Skip to main content

Overview

Shannon is configured through environment variables and YAML configuration files. This guide documents all available configuration options.

Configuration Files

Shannon uses multiple configuration approaches:
  1. .env file: Environment variables (this document)
  2. config/features.yaml: Feature flags and toggles
  3. config/models.yaml: LLM model definitions and pricing
  4. Docker Compose: Service orchestration and networking

Setup

# Create .env from template
cp .env.example .env

# Edit with your values
nano .env

# Apply changes
docker compose down
docker compose up -d

Core Runtime

Essential variables for all deployments.
VariableTypeDefaultDescription
ENVIRONMENTstringdevRuntime environment: dev, staging, prod
DEBUGbooleanfalseEnable debug logging
SERVICE_NAMEstringshannon-llm-serviceService identifier for logs and metrics
Example: 
ENVIRONMENT=prod
DEBUG=false
SERVICE_NAME=shannon-production

LLM Provider API Keys

At least one provider must be configured.
VariableProviderRequiredFormat
OPENAI_API_KEYOpenAIConditionalsk-...
ANTHROPIC_API_KEYAnthropic (Claude)Conditionalsk-ant-...
GOOGLE_API_KEYGoogle (Gemini)ConditionalAIza...
GROQ_API_KEYGroqNogsk_...
XAI_API_KEYxAI (Grok)NoCustom
DEEPSEEK_API_KEYDeepSeekNoCustom
QWEN_API_KEYQwenNoCustom
MISTRAL_API_KEYMistralNoCustom
ZAI_API_KEYZAINoCustom
AWS Bedrock Configuration:
VariableDefaultDescription
AWS_ACCESS_KEY_ID-AWS access key for Bedrock
AWS_SECRET_ACCESS_KEY-AWS secret key
AWS_REGIONus-east-1AWS region
Example: 
OPENAI_API_KEY=sk-proj-abc123...
ANTHROPIC_API_KEY=sk-ant-xyz789...
AWS_REGION=us-west-2
Testing API Keys: 
# Test OpenAI
curl https://api.openai.com/v1/models \
  -H "Authorization: Bearer $OPENAI_API_KEY"

# Test Anthropic
curl https://api.anthropic.com/v1/messages \
  -H "x-api-key: $ANTHROPIC_API_KEY" \
  -H "anthropic-version: 2023-06-01" \
  -H "Content-Type: application/json" \
  -d '{"model":"claude-3-sonnet-20240229","max_tokens":10,"messages":[{"role":"user","content":"Hi"}]}'

Web Search Providers

Optional but highly recommended for research and data gathering tasks.
VariableTypeDefaultOptions
WEB_SEARCH_PROVIDERstringgooglegoogle, serper, bing, exa, firecrawl
Provider-Specific Keys:
VariableProviderGet Key From
GOOGLE_SEARCH_API_KEYGoogleGoogle Cloud Console
GOOGLE_SEARCH_ENGINE_IDGoogleProgrammable Search Engine
SERPER_API_KEYSerperserper.dev
BING_API_KEYBingAzure Portal
EXA_API_KEYExaexa.ai
FIRECRAWL_API_KEYFirecrawlfirecrawl.dev
Example: 
WEB_SEARCH_PROVIDER=google
GOOGLE_SEARCH_API_KEY=AIzaSyAbc123...
GOOGLE_SEARCH_ENGINE_ID=0123456789abcdef

Data Stores

Configuration for PostgreSQL, Redis, and Qdrant.

PostgreSQL

VariableTypeDefaultDescription
POSTGRES_HOSTstringpostgresDatabase hostname
POSTGRES_PORTinteger5432Database port
POSTGRES_DBstringshannonDatabase name
POSTGRES_USERstringshannonDatabase username
POSTGRES_PASSWORDstringshannonDatabase password
POSTGRES_SSLMODEstringdisableSSL mode: disable, require, verify-full
DB_MAX_OPEN_CONNSinteger25Maximum open connections
DB_MAX_IDLE_CONNSinteger5Maximum idle connections

Redis

VariableTypeDefaultDescription
REDIS_HOSTstringredisRedis hostname
REDIS_PORTinteger6379Redis port
REDIS_PASSWORDstring Redis password (empty = no auth)
REDIS_TTL_SECONDSinteger3600Default TTL for cached items (1 hour)
REDIS_ADDRstringredis:6379Redis address (host:port)
REDIS_URLstringredis://redis:6379Redis connection URL
LLM_REDIS_URLstring-Dedicated Redis for LLM caching (optional)

Qdrant (Vector Database)

VariableTypeDefaultDescription
QDRANT_URLstringhttp://qdrant:6333Qdrant HTTP endpoint
QDRANT_HOSTstringqdrantQdrant hostname
QDRANT_PORTinteger6333Qdrant port
Example: 
# PostgreSQL
POSTGRES_HOST=db.example.com
POSTGRES_PORT=5432
POSTGRES_PASSWORD=secure_password_here

# Redis (with auth)
REDIS_HOST=redis.example.com
REDIS_PASSWORD=redis_password_here
REDIS_TTL_SECONDS=7200  # 2 hours

# Qdrant
QDRANT_URL=http://vector-db.example.com:6333

Service Endpoints

Internal service URLs for communication.
VariableDefaultDescription
TEMPORAL_HOSTtemporal:7233Temporal workflow engine
LLM_SERVICE_URLhttp://llm-service:8000Python LLM service HTTP endpoint
AGENT_CORE_ADDRagent-core:50051Rust agent core gRPC endpoint
ADMIN_SERVERhttp://orchestrator:8081Orchestrator admin API
ORCHESTRATOR_GRPCorchestrator:50052Orchestrator gRPC endpoint
EVENTS_INGEST_URLhttp://orchestrator:8081/eventsEvent ingestion endpoint
EVENTS_AUTH_TOKEN-Auth token for event ingestion
APPROVALS_AUTH_TOKEN-Auth token for approval webhooks
Config File Paths:
VariableDefaultDescription
CONFIG_PATH./config/features.yamlFeature flags configuration
MODELS_CONFIG_PATH./config/models.yamlModel definitions and pricing

Model Routing & Budgets

Control LLM selection, token limits, and cost management.
VariableTypeDefaultDescription
DEFAULT_MODEL_TIERstringsmallDefault model size: small, medium, large
COMPLEXITY_MODEL_IDstringgpt-5Model for complexity analysis
DECOMPOSITION_MODEL_IDstringclaude-sonnet-4-20250514Model for task decomposition
MAX_TOKENSinteger2000Default max output tokens
TEMPERATUREfloat0.7Default sampling temperature (0.0-1.0)
MAX_TOKENS_PER_REQUESTinteger10000Maximum tokens per API request
MAX_COST_PER_REQUESTfloat0.50Maximum cost per request (USD)
LLM_DISABLE_BUDGETSinteger11 = orchestrator manages budgets, 0 = enforce in LLM service
HISTORY_WINDOW_MESSAGESinteger50Number of history messages to include
HISTORY_WINDOW_DEBUG_MESSAGESinteger75History messages in debug mode
WORKFLOW_SYNTH_BYPASS_SINGLEbooleantrueSkip synthesis for single-result tasks
TOKEN_BUDGET_PER_AGENTinteger-Per-agent token limit
TOKEN_BUDGET_PER_TASKinteger-Per-task token limit
Example - Cost-Optimized: 
DEFAULT_MODEL_TIER=small
MAX_COST_PER_REQUEST=0.10
MAX_TOKENS_PER_REQUEST=5000
TEMPERATURE=0.5
Example - High-Quality: 
DEFAULT_MODEL_TIER=large
MAX_COST_PER_REQUEST=2.00
MAX_TOKENS_PER_REQUEST=50000
TEMPERATURE=0.7

Cache & Rate Limiting

Performance and cost optimization through caching and rate limits.
VariableTypeDefaultDescription
ENABLE_CACHEbooleantrueEnable LLM response caching
CACHE_SIMILARITY_THRESHOLDfloat0.95Semantic similarity threshold (0.0-1.0)
RATE_LIMIT_REQUESTSinteger100Requests per window
RATE_LIMIT_WINDOWinteger60Rate limit window (seconds)
WEB_SEARCH_RATE_LIMITinteger120Web search requests per minute
CALCULATOR_RATE_LIMITinteger2000Calculator tool requests per minute
PYTHON_EXECUTOR_RATE_LIMITinteger60Python execution requests per minute
PARTIAL_CHUNK_CHARSinteger512Streaming chunk size (characters)
Cache Behavior:
  • Responses are cached by semantic similarity
  • Cache key: SHA256 hash of (prompt + model + temperature)
  • TTL: Controlled by REDIS_TTL_SECONDS
Example: 
ENABLE_CACHE=true
CACHE_SIMILARITY_THRESHOLD=0.98  # Higher = more exact matches
RATE_LIMIT_REQUESTS=200
RATE_LIMIT_WINDOW=60

Tool Execution & Workflow Controls

Fine-tune parallelism, timeouts, and execution behavior.
VariableTypeDefaultRangeDescription
TOOL_PARALLELISMinteger51-10Concurrent tool executions (1=sequential)
ENABLE_TOOL_SELECTIONinteger10,11=auto tool selection, 0=manual only
PRIORITY_QUEUESstringoffon/offEnable priority-based task queuing
STREAMING_RING_CAPACITYinteger1000-Event stream buffer size
COMPRESSION_TRIGGER_RATIOfloat0.750.0-1.0Context compression trigger threshold
COMPRESSION_TARGET_RATIOfloat0.3750.0-1.0Target compression ratio
ENFORCE_TIMEOUT_SECONDSinteger90-Hard timeout for operations
ENFORCE_MAX_TOKENSinteger32768-Absolute maximum tokens
ENFORCE_RATE_RPSinteger20-Requests per second limit
Circuit Breaker Settings:
VariableTypeDefaultDescription
ENFORCE_CB_ERROR_THRESHOLDfloat0.5Error rate to open circuit (50%)
ENFORCE_CB_WINDOW_SECONDSinteger30Sliding window for error rate
ENFORCE_CB_MIN_REQUESTSinteger20Minimum requests before opening circuit
Performance Tuning: 
# High throughput
TOOL_PARALLELISM=10
ENFORCE_RATE_RPS=50

# Conservative / Low resources
TOOL_PARALLELISM=2
ENFORCE_RATE_RPS=10

Approvals & Security

Human-in-the-loop and authentication settings.
VariableTypeDefaultDescription
APPROVAL_ENABLEDbooleanfalseEnable manual approval workflow
APPROVAL_COMPLEXITY_THRESHOLDfloat0.5Complexity score requiring approval (0.0-1.0)
APPROVAL_DANGEROUS_TOOLSstringfile_system,code_executionComma-separated tools requiring approval
APPROVAL_TIMEOUT_SECONDSinteger7200Approval wait timeout (2 hours)
JWT_SECRETstringdevelopment-only-secret-change-in-productionJWT signing secret (⚠️ CHANGE IN PRODUCTION)
GATEWAY_SKIP_AUTHinteger11=auth disabled, 0=auth enabled
Security Best Practices: 
# Production setup
APPROVAL_ENABLED=true
APPROVAL_DANGEROUS_TOOLS=file_system,code_execution,shell,network_access
JWT_SECRET=$(openssl rand -base64 64)
GATEWAY_SKIP_AUTH=0
Development setup: 
# Fast iteration (⚠️ NOT FOR PRODUCTION)
APPROVAL_ENABLED=false
GATEWAY_SKIP_AUTH=1

Python WASI Sandbox

Secure Python code execution environment.
VariableTypeDefaultDescription
PYTHON_WASI_WASM_PATHstring./wasm-interpreters/python-3.11.4.wasmPath to Python WASI interpreter
PYTHON_WASI_SESSION_TIMEOUTinteger3600Session timeout (seconds)
WASI_MEMORY_LIMIT_MBinteger512Memory limit per execution (MB)
WASI_TIMEOUT_SECONDSinteger60Execution timeout per run
Setup: 
# Download Python WASI interpreter (20MB)
./scripts/setup_python_wasi.sh

# Verify
ls -lh wasm-interpreters/python-3.11.4.wasm
Tuning: 
# Tight limits (basic scripts)
WASI_MEMORY_LIMIT_MB=256
WASI_TIMEOUT_SECONDS=30

# Generous limits (data processing)
WASI_MEMORY_LIMIT_MB=1024
WASI_TIMEOUT_SECONDS=300

OpenAPI & MCP Integrations

External tool and API integration settings.

OpenAPI Tools

VariableTypeDefaultDescription
OPENAPI_ALLOWED_DOMAINSstring*Allowed domains (* or comma-separated)
OPENAPI_MAX_SPEC_SIZEinteger5242880Max OpenAPI spec size (5MB)
OPENAPI_FETCH_TIMEOUTinteger30Spec fetch timeout (seconds)
OPENAPI_RETRIESinteger3Retry attempts

MCP (Model Context Protocol)

VariableTypeDefaultDescription
MCP_ALLOWED_DOMAINSstring*Allowed MCP domains
MCP_MAX_RESPONSE_BYTESinteger10485760Max response size (10MB)
MCP_RETRIESinteger3Retry attempts
MCP_TIMEOUT_SECONDSinteger10Request timeout
MCP_REGISTER_TOKENstring-Registration auth token
MCP_RATE_LIMIT_DEFAULTinteger60Default rate limit (req/min)
MCP_CB_FAILURESinteger5Circuit breaker failure threshold
MCP_CB_RECOVERY_SECONDSinteger60Circuit breaker recovery time
MCP_COST_TO_TOKENSinteger0Cost-to-token conversion
Example - Restricted: 
OPENAPI_ALLOWED_DOMAINS=api.example.com,api.partner.com
MCP_ALLOWED_DOMAINS=mcp.trusted.com
MCP_REGISTER_TOKEN=secret_token_here

Observability & Telemetry

Metrics, tracing, and logging configuration.
VariableTypeDefaultDescription
OTEL_SERVICE_NAMEstringshannon-llm-serviceOpenTelemetry service name
OTEL_EXPORTER_OTLP_ENDPOINTstringlocalhost:4317OTLP endpoint
OTEL_ENABLEDbooleanfalseEnable OpenTelemetry tracing
LOG_FORMATstringplainLog format: plain or json
METRICS_PORTinteger2112Prometheus metrics port
Prometheus Endpoints:
  • Orchestrator: http://localhost:2112/metrics
  • Agent Core: http://localhost:2113/metrics
  • LLM Service: http://localhost:8000/metrics
Example - Production Observability: 
OTEL_ENABLED=true
OTEL_EXPORTER_OTLP_ENDPOINT=otel-collector:4317
LOG_FORMAT=json
METRICS_PORT=2112

Advanced Orchestrator Controls

Low-level tuning for Temporal workers and orchestrator behavior.

Worker Concurrency

VariableTypeDefaultDescription
WORKER_ACTinteger-Activity worker concurrency (all priorities)
WORKER_WFinteger-Workflow worker concurrency (all priorities)
WORKER_ACT_CRITICALinteger10Critical priority activity workers
WORKER_WF_CRITICALinteger5Critical priority workflow workers
WORKER_ACT_HIGHinteger-High priority activity workers
WORKER_WF_HIGHinteger-High priority workflow workers
WORKER_ACT_NORMALinteger-Normal priority activity workers
WORKER_WF_NORMALinteger-Normal priority workflow workers
WORKER_ACT_LOWinteger-Low priority activity workers
WORKER_WF_LOWinteger-Low priority workflow workers

Event & Circuit Settings

VariableTypeDefaultDescription
EVENTLOG_BATCH_SIZEinteger100Event batch size
EVENTLOG_BATCH_INTERVAL_MSinteger100Event batch interval (ms)
RATE_LIMIT_INTERVAL_MSinteger60000Rate limit window (ms)
BACKPRESSURE_THRESHOLDinteger-Backpressure trigger threshold
MAX_BACKPRESSURE_DELAY_MSinteger-Max backpressure delay
CIRCUIT_FAILURE_THRESHOLDinteger-Circuit breaker failure count
CIRCUIT_HALF_OPEN_REQUESTSinteger-Half-open state test requests
CIRCUIT_RESET_TIMEOUT_MSinteger-Circuit reset timeout
LLM_TIMEOUT_SECONDSinteger120LLM request timeout
Performance Tuning: 
# High load
WORKER_ACT_CRITICAL=20
WORKER_WF_CRITICAL=10
EVENTLOG_BATCH_SIZE=500

# Low resources
WORKER_ACT_CRITICAL=5
WORKER_WF_CRITICAL=3
EVENTLOG_BATCH_SIZE=50

Miscellaneous

Additional configuration options.
VariableTypeDefaultDescription
SHANNON_WORKSPACEstring./workspaceWorkspace directory for file operations
SEED_DATAbooleanfalseSeed Qdrant with sample data on startup
AGENT_TIMEOUT_SECONDSinteger600Max runtime per agent execution (10 minutes)
TEMPLATE_FALLBACK_ENABLEDbooleanfalseFallback to AI if template execution fails

Configuration Profiles

Development Profile

# .env.dev
ENVIRONMENT=dev
DEBUG=true
GATEWAY_SKIP_AUTH=1
APPROVAL_ENABLED=false
LOG_FORMAT=plain
MAX_COST_PER_REQUEST=0.10
LLM_DISABLE_BUDGETS=1
OTEL_ENABLED=false

Staging Profile

# .env.staging
ENVIRONMENT=staging
DEBUG=false
GATEWAY_SKIP_AUTH=0
APPROVAL_ENABLED=true
LOG_FORMAT=json
MAX_COST_PER_REQUEST=1.00
LLM_DISABLE_BUDGETS=0
OTEL_ENABLED=true
JWT_SECRET=$(openssl rand -base64 64)

Production Profile

# .env.prod
ENVIRONMENT=prod
DEBUG=false
GATEWAY_SKIP_AUTH=0
APPROVAL_ENABLED=true
APPROVAL_DANGEROUS_TOOLS=file_system,code_execution,shell,network_access
LOG_FORMAT=json
MAX_COST_PER_REQUEST=2.00
LLM_DISABLE_BUDGETS=0
OTEL_ENABLED=true
JWT_SECRET=$(openssl rand -base64 64)
POSTGRES_SSLMODE=require
REDIS_PASSWORD=secure_password
# Add strong passwords and restrict domains
OPENAPI_ALLOWED_DOMAINS=api.trusted.com
MCP_ALLOWED_DOMAINS=mcp.trusted.com

Hot-Reload Support

Most configuration changes require a service restart: 
# After editing .env
docker compose restart orchestrator
docker compose restart agent-core
docker compose restart llm-service
docker compose restart gateway
Services that auto-reload:
  • ✅ Feature flags (config/features.yaml)
  • ✅ Model configuration (config/models.yaml)
Services requiring restart:
  • ❌ Environment variables (.env)
  • ❌ Database credentials
  • ❌ Service endpoints

Validation & Testing

Verify Configuration

# Check loaded environment variables
docker compose exec orchestrator env | sort

# Test database connection
docker compose exec postgres psql -U shannon -d shannon -c "SELECT 1;"

# Test Redis connection
docker compose exec redis redis-cli ping

# Test API endpoints
curl http://localhost:8080/health
curl http://localhost:8000/health

Configuration Debugging

# View service logs
docker compose logs orchestrator | grep -i "config\|environment"

# Check for errors
docker compose logs orchestrator | grep -i "error\|warning"

# Validate YAML syntax
docker compose config

Security Checklist

  • Change JWT_SECRET to strong random value
  • Enable authentication (GATEWAY_SKIP_AUTH=0)
  • Set strong database passwords
  • Enable Redis authentication
  • Use SSL for PostgreSQL (POSTGRES_SSLMODE=require)
  • Enable approvals (APPROVAL_ENABLED=true)
  • Restrict OPENAPI_ALLOWED_DOMAINS
  • Restrict MCP_ALLOWED_DOMAINS
  • Enable structured logging (LOG_FORMAT=json)
  • Set up monitoring (OTEL_ENABLED=true)
  • Configure budget limits appropriately
  • Review worker concurrency for your load
  • Backup .env file securely

Installation

Initial setup guide

Troubleshooting

Common configuration issues

Cost Control

Budget management

Monitoring

Observability setup