-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathmas.yaml.example
More file actions
77 lines (72 loc) · 1.77 KB
/
Copy pathmas.yaml.example
File metadata and controls
77 lines (72 loc) · 1.77 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
server_listen_addr: 127.0.0.1:50051
# mTLS (required)
tls_ca_path: certs/ca.pem
tls_server_cert_path: certs/server.pem
tls_server_key_path: certs/server.key
# Optional: gateway policy settings (defaults apply if omitted).
gateway:
redis:
url: redis://localhost:6379
decode_responses: true
socket_timeout: null
rate_limit:
per_minute: 100
per_hour: 1000
features:
dlp: true
rbac: false
circuit_breaker: true
dlp:
merge_strategy: append
disable_defaults: []
policy_overrides:
email: redact
rules:
- id: internal_account_id
type: internal_account_id
pattern: "\\bACCT-[A-Z0-9]{10}\\b"
action: block
severity: high
description: Internal account IDs
enabled: true
case_insensitive: false
audit:
file_path: audit.log
max_bytes: 10000000
backup_count: 5
telemetry:
enabled: false
service_name: mas-framework
service_namespace: mas
environment: dev
otlp_endpoint: null
sample_ratio: 1.0
export_metrics: true
metrics_export_interval_ms: 60000
headers: {}
circuit_breaker:
failure_threshold: 5
success_threshold: 2
timeout_seconds: 60
window_seconds: 300
# Deny-by-default: explicitly allow agent-to-agent traffic.
permissions:
- type: allow_bidirectional
agents: [agent_a, agent_b]
agents:
- agent_id: agent_a
class_path: my_app.agents:AgentA
instances: 1
capabilities: [sender]
metadata: {}
tls_cert_path: certs/agent_a.pem
tls_key_path: certs/agent_a.key
init_kwargs: {}
- agent_id: agent_b
class_path: my_app.agents:AgentB
instances: 2
capabilities: [worker]
metadata: {}
tls_cert_path: certs/agent_b.pem
tls_key_path: certs/agent_b.key
init_kwargs: {}