feat: unified config management with encrypted secrets storage (#166)

Author: yhjun1026

assets/schema/derisk.sql

@@ -9,7 +9,7 @@ use derisk;
 -- MySQL DDL Script for Derisk
 -- Version: 0.3.0
 -- Generated from SQLAlchemy ORM Models
--- Generated: 2026-03-13 14:14:55
+-- Generated: 2026-03-16 15:22:00
 -- ============================================================
 
 SET NAMES utf8mb4;
@@ -37,6 +37,27 @@ CREATE TABLE IF NOT EXISTS `derisk_cluster_registry_instance` (
   UNIQUE KEY `uk_model_instance` (`model_name`, `host`, `port`, `sys_code`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
 
+-- Table: streaming_tool_config
+-- Source Model: StreamingToolConfig
+CREATE TABLE IF NOT EXISTS `streaming_tool_config` (
+  `id` BIGINT NOT NULL AUTO_INCREMENT,
+  `app_code` VARCHAR(128) NOT NULL COMMENT '应用代码',
+  `tool_name` VARCHAR(128) NOT NULL COMMENT '工具名称',
+  `tool_display_name` VARCHAR(256) NULL COMMENT '工具显示名称',
+  `tool_description` TEXT NULL COMMENT '工具描述',
+  `param_configs` JSON NOT NULL COMMENT '参数配置',
+  `global_threshold` INT NULL DEFAULT 256 COMMENT '全局阈值',
+  `global_strategy` VARCHAR(32) NULL COMMENT '全局策略',
+  `global_renderer` VARCHAR(32) NULL COMMENT '全局渲染器',
+  `enabled` TINYINT(1) NOT NULL DEFAULT 1 COMMENT '是否启用流式',
+  `priority` INT NOT NULL DEFAULT 0 COMMENT '优先级',
+  `created_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '创建时间',
+  `updated_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '更新时间',
+  `created_by` VARCHAR(128) NULL COMMENT '创建人',
+  `updated_by` VARCHAR(128) NULL COMMENT '更新人',
+  PRIMARY KEY (`id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+
 -- Table: chat_history
 -- Source Model: ChatHistoryEntity
 CREATE TABLE IF NOT EXISTS `chat_history` (

configs/derisk.default.json

@@ -0,0 +1,45 @@
+{
+  "name": "OpenDeRisk",
+  "version": "0.1.0",
+  "default_model": {
+    "provider": "openai",
+    "model_id": "gpt-4",
+    "api_key": "sk-s6bVede3eiCFhJ35WHUa4WSDj8Z4nXutLPUrOxg7Swcl0JkV",
+    "temperature": 0.7,
+    "max_tokens": 4096
+  },
+  "agents": {
+    "primary": {
+      "name": "primary",
+      "description": "主Agent",
+      "permission": {
+        "default_action": "ask",
+        "rules": {
+          "*": "allow",
+          "*.env": "ask",
+          "*.secret*": "ask"
+        }
+      },
+      "max_steps": 20,
+      "color": "#4A90E2"
+    }
+  },
+  "sandbox": {
+    "enabled": false,
+    "image": "python:3.11-slim",
+    "memory_limit": "512m",
+    "timeout": 300,
+    "network_enabled": false
+  },
+  "oauth2": {
+    "enabled": false,
+    "providers": [],
+    "admin_users": []
+  },
+  "workspace": "/Users/tuyang/.derisk/workspace",
+  "log_level": "INFO",
+  "server": {
+    "host": "127.0.0.1",
+    "port": 7777
+  }
+}

derisk.json

@@ -1,6 +1,7 @@
 import logging
 import os
 import sys
+from pathlib import Path
 
 from derisk.util.logger import (
     logging_str_to_uvicorn_level,
@@ -14,6 +15,21 @@
 ROOT_PATH = os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
 sys.path.append(ROOT_PATH)
 
+DEFAULT_JSON_CONFIG_PATH = Path.home() / ".derisk" / "derisk.json"
+
+
+def init_json_config_manager():
+    """Initialize the JSON config manager for UI configuration"""
+    try:
+        from derisk_core.config import ConfigManager
+
+        ConfigManager.init(str(DEFAULT_JSON_CONFIG_PATH))
+        logger.info(
+            f"JSON config manager initialized: {ConfigManager.get_config_path()}"
+        )
+    except Exception as e:
+        logger.warning(f"Failed to initialize JSON config manager: {e}")
+
 
 def run_uvicorn(creator: AppCreator):
     import uvicorn
@@ -27,13 +43,15 @@ def run_uvicorn(creator: AppCreator):
     loop = "auto"
     try:
         import uvloop
+
         loop = "uvloop"
     except ImportError:
         pass
 
     http = "auto"
     try:
         import httptools
+
         http = "httptools"
     except ImportError:
         pass
@@ -51,7 +69,16 @@ def run_uvicorn(creator: AppCreator):
 
 
 def run_webserver(config_file: str):
-    creator = next((creator for creator in AppCreator.__subclasses__() if creator.config_file and creator.config_file.endswith(config_file)), CustomAppCreator)(config_file)
+    init_json_config_manager()
+
+    creator = next(
+        (
+            creator
+            for creator in AppCreator.__subclasses__()
+            if creator.config_file and creator.config_file.endswith(config_file)
+        ),
+        CustomAppCreator,
+    )(config_file)
     with root_tracer.start_span(
         "run_webserver",
         span_type=SpanType.RUN,
@@ -73,7 +100,9 @@ def parse_args():
         "--config",
         type=str,
         default=None,
-        help="Path to the configuration file. Default: configs/derisk-siliconflow.toml",
+        help=f"Path to the TOML configuration file for service infrastructure. "
+        f"Default: configs/derisk-proxy-aliyun.toml. "
+        f"Application settings (JSON) are stored in: {DEFAULT_JSON_CONFIG_PATH}",
     )
     return parser.parse_args()