Skip to content

Configuration & environment

Fabric is configured entirely by configuration — the same images run in every posture, with behavior selected by settings rather than code changes.

Category What it controls
Identity SSO (OIDC / SAML) endpoints, SCIM, MFA, session token settings.
Scope & policy Organization / department / project defaults, allowed-model policy, routing rules, quota limits.
Secrets The key-management backend (Vault / cloud KMS) holding connector credentials and signing keys — never stored in code.
Models The model registry and sovereignty routing (cloud gateway vs local runtimes).
Data foundation Endpoints for the context graph, vector index, document store, cache, workflow engine, and audit store.
Gateway Public URL, rate limits and quotas, OAuth issuer settings.

Client-facing coordinates (MCP URL, REST base, workspace header, SDK packages) are exposed through the gateway’s public GET /v1/connection-info endpoint, so clients never hardcode URLs and the same agent config works across postures. See Connection info.

Sovereignty is enforced at the model-routing layer, not just the network edge: per-organization allowed-model policy and routing rules pin restricted data classes to local models, with cost ceilings and fallbacks balancing sovereignty against cost and latency.

See Environment variables for the reference list (to be completed per release).