git.stella-ops.org/etc/signals.yaml.sample

# Signals service configuration template.
# Copy to ../etc/signals.yaml (relative to the Signals content root)
# and adjust values to fit your environment.

schemaVersion: 1

Signals:
  Authority:
    Enabled: true
    Issuer: "https://authority.stella-ops.local"
    AllowAnonymousFallback: false
    Audiences:
      - "api://signals"
    RequiredTenants:
      - "tenant-default"
    RequiredScopes:
      - "signals:read"
      - "signals:write"
      - "signals:admin"
    BypassNetworks:
      - "127.0.0.1/32"
      - "::1/128"
  Mongo:
    ConnectionString: "mongodb://localhost:27017/signals"
    Database: "signals"
    CallgraphsCollection: "callgraphs"
    ReachabilityFactsCollection: "reachability_facts"
  Storage:
    # Storage driver: "filesystem" (default) or "rustfs" (CAS-backed)
    Driver: "filesystem"
    # Filesystem driver options (used when Driver=filesystem)
    RootPath: "../data/signals-artifacts"
    # RustFS driver options (used when Driver=rustfs)
    # Per CAS contract, signals uses "signals-data" bucket
    BucketName: "signals-data"
    RootPrefix: "callgraphs"
    RustFs:
      BaseUrl: "http://localhost:8180/api/v1"
      AllowInsecureTls: false
      ApiKey: ""
      ApiKeyHeader: "X-API-Key"
      Timeout: "00:01:00"
  Scoring:
    ReachableConfidence: 0.75
    UnreachableConfidence: 0.25
    RuntimeBonus: 0.15
    MaxConfidence: 0.99
    MinConfidence: 0.05
  Cache:
    ConnectionString: "localhost:6379"
    DefaultTtlSeconds: 600
  AirGap:
    # Optional override for fact-update event topic when signaling across air-gap boundaries.
    # Defaults to "signals.fact.updated" when omitted.
    EventTopic: "signals.fact.updated"
    SealedMode:
      EnforcementEnabled: false
      EvidencePath: "../ops/devops/sealed-mode-ci/artifacts/sealed-mode-ci/latest/signals-sealed-ci.json"
      MaxEvidenceAge: "06:00:00"
      CacheLifetime: "00:01:00"