2_grpc.add_AgentOrchestratorServicer_to_server(orchestrator, server) diff --git a/request.json b/request.json new file mode 100644 index 0000000..9ce9581 --- /dev/null +++ b/request.json @@ -0,0 +1,5 @@ +{ + "name": "https_listener", + "yaml": "'@type': type.googleapis.com/envoy.config.listener.v3.Listener\naddress:\n socketAddress:\n address: 0.0.0.0\n portValue: 10001\nfilterChains:\n - filterChainMatch:\n serverNames:\n - pcb.jerxie.com\n filters:\n - name: envoy.filters.network.http_connection_manager\n typedConfig:\n '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager\n httpFilters:\n - name: envoy.filters.http.router\n typedConfig:\n '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router\n routeConfig:\n name: pcb_service\n virtualHosts:\n - domains:\n - pcb.jerxie.com\n name: pcb_service\n routes:\n - match:\n prefix: /\n route:\n cluster: _pcb_server\n timeout: 0s\n statPrefix: ingress_http\n upgradeConfigs:\n - upgradeType: websocket\n transportSocket:\n name: envoy.transport_sockets.tls\n typedConfig:\n '@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext\n commonTlsContext:\n tlsCertificateSdsSecretConfigs:\n - name: pcb_jerxie_com\n sdsConfig:\n apiConfigSource:\n apiType: GRPC\n grpcServices:\n - envoyGrpc:\n clusterName: xds_cluster\n transportApiVersion: V3\n resourceApiVersion: V3\n - filterChainMatch:\n serverNames:\n - monitor.jerxie.com\n filters:\n - name: envoy.filters.network.http_connection_manager\n typedConfig:\n '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager\n httpFilters:\n - name: envoy.filters.http.router\n typedConfig:\n '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router\n routeConfig:\n virtualHosts:\n - domains:\n - monitor.jerxie.com\n name: monitor_service\n routes:\n - match:\n prefix: /\n route:\n cluster: _monitor_server\n timeout: 0s\n statPrefix: ingress_http\n upgradeConfigs:\n - upgradeType: websocket\n transportSocket:\n name: envoy.transport_sockets.tls\n typedConfig:\n '@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext\n commonTlsContext:\n tlsCertificateSdsSecretConfigs:\n - name: monitor_jerxie_com\n sdsConfig:\n apiConfigSource:\n apiType: GRPC\n grpcServices:\n - envoyGrpc:\n clusterName: xds_cluster\n transportApiVersion: V3\n resourceApiVersion: V3\n - filterChainMatch:\n serverNames:\n - ai.jerxie.com\n filters:\n - name: envoy.filters.network.http_connection_manager\n typedConfig:\n '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager\n httpFilters:\n - name: envoy.filters.http.router\n typedConfig:\n '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router\n routeConfig:\n name: ai_unified_service\n virtualHosts:\n - domains:\n - ai.jerxie.com\n name: ai_service\n routes:\n - match:\n prefix: /agent.\n route:\n cluster: _ai_agent_orchestrator\n maxStreamDuration:\n grpcTimeoutHeaderMax: 0s\n timeout: 0s\n - match:\n prefix: /\n route:\n cluster: _ai_unified_server\n timeout: 0s\n statPrefix: ingress_http\n upgradeConfigs:\n - upgradeType: websocket\n transportSocket:\n name: envoy.transport_sockets.tls\n typedConfig:\n '@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext\n commonTlsContext:\n alpnProtocols:\n - h2\n - http/1.1\n tlsCertificateSdsSecretConfigs:\n - name: ai_jerxie_com\n sdsConfig:\n apiConfigSource:\n apiType: GRPC\n grpcServices:\n - envoyGrpc:\n clusterName: xds_cluster\n transportApiVersion: V3\n resourceApiVersion: V3\n - filterChainMatch:\n serverNames:\n - container.jerxie.com\n filters:\n - name: envoy.filters.network.http_connection_manager\n typedConfig:\n '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager\n httpFilters:\n - name: envoy.filters.http.router\n typedConfig:\n '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router\n routeConfig:\n virtualHosts:\n - domains:\n - container.jerxie.com\n name: container_service\n routes:\n - match:\n prefix: /\n route:\n cluster: _portainer_ui\n statPrefix: ingress_http\n upgradeConfigs:\n - upgradeType: websocket\n transportSocket:\n name: envoy.transport_sockets.tls\n typedConfig:\n '@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext\n commonTlsContext:\n tlsCertificateSdsSecretConfigs:\n - name: container_jerxie_com\n sdsConfig:\n apiConfigSource:\n apiType: GRPC\n grpcServices:\n - envoyGrpc:\n clusterName: xds_cluster\n transportApiVersion: V3\n resourceApiVersion: V3\n - filterChainMatch:\n serverNames:\n - password.jerxie.com\n filters:\n - name: envoy.filters.network.http_connection_manager\n typedConfig:\n '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager\n httpFilters:\n - name: envoy.filters.http.router\n typedConfig:\n '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router\n routeConfig:\n virtualHosts:\n - domains:\n - password.jerxie.com\n name: password_service\n routes:\n - match:\n prefix: /\n route:\n cluster: _bitwarden_service\n statPrefix: ingress_http\n transportSocket:\n name: envoy.transport_sockets.tls\n typedConfig:\n '@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext\n commonTlsContext:\n tlsCertificateSdsSecretConfigs:\n - name: password_jerxie_com\n sdsConfig:\n apiConfigSource:\n apiType: GRPC\n grpcServices:\n - envoyGrpc:\n clusterName: xds_cluster\n transportApiVersion: V3\n resourceApiVersion: V3\n - filterChainMatch:\n serverNames:\n - docker.jerxie.com\n - docker.local\n filters:\n - name: envoy.filters.network.http_connection_manager\n typedConfig:\n '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager\n httpFilters:\n - name: envoy.filters.http.router\n typedConfig:\n '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router\n routeConfig:\n virtualHosts:\n - domains:\n - docker.jerxie.com\n name: docker_service\n routes:\n - match:\n prefix: /\n route:\n cluster: _docker_registry\n timeout: 0s\n statPrefix: ingress_http\n transportSocket:\n name: envoy.transport_sockets.tls\n typedConfig:\n '@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext\n commonTlsContext:\n tlsCertificateSdsSecretConfigs:\n - name: docker_jerxie_com\n sdsConfig:\n apiConfigSource:\n apiType: GRPC\n grpcServices:\n - envoyGrpc:\n clusterName: xds_cluster\n transportApiVersion: V3\n resourceApiVersion: V3\n - filterChainMatch:\n serverNames:\n - video.jerxie.com\n filters:\n - name: envoy.filters.network.http_connection_manager\n typedConfig:\n '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager\n httpFilters:\n - name: envoy.filters.http.router\n typedConfig:\n '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router\n routeConfig:\n virtualHosts:\n - domains:\n - video.jerxie.com\n name: docker_service\n routes:\n - match:\n prefix: /\n route:\n cluster: _nas_video\n timeout: 0s\n statPrefix: ingress_http\n transportSocket:\n name: envoy.transport_sockets.tls\n typedConfig:\n '@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext\n commonTlsContext:\n tlsCertificateSdsSecretConfigs:\n - name: video_jerxie_com\n sdsConfig:\n apiConfigSource:\n apiType: GRPC\n grpcServices:\n - envoyGrpc:\n clusterName: xds_cluster\n transportApiVersion: V3\n resourceApiVersion: V3\n - filterChainMatch:\n serverNames:\n - audio.jerxie.com\n - audio.local\n filters:\n - name: envoy.filters.network.http_connection_manager\n typedConfig:\n '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager\n httpFilters:\n - name: envoy.filters.http.router\n typedConfig:\n '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router\n routeConfig:\n virtualHosts:\n - domains:\n - audio.jerxie.com\n - audio.local\n name: docker_service\n routes:\n - match:\n prefix: /\n route:\n cluster: _nas_audio\n statPrefix: ingress_http\n transportSocket:\n name: envoy.transport_sockets.tls\n typedConfig:\n '@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext\n commonTlsContext:\n tlsCertificateSdsSecretConfigs:\n - name: audio_jerxie_com\n sdsConfig:\n apiConfigSource:\n apiType: GRPC\n grpcServices:\n - envoyGrpc:\n clusterName: xds_cluster\n transportApiVersion: V3\n resourceApiVersion: V3\n - filterChainMatch:\n serverNames:\n - gitbucket.jerxie.com\n filters:\n - name: envoy.filters.network.http_connection_manager\n typedConfig:\n '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager\n httpFilters:\n - name: envoy.filters.http.router\n typedConfig:\n '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router\n routeConfig:\n virtualHosts:\n - domains:\n - gitbucket.jerxie.com\n name: gitbucket_service\n routes:\n - match:\n prefix: /\n route:\n cluster: _git_bucket\n statPrefix: ingress_http\n transportSocket:\n name: envoy.transport_sockets.tls\n typedConfig:\n '@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext\n commonTlsContext:\n tlsCertificateSdsSecretConfigs:\n - name: gitbucket_jerxie_com\n sdsConfig:\n apiConfigSource:\n apiType: GRPC\n grpcServices:\n - envoyGrpc:\n clusterName: xds_cluster\n transportApiVersion: V3\n resourceApiVersion: V3\n - filterChainMatch:\n serverNames:\n - photo.jerxie.com\n filters:\n - name: envoy.filters.network.http_connection_manager\n typedConfig:\n '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager\n httpFilters:\n - name: envoy.filters.http.router\n typedConfig:\n '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router\n routeConfig:\n virtualHosts:\n - domains:\n - photo.jerxie.com\n name: photo_service\n routes:\n - match:\n prefix: /\n route:\n cluster: _nas_photo\n timeout: 0s\n statPrefix: ingress_http\n transportSocket:\n name: envoy.transport_sockets.tls\n typedConfig:\n '@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext\n commonTlsContext:\n tlsCertificateSdsSecretConfigs:\n - name: photo_jerxie_com\n sdsConfig:\n apiConfigSource:\n apiType: GRPC\n grpcServices:\n - envoyGrpc:\n clusterName: xds_cluster\n transportApiVersion: V3\n resourceApiVersion: V3\n - filterChainMatch:\n serverNames:\n - note.jerxie.com\n filters:\n - name: envoy.filters.network.http_connection_manager\n typedConfig:\n '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager\n httpFilters:\n - name: envoy.filters.http.router\n typedConfig:\n '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router\n routeConfig:\n virtualHosts:\n - domains:\n - note.jerxie.com\n name: note_service\n routes:\n - match:\n prefix: /\n route:\n cluster: _nas_note\n statPrefix: ingress_http\n transportSocket:\n name: envoy.transport_sockets.tls\n typedConfig:\n '@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext\n commonTlsContext:\n tlsCertificateSdsSecretConfigs:\n - name: note_jerxie_com\n sdsConfig:\n apiConfigSource:\n apiType: GRPC\n grpcServices:\n - envoyGrpc:\n clusterName: xds_cluster\n transportApiVersion: V3\n resourceApiVersion: V3\n - filterChainMatch:\n serverNames:\n - home.jerxie.com\n filters:\n - name: envoy.filters.network.http_connection_manager\n typedConfig:\n '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager\n httpFilters:\n - name: envoy.filters.http.router\n typedConfig:\n '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router\n mergeSlashes: true\n normalizePath: true\n requestTimeout: 300s\n routeConfig:\n virtualHosts:\n - domains:\n - home.jerxie.com\n name: home_service\n routes:\n - match:\n prefix: /\n route:\n cluster: _homeassistant_service\n statPrefix: ingress_http\n streamIdleTimeout: 300s\n upgradeConfigs:\n - upgradeType: websocket\n transportSocket:\n name: envoy.transport_sockets.tls\n typedConfig:\n '@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext\n commonTlsContext:\n tlsCertificateSdsSecretConfigs:\n - name: home_jerxie_com\n sdsConfig:\n apiConfigSource:\n apiType: GRPC\n grpcServices:\n - envoyGrpc:\n clusterName: xds_cluster\n transportApiVersion: V3\n resourceApiVersion: V3\n - filterChainMatch:\n serverNames:\n - auth.jerxie.com\n filters:\n - name: envoy.filters.network.http_connection_manager\n typedConfig:\n '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager\n httpFilters:\n - name: envoy.filters.http.router\n typedConfig:\n '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router\n routeConfig:\n virtualHosts:\n - domains:\n - auth.jerxie.com\n name: auth_service\n routes:\n - match:\n prefix: /\n route:\n cluster: _auth_server\n statPrefix: ingress_http\n upgradeConfigs:\n - upgradeType: websocket\n transportSocket:\n name: envoy.transport_sockets.tls\n typedConfig:\n '@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext\n commonTlsContext:\n tlsCertificateSdsSecretConfigs:\n - name: auth_jerxie_com\n sdsConfig:\n apiConfigSource:\n apiType: GRPC\n grpcServices:\n - envoyGrpc:\n clusterName: xds_cluster\n transportApiVersion: V3\n resourceApiVersion: V3\n - filterChainMatch:\n serverNames:\n - nas\n - nas.jerxie.com\n filters:\n - name: envoy.filters.network.http_connection_manager\n typedConfig:\n '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager\n httpFilters:\n - name: envoy.filters.http.router\n typedConfig:\n '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router\n maxRequestHeadersKb: 96\n routeConfig:\n virtualHosts:\n - domains:\n - nas.jerxie.com\n - nas:10001\n name: docker_service\n routes:\n - match:\n prefix: /\n route:\n cluster: _nas_service\n timeout: 0s\n statPrefix: ingress_http\n upgradeConfigs:\n - upgradeType: websocket\n transportSocket:\n name: envoy.transport_sockets.tls\n typedConfig:\n '@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext\n commonTlsContext:\n tlsCertificateSdsSecretConfigs:\n - name: nas_jerxie_com\n sdsConfig:\n apiConfigSource:\n apiType: GRPC\n grpcServices:\n - envoyGrpc:\n clusterName: xds_cluster\n transportApiVersion: V3\n resourceApiVersion: V3\n - filterChainMatch:\n serverNames:\n - code.jerxie.com\n filters:\n - name: envoy.filters.network.http_connection_manager\n typedConfig:\n '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager\n httpFilters:\n - configDiscovery:\n configSource:\n ads: {}\n resourceApiVersion: V3\n typeUrls:\n - type.googleapis.com/envoy.extensions.filters.http.oauth2.v3.OAuth2\n name: oidc_oauth2_config_code-server\n - configDiscovery:\n configSource:\n ads: {}\n resourceApiVersion: V3\n typeUrls:\n - type.googleapis.com/envoy.extensions.filters.http.jwt_authn.v3.JwtAuthentication\n name: oidc_jwt_authn_config\n - configDiscovery:\n configSource:\n ads: {}\n resourceApiVersion: V3\n typeUrls:\n - type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua\n name: oidc_authz_lua\n - name: envoy.filters.http.router\n typedConfig:\n '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router\n routeConfig:\n virtualHosts:\n - domains:\n - code.jerxie.com\n name: code_service\n routes:\n - match:\n prefix: /\n route:\n cluster: _code_server\n statPrefix: ingress_http\n upgradeConfigs:\n - upgradeType: websocket\n name: code_server_filter_chain\n transportSocket:\n name: envoy.transport_sockets.tls\n typedConfig:\n '@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext\n commonTlsContext:\n tlsCertificateSdsSecretConfigs:\n - name: code_jerxie_com\n sdsConfig:\n apiConfigSource:\n apiType: GRPC\n grpcServices:\n - envoyGrpc:\n clusterName: xds_cluster\n transportApiVersion: V3\n resourceApiVersion: V3\n - filterChainMatch:\n serverNames:\n - envoy.jerxie.com\n filters:\n - name: envoy.filters.network.http_connection_manager\n typedConfig:\n '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager\n httpFilters:\n - configDiscovery:\n configSource:\n ads: {}\n resourceApiVersion: V3\n typeUrls:\n - type.googleapis.com/envoy.extensions.filters.http.oauth2.v3.OAuth2\n name: oidc_oauth2_config_envoy-server\n - configDiscovery:\n configSource:\n ads: {}\n resourceApiVersion: V3\n typeUrls:\n - type.googleapis.com/envoy.extensions.filters.http.jwt_authn.v3.JwtAuthentication\n name: oidc_jwt_authn_config\n - configDiscovery:\n configSource:\n ads: {}\n resourceApiVersion: V3\n typeUrls:\n - type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua\n name: oidc_authz_lua\n - name: envoy.filters.http.router\n typedConfig:\n '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router\n routeConfig:\n virtualHosts:\n - domains:\n - envoy.jerxie.com\n name: envoy_service\n routes:\n - match:\n prefix: /\n route:\n cluster: _envoy_server\n statPrefix: ingress_http_envoy\n upgradeConfigs:\n - upgradeType: websocket\n name: envoy_server_filter_chain\n transportSocket:\n name: envoy.transport_sockets.tls\n typedConfig:\n '@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext\n commonTlsContext:\n tlsCertificateSdsSecretConfigs:\n - name: envoy_jerxie_com\n sdsConfig:\n apiConfigSource:\n apiType: GRPC\n grpcServices:\n - envoyGrpc:\n clusterName: xds_cluster\n transportApiVersion: V3\n resourceApiVersion: V3\n - filterChainMatch:\n serverNames:\n - openclaw.jerxie.com\n filters:\n - name: envoy.filters.network.http_connection_manager\n typedConfig:\n '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager\n httpFilters:\n - configDiscovery:\n configSource:\n ads: {}\n resourceApiVersion: V3\n typeUrls:\n - type.googleapis.com/envoy.extensions.filters.http.oauth2.v3.OAuth2\n name: oidc_oauth2_config_openclaw\n - configDiscovery:\n configSource:\n ads: {}\n resourceApiVersion: V3\n typeUrls:\n - type.googleapis.com/envoy.extensions.filters.http.jwt_authn.v3.JwtAuthentication\n name: oidc_jwt_authn_config\n - configDiscovery:\n configSource:\n ads: {}\n resourceApiVersion: V3\n typeUrls:\n - type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua\n name: oidc_authz_lua\n - name: envoy.filters.http.router\n typedConfig:\n '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router\n routeConfig:\n virtualHosts:\n - domains:\n - openclaw.jerxie.com\n name: openclaw_service\n routes:\n - match:\n prefix: /webhooks\n route:\n cluster: _openclaw_server\n typedPerFilterConfig:\n oidc_authz_lua:\n '@type': type.googleapis.com/envoy.config.route.v3.FilterConfig\n disabled: true\n oidc_jwt_authn_config:\n '@type': type.googleapis.com/envoy.config.route.v3.FilterConfig\n disabled: true\n oidc_oauth2_config_openclaw:\n '@type': type.googleapis.com/envoy.config.route.v3.FilterConfig\n disabled: true\n - match:\n prefix: /\n route:\n cluster: _openclaw_server\n statPrefix: ingress_http\n upgradeConfigs:\n - upgradeType: websocket\n name: openclaw_server_filter_chain\n transportSocket:\n name: envoy.transport_sockets.tls\n typedConfig:\n '@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext\n commonTlsContext:\n tlsCertificateSdsSecretConfigs:\n - name: openclaw_jerxie_com\n sdsConfig:\n apiConfigSource:\n apiType: GRPC\n grpcServices:\n - envoyGrpc:\n clusterName: xds_cluster\n transportApiVersion: V3\n resourceApiVersion: V3\nlistenerFilters:\n - name: envoy.filters.listener.tls_inspector\n typedConfig:\n '@type': type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector\nname: https_listener", + "upsert": true +}