Documentation
Configuration reference
Cordum configuration comes from three layers: file-based YAML, environment variables, and the Redis-backed config service. The scheduler bootstraps pools and timeouts from files into Redis, then reloads from Redis when config changes.
Config files
| File | Purpose |
|---|---|
| config/pools.yaml | Topic-to-pool routing and pool capability requirements. |
| config/timeouts.yaml | Topic and workflow timeout defaults. |
| config/safety.yaml | Input and output policy rules plus MCP policy fields. |
| config/output_scanners.yaml | Output scanning regex patterns. |
| config/system.yaml | System-wide config payload stored through the config service. |
| config/nats.conf | NATS configuration, including JetStream sync settings. |
Current loading model
1. Load YAML files from configured paths. 2. Bootstrap pools/timeouts into Redis config documents on scheduler startup. 3. Treat Redis config as the runtime source of truth. 4. Apply env vars for service addresses, auth, TLS, and feature toggles.
Overlay scopes
| Scope | Redis key | Typical use |
|---|---|---|
| system | cfg:system:<id> | Global defaults and pack registries. |
| org | cfg:org:<id> | Organization overrides. |
| team | cfg:team:<id> | Team-specific overrides. |
| workflow | cfg:workflow:<id> | Workflow-level settings. |
| step | cfg:step:<id> | Most-specific step-level overrides. |
Reload behavior
Config writes publish a lightweight notification onsys.config.changed. Scheduler replicas also poll Redis onSCHEDULER_CONFIG_RELOAD_INTERVALas a fallback.
Selected environment variables
shared
- NATS_URL
- REDIS_URL
- CORDUM_ENV
- CORDUM_PRODUCTION
- CORDUM_LOG_FORMAT
gateway
- CORDUM_API_KEY
- CORDUM_API_KEYS
- CORDUM_API_KEYS_PATH
- TENANT_ID
- GATEWAY_HTTP_ADDR
- GATEWAY_GRPC_ADDR
scheduler
- POOL_CONFIG_PATH
- TIMEOUT_CONFIG_PATH
- JOB_META_TTL
- WORKER_SNAPSHOT_INTERVAL
- SCHEDULER_CONFIG_RELOAD_INTERVAL
safety
- SAFETY_KERNEL_ADDR
- SAFETY_POLICY_PATH
- SAFETY_POLICY_URL
- SAFETY_POLICY_RELOAD_INTERVAL
- SAFETY_POLICY_PUBLIC_KEY
workflow
- WORKFLOW_ENGINE_HTTP_ADDR
- WORKFLOW_ENGINE_SCAN_INTERVAL
- WORKFLOW_ENGINE_RUN_SCAN_LIMIT
licensing
- CORDUM_LICENSE_FILE
- CORDUM_LICENSE_TOKEN
- CORDUM_LICENSE_PUBLIC_KEY
telemetry
- CORDUM_TELEMETRY_MODE
- CORDUM_TELEMETRY_ENDPOINT
For current defaults and comments, use.env.examplein the core repo as the authoritative reference.
Tier enforcement
| Tier | Workers | RPS | Notes |
|---|---|---|---|
| Community | 3 | 500 | Default when no license is installed. |
| Team | 25 | 5,000 | Requires a signed license file or token. |
| Enterprise | Unlimited | Unlimited | Full feature set including SSO and advanced RBAC. |
The gateway and scheduler enforce tier limits at runtime. When a limit is exceeded, requests receive a
429 status with an explanation of the active tier constraint. Use cordumctl license info to inspect the current tier and usage.Source of truth:docs/configuration-reference.md