# StellaOps Task Runner configuration template.
# Copy to ../etc/task-runner.yaml (relative to the Task Runner content root)
# and adjust values for your environment. Environment variables prefixed with
# STELLAOPS_TASKRUNNER_ override these values at runtime.

schemaVersion: 1

telemetry:
  enabled: true
  serviceName: "stellaops-taskrunner"
  exportConsole: true
  minimumLogLevel: "Information"
  otlpEndpoint: ""
  resourceAttributes:
    deployment.environment: "local"

authority:
  issuer: "https://authority.stella-ops.local"
  metadataAddress: ""
  requireHttpsMetadata: true
  audiences:
    - "api://task-runner"
  # Client credentials used for executing packs. Provide either clientSecret or
  # clientSecretFile (preferred for production).
  runnerClient:
    clientId: "task-runner"
    clientSecret: ""
    clientSecretFile: "../secrets/task-runner.secret"
    scopes:
      - "packs.run"
      - "packs.read"
  # Client used to approve gates when automation workflows sign off on runs.
  approvalsClient:
    clientId: "pack-approver"
    clientSecret: ""
    clientSecretFile: "../secrets/pack-approver.secret"
    scopes:
      - "packs.approve"
      - "packs.read"
  # Optional secondary client used for registry interactions (promote/deprecate).
  registryClient:
    clientId: "packs-registry"
    clientSecret: ""
    clientSecretFile: "../secrets/packs-registry.secret"
    scopes:
      - "packs.write"
      - "packs.read"
  # Tenant context required for all Task Runner operations.
  tenant: "tenant-default"

storage:
  # Object storage bucket where run artifacts and evidence bundles are kept.
  artifactsBucket: "s3://stellaops-taskrunner-artifacts"
  # MongoDB stores run metadata and approval state; update connection string
  # before deploying.
  mongoConnectionString: "mongodb://taskrunner:taskrunner@mongo:27017/taskrunner?authSource=admin"

approvals:
  # Default timeout before pending approvals auto-expire.
  defaultExpiresAfter: "04:00:00"
  # Notifications topic emitted when approvals are requested/resolved.
  notifyTopic: "pack.run.approvals"

runner:
  # Maximum concurrent steps Task Runner executes per worker.
  maxParallelSteps: 8
  # Allowlist of modules that can initiate network calls when sealed=false.
  networkAllowlist:
    - "*.internal.stella-ops.local"