Configuration & environment
Fabric is configured entirely by configuration — the same images run in every posture, with behavior selected by settings rather than code changes.
Categories of configuration
Section titled “Categories of configuration”| Category | What it controls |
|---|---|
| Identity | SSO (OIDC / SAML) endpoints, SCIM, MFA, session token settings. |
| Scope & policy | Organization / department / project defaults, allowed-model policy, routing rules, quota limits. |
| Secrets | The key-management backend (Vault / cloud KMS) holding connector credentials and signing keys — never stored in code. |
| Models | The model registry and sovereignty routing (cloud gateway vs local runtimes). |
| Data foundation | Endpoints for the context graph, vector index, document store, cache, workflow engine, and audit store. |
| Gateway | Public URL, rate limits and quotas, OAuth issuer settings. |
Discoverable coordinates
Section titled “Discoverable coordinates”Client-facing coordinates (MCP URL, REST base, workspace header, SDK packages) are exposed
through the gateway’s public GET /v1/connection-info endpoint, so clients never hardcode
URLs and the same agent config works across postures. See
Connection info.
Sovereignty enforcement
Section titled “Sovereignty enforcement”Sovereignty is enforced at the model-routing layer, not just the network edge: per-organization allowed-model policy and routing rules pin restricted data classes to local models, with cost ceilings and fallbacks balancing sovereignty against cost and latency.
See Environment variables for the reference list (to be completed per release).
