attune/docker/distributable/config.docker.yaml

# Attune Docker Environment Configuration
#
# This file is mounted into containers at /opt/attune/config/config.yaml.
# It provides base values for Docker deployments.
#
# Sensitive values (jwt_secret, encryption_key) are overridden by environment
# variables set in docker-compose.yaml using the ATTUNE__ prefix convention:
#   ATTUNE__SECURITY__JWT_SECRET=...
#   ATTUNE__SECURITY__ENCRYPTION_KEY=...
#
# The `config` crate does NOT support ${VAR} shell interpolation in YAML.
# All overrides must use ATTUNE__<SECTION>__<KEY> environment variables.

environment: docker

# Docker database (PostgreSQL container)
database:
  url: postgresql://attune:attune@postgres:5432/attune
  max_connections: 20
  min_connections: 5
  connect_timeout: 30
  idle_timeout: 600
  log_statements: false
  schema: "public"

# Docker message queue (RabbitMQ container)
message_queue:
  url: amqp://attune:attune@rabbitmq:5672
  exchange: attune
  enable_dlq: true
  message_ttl: 3600 # seconds

# Docker cache (Redis container)
redis:
  url: redis://redis:6379
  pool_size: 10

# API server configuration
server:
  host: 0.0.0.0
  port: 8080
  request_timeout: 60
  enable_cors: true
  cors_origins:
    - http://localhost
    - http://localhost:3000
    - http://localhost:3001
    - http://localhost:3002
    - http://localhost:5173
    - http://127.0.0.1:3000
    - http://127.0.0.1:3001
    - http://127.0.0.1:3002
    - http://127.0.0.1:5173
    - http://web
    - http://web:3000
  max_body_size: 10485760 # 10MB

# Logging configuration
log:
  level: info
  format: json # Structured logs for container environments
  console: true

# Security settings
# jwt_secret and encryption_key are intentional placeholders — they MUST be
# overridden via ATTUNE__SECURITY__JWT_SECRET and ATTUNE__SECURITY__ENCRYPTION_KEY
# environment variables in docker-compose.yaml (or a .env file).
security:
  jwt_secret: override-via-ATTUNE__SECURITY__JWT_SECRET-env-var
  jwt_access_expiration: 3600 # 1 hour
  jwt_refresh_expiration: 604800 # 7 days
  encryption_key: override-via-ATTUNE__SECURITY__ENCRYPTION_KEY-env-var
  enable_auth: true
  allow_self_registration: false
  login_page:
    show_local_login: true
    show_oidc_login: true
    show_ldap_login: true
  oidc:
    enabled: false
    # Uncomment and configure for your OIDC provider:
    # discovery_url: https://auth.example.com/.well-known/openid-configuration
    # client_id: your-client-id
    # client_secret: your-client-secret
    # provider_name: sso
    # provider_label: SSO Login
    # provider_icon_url: https://auth.example.com/favicon.ico
    # redirect_uri: http://localhost:3000/auth/callback
    # post_logout_redirect_uri: http://localhost:3000/login
    # scopes:
    #   - groups

# Packs directory (mounted volume in containers)
packs_base_dir: /opt/attune/packs

# Runtime environments directory (isolated envs like virtualenvs, node_modules).
# Kept separate from packs so pack directories remain clean and read-only.
# Pattern: {runtime_envs_dir}/{pack_ref}/{runtime_name}
runtime_envs_dir: /opt/attune/runtime_envs

# Artifacts directory (shared volume for file-based artifact storage).
# File-type artifacts are written here by execution processes and served by the API.
# Pattern: {artifacts_dir}/{ref_slug}/v{version}.{ext}
artifacts_dir: /opt/attune/artifacts

# Executor service configuration
executor:
  scheduled_timeout: 300 # 5 minutes - fail executions stuck in SCHEDULED
  timeout_check_interval: 60 # Check every minute for stale executions
  enable_timeout_monitor: true

# Worker service configuration
worker:
  worker_type: container
  max_concurrent_tasks: 20
  heartbeat_interval: 10 # Reduced from 30s for faster stale detection (staleness = 30s)
  task_timeout: 300
  max_stdout_bytes: 10485760 # 10MB
  max_stderr_bytes: 10485760 # 10MB
  shutdown_timeout: 30
  stream_logs: true

# Sensor service configuration
sensor:
  max_concurrent_sensors: 50
  heartbeat_interval: 10 # Reduced from 30s for faster stale detection
  poll_interval: 10
  sensor_timeout: 300
  shutdown_timeout: 30

# Notifier service configuration
notifier:
  host: 0.0.0.0
  port: 8081
  max_connections: 1000

# Agent binary distribution (serves the agent binary via API for remote downloads)
agent:
  binary_dir: /opt/attune/agent