YAML Configuration Reference

Configuration file location

Mount a YAML file at /app/config/default.yaml inside the container. Environment variables always override YAML values when both are set.

Full reference

# config/default.yaml — complete GOVERN Probe configuration

# ─── Upstream ─────────────────────────────────────────────────────────────────
upstream:
  # Base URL of the AI model provider API
  url: https://api.anthropic.com   # required

  # Proxy listen port inside the container
  port: 4020                       # default: 4020

  # Request timeout in milliseconds
  timeout_ms: 30000                # default: 30000

  # Maximum request body size (bytes). Requests exceeding this are rejected.
  max_body_bytes: 10485760         # default: 10MB

  # Strip X-Govern-* headers before forwarding to upstream
  strip_govern_headers: true       # default: true

# ─── GOVERN Platform ──────────────────────────────────────────────────────────
govern:
  # API key for the GOVERN platform. Required.
  api_key: ""                      # env: GOVERN_API_KEY

  # Organization ID. Required.
  org_id: ""                       # env: GOVERN_ORG_ID

  # GOVERN telemetry API endpoint
  api_url: https://api.govern.archetypal.ai  # default

  # Deployment environment label (appears in all telemetry events)
  env: production                  # env: GOVERN_ENV

  # Human-readable label for this probe instance
  probe_id: ""                     # env: GOVERN_PROBE_ID (auto-generated if empty)

# ─── Scoring ──────────────────────────────────────────────────────────────────
scoring:
  # Operating mode: log | flag | block
  # log   — record and report only. Never blocks.
  # flag  — emit alerts when thresholds exceeded. Never blocks.
  # block — hard stop when thresholds exceeded. Returns 422 to caller.
  mode: log                        # env: SCORING_MODE

  security:
    enabled: true
    threshold: 0.70                # Score above this triggers flag/block
    check_pii: true
    check_injection: true
    check_credentials: true

  bias:
    enabled: true
    threshold: 0.60
    check_gender: true
    check_racial: true
    check_age: true

  accuracy:
    enabled: true
    threshold: 0.65
    check_hallucination: true
    check_grounding: true

  drift:
    enabled: true
    threshold: 0.25                # Drift score above this triggers flag/block
    baseline_window_hours: 168     # 7 days of history for baseline
    min_baseline_inferences: 100   # Don't alert until baseline is established

  cost:
    enabled: true
    budget_tokens_per_hour: 1000000
    budget_spend_per_hour_usd: 10.00
    alert_at_percent: 0.80         # Alert at 80% of budget

# ─── Telemetry ────────────────────────────────────────────────────────────────
telemetry:
  # How often to flush the ring buffer (milliseconds)
  flush_interval_ms: 5000          # default: 5000

  # Maximum events per batch
  batch_size: 50                   # default: 50

  # Ring buffer capacity (events). Oldest events dropped when full.
  ring_buffer_size: 1000           # default: 1000

  # Retry failed flushes this many times before dropping
  max_retries: 3                   # default: 3

  # Retry backoff base (milliseconds)
  retry_backoff_ms: 1000           # default: 1000

  # Include request/response content in telemetry (true = PII risk)
  include_content: false           # default: false

# ─── Health ───────────────────────────────────────────────────────────────────
health:
  # Path for liveness probe
  liveness_path: /healthz          # default: /healthz

  # Path for readiness probe (checks upstream reachability)
  readiness_path: /readyz          # default: /readyz

  # Path for Prometheus metrics
  metrics_path: /metrics           # default: /metrics

# ─── Logging ──────────────────────────────────────────────────────────────────
logging:
  # Log level: debug | info | warn | error
  level: info                      # default: info

  # Log format: json | text
  format: json                     # default: json

Minimal production config

upstream:
  url: https://api.anthropic.com

scoring:
  mode: flag
  security:
    threshold: 0.70
  bias:
    threshold: 0.60

telemetry:
  flush_interval_ms: 5000
  batch_size: 50

Environment variable precedence

Environment variables always override YAML. This table shows the mapping:

YAML key	Environment variable
`upstream.url`	`UPSTREAM_URL`
`govern.api_key`	`GOVERN_API_KEY`
`govern.org_id`	`GOVERN_ORG_ID`
`govern.env`	`GOVERN_ENV`
`scoring.mode`	`SCORING_MODE`
`scoring.security.threshold`	`SCORING_SECURITY_THRESHOLD`
`scoring.bias.threshold`	`SCORING_BIAS_THRESHOLD`
`scoring.accuracy.threshold`	`SCORING_ACCURACY_THRESHOLD`
`scoring.drift.threshold`	`SCORING_DRIFT_THRESHOLD`
`telemetry.flush_interval_ms`	`TELEMETRY_FLUSH_INTERVAL_MS`
`telemetry.batch_size`	`TELEMETRY_BATCH_SIZE`
`logging.level`	`LOG_LEVEL`