Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.shannon.run/llms.txt

Use this file to discover all available pages before exploring further.

Overview

Shannon is configured through environment variables and YAML configuration files. This guide documents all available configuration options.

Configuration Files

Shannon uses multiple configuration approaches:
  1. .env file: Environment variables (this document)
  2. config/features.yaml: Feature flags and toggles
  3. config/models.yaml: LLM model definitions and pricing
  4. Docker Compose: Service orchestration and networking

Setup

# Create .env from template
cp .env.example .env

# Edit with your values
nano .env

# Apply changes
docker compose down
docker compose up -d

Core Runtime

Essential variables for all deployments.
VariableTypeDefaultDescription
ENVIRONMENTstringdevRuntime environment: dev, staging, prod
DEBUGbooleanfalseEnable debug logging
SERVICE_NAMEstringshannon-llm-serviceService identifier for logs and metrics
Example: 
ENVIRONMENT=prod
DEBUG=false
SERVICE_NAME=shannon-production

LLM Provider API Keys

At least one provider must be configured.
VariableProviderRequiredFormat
OPENAI_API_KEYOpenAIConditionalsk-...
ANTHROPIC_API_KEYAnthropic (Claude)Conditionalsk-ant-...
GOOGLE_API_KEYGoogle (Gemini)ConditionalAIza...
GROQ_API_KEYGroqNogsk_...
XAI_API_KEYxAI (Grok)NoCustom
DEEPSEEK_API_KEYDeepSeekNoCustom
QWEN_API_KEYQwenNoCustom
MISTRAL_API_KEYMistralNoCustom
ZAI_API_KEYZAINoCustom
AWS Bedrock Configuration:
VariableDefaultDescription
AWS_ACCESS_KEY_ID-AWS access key for Bedrock
AWS_SECRET_ACCESS_KEY-AWS secret key
AWS_REGIONus-east-1AWS region
Example: 
OPENAI_API_KEY=sk-proj-abc123...
ANTHROPIC_API_KEY=sk-ant-xyz789...
AWS_REGION=us-west-2
Testing API Keys: 
# Test OpenAI
curl https://api.openai.com/v1/models \
  -H "Authorization: Bearer $OPENAI_API_KEY"

# Test Anthropic
curl https://api.anthropic.com/v1/messages \
  -H "x-api-key: $ANTHROPIC_API_KEY" \
  -H "anthropic-version: 2023-06-01" \
  -H "Content-Type: application/json" \
  -d '{"model":"claude-3-sonnet-20240229","max_tokens":10,"messages":[{"role":"user","content":"Hi"}]}'

Web Search Providers

Optional but highly recommended for research and data gathering tasks.
VariableTypeDefaultOptions
WEB_SEARCH_PROVIDERstringserpapigoogle, serper, serpapi, bing, exa, firecrawl
Provider-Specific Keys:
VariableProviderGet Key From
GOOGLE_SEARCH_API_KEYGoogleGoogle Cloud Console
GOOGLE_SEARCH_ENGINE_IDGoogleProgrammable Search Engine
SERPER_API_KEYSerperserper.dev
BING_API_KEYBingAzure Portal
EXA_API_KEYExaexa.ai
FIRECRAWL_API_KEYFirecrawlfirecrawl.dev
Example: 
WEB_SEARCH_PROVIDER=serpapi
SERPAPI_API_KEY=your-serpapi-key

Data Stores

Configuration for PostgreSQL, Redis, and Qdrant.

PostgreSQL

VariableTypeDefaultDescription
POSTGRES_HOSTstringpostgresDatabase hostname
POSTGRES_PORTinteger5432Database port
POSTGRES_DBstringshannonDatabase name
POSTGRES_USERstringshannonDatabase username
POSTGRES_PASSWORDstringshannonDatabase password
POSTGRES_SSLMODEstringdisableSSL mode: disable, require, verify-full
DB_MAX_OPEN_CONNSinteger25Maximum open connections
DB_MAX_IDLE_CONNSinteger5Maximum idle connections

Redis

VariableTypeDefaultDescription
REDIS_HOSTstringredisRedis hostname
REDIS_PORTinteger6379Redis port
REDIS_PASSWORDstring Redis password (empty = no auth)
REDIS_TTL_SECONDSinteger3600Default TTL for cached items (1 hour)
REDIS_ADDRstringredis:6379Redis address (host:port)
REDIS_URLstringredis://redis:6379Redis connection URL
LLM_REDIS_URLstring-Dedicated Redis for LLM caching (optional)

Qdrant (Vector Database)

VariableTypeDefaultDescription
QDRANT_URLstringhttp://qdrant:6333Qdrant HTTP endpoint
QDRANT_HOSTstringqdrantQdrant hostname
QDRANT_PORTinteger6333Qdrant port
Example: 
# PostgreSQL
POSTGRES_HOST=db.example.com
POSTGRES_PORT=5432
POSTGRES_PASSWORD=secure_password_here

# Redis (with auth)
REDIS_HOST=redis.example.com
REDIS_PASSWORD=redis_password_here
REDIS_TTL_SECONDS=7200  # 2 hours

# Qdrant
QDRANT_URL=http://vector-db.example.com:6333

Service Endpoints

Internal service URLs for communication.
VariableDefaultDescription
TEMPORAL_HOSTtemporal:7233Temporal workflow engine
LLM_SERVICE_URLhttp://llm-service:8000Python LLM service HTTP endpoint
AGENT_CORE_ADDRagent-core:50051Rust agent core gRPC endpoint
ADMIN_SERVERhttp://orchestrator:8081Orchestrator admin API
ORCHESTRATOR_GRPCorchestrator:50052Orchestrator gRPC endpoint
EVENTS_INGEST_URLhttp://orchestrator:8081/eventsEvent ingestion endpoint
EVENTS_AUTH_TOKEN-Auth token for event ingestion
APPROVALS_AUTH_TOKEN-Auth token for approval webhooks
Config File Paths:
VariableDefaultDescription
CONFIG_PATH./config/features.yamlFeature flags configuration
MODELS_CONFIG_PATH./config/models.yamlModel definitions and pricing

Model Routing & Budgets

Control LLM selection, token limits, and cost management.
VariableTypeDefaultDescription
DEFAULT_MODEL_TIERstringsmallDefault model size: small, medium, large
COMPLEXITY_MODEL_IDstringgpt-5Model for complexity analysis
DECOMPOSITION_MODEL_IDstringclaude-sonnet-4-5-20250929Model for task decomposition
MAX_TOKENSinteger2000Default max output tokens
TEMPERATUREfloat0.7Default sampling temperature (0.0-1.0)
MAX_TOKENS_PER_REQUESTinteger10000Maximum tokens per API request
MAX_COST_PER_REQUESTfloat0.50Maximum cost per request (USD)
LLM_DISABLE_BUDGETSinteger11 = orchestrator manages budgets, 0 = enforce in LLM service
HISTORY_WINDOW_MESSAGESinteger50Number of history messages to include
HISTORY_WINDOW_DEBUG_MESSAGESinteger75History messages in debug mode
WORKFLOW_SYNTH_BYPASS_SINGLEbooleantrueSkip synthesis for single-result tasks
TOKEN_BUDGET_PER_AGENTinteger-Per-agent token limit
TOKEN_BUDGET_PER_TASKinteger-Per-task token limit
Example - Cost-Optimized: 
DEFAULT_MODEL_TIER=small
MAX_COST_PER_REQUEST=0.10
MAX_TOKENS_PER_REQUEST=5000
TEMPERATURE=0.5
Example - High-Quality: 
DEFAULT_MODEL_TIER=large
MAX_COST_PER_REQUEST=2.00
MAX_TOKENS_PER_REQUEST=50000
TEMPERATURE=0.7

Cache & Rate Limiting

Performance and cost optimization through caching and rate limits.
VariableTypeDefaultDescription
ENABLE_CACHEbooleantrueEnable LLM response caching
CACHE_SIMILARITY_THRESHOLDfloat0.95Semantic similarity threshold (0.0-1.0)
RATE_LIMIT_REQUESTSinteger100Requests per window
RATE_LIMIT_WINDOWinteger60Rate limit window (seconds)
WEB_SEARCH_RATE_LIMITinteger120Web search requests per minute
CALCULATOR_RATE_LIMITinteger2000Calculator tool requests per minute
PYTHON_EXECUTOR_RATE_LIMITinteger60Python execution requests per minute
PARTIAL_CHUNK_CHARSinteger512Streaming chunk size (characters)
Cache Behavior:
  • Responses are cached by semantic similarity
  • Cache key: SHA256 hash of (prompt + model + temperature)
  • TTL: Controlled by REDIS_TTL_SECONDS
Example: 
ENABLE_CACHE=true
CACHE_SIMILARITY_THRESHOLD=0.98  # Higher = more exact matches
RATE_LIMIT_REQUESTS=200
RATE_LIMIT_WINDOW=60

Tool Execution & Workflow Controls

Fine-tune parallelism, timeouts, and execution behavior.
VariableTypeDefaultRangeDescription
TOOL_PARALLELISMinteger11-10Concurrent tool executions (1=sequential)
ENABLE_TOOL_SELECTIONinteger10,11=auto tool selection, 0=manual only
PRIORITY_QUEUESstringoffon/offEnable priority-based task queuing
STREAMING_RING_CAPACITYinteger1000-Event stream buffer size
COMPRESSION_TRIGGER_RATIOfloat0.750.0-1.0Context compression trigger threshold
COMPRESSION_TARGET_RATIOfloat0.3750.0-1.0Target compression ratio
ENFORCE_TIMEOUT_SECONDSinteger90-Hard timeout for operations
ENFORCE_MAX_TOKENSinteger32768-Absolute maximum tokens
ENFORCE_RATE_RPSinteger20-Requests per second limit
Circuit Breaker Settings:
VariableTypeDefaultDescription
ENFORCE_CB_ERROR_THRESHOLDfloat0.5Error rate to open circuit (50%)
ENFORCE_CB_WINDOW_SECONDSinteger30Sliding window for error rate
ENFORCE_CB_MIN_REQUESTSinteger20Minimum requests before opening circuit
Performance Tuning: 
# High throughput
TOOL_PARALLELISM=10
ENFORCE_RATE_RPS=50

# Conservative / Low resources
TOOL_PARALLELISM=2
ENFORCE_RATE_RPS=10

Approvals & Security

Human-in-the-loop and authentication settings.
VariableTypeDefaultDescription
APPROVAL_ENABLEDbooleanfalseEnable manual approval workflow
APPROVAL_COMPLEXITY_THRESHOLDfloat0.5Complexity score requiring approval (0.0-1.0)
APPROVAL_DANGEROUS_TOOLSstringfile_system,code_executionComma-separated tools requiring approval
APPROVAL_TIMEOUT_SECONDSinteger1800Approval wait timeout (30 minutes)
JWT_SECRETstringdevelopment-only-secret-change-in-productionJWT signing secret (⚠️ CHANGE IN PRODUCTION)
GATEWAY_SKIP_AUTHinteger11=auth disabled, 0=auth enabled
Security Best Practices: 
# Production setup
APPROVAL_ENABLED=true
APPROVAL_DANGEROUS_TOOLS=file_system,code_execution,shell,network_access
JWT_SECRET=$(openssl rand -base64 64)
GATEWAY_SKIP_AUTH=0
Development setup: 
# Fast iteration (⚠️ NOT FOR PRODUCTION)
APPROVAL_ENABLED=false
GATEWAY_SKIP_AUTH=1

Python WASI Sandbox

Secure Python code execution environment.
VariableTypeDefaultDescription
PYTHON_WASI_WASM_PATHstring./wasm-interpreters/python-3.11.4.wasmPath to Python WASI interpreter
PYTHON_WASI_SESSION_TIMEOUTinteger3600Session timeout (seconds)
WASI_MEMORY_LIMIT_MBinteger512Memory limit per execution (MB)
WASI_TIMEOUT_SECONDSinteger60Execution timeout per run
Setup: 
# Download Python WASI interpreter (20MB)
./scripts/setup_python_wasi.sh

# Verify
ls -lh wasm-interpreters/python-3.11.4.wasm
Tuning: 
# Tight limits (basic scripts)
WASI_MEMORY_LIMIT_MB=256
WASI_TIMEOUT_SECONDS=30

# Generous limits (data processing)
WASI_MEMORY_LIMIT_MB=1024
WASI_TIMEOUT_SECONDS=300

OpenAPI & MCP Integrations

External tool and API integration settings.

OpenAPI Tools

VariableTypeDefaultDescription
OPENAPI_ALLOWED_DOMAINSstring*Allowed domains (* or comma-separated)
OPENAPI_MAX_SPEC_SIZEinteger5242880Max OpenAPI spec size (5MB)
OPENAPI_FETCH_TIMEOUTinteger30Spec fetch timeout (seconds)
OPENAPI_RETRIESinteger2Retry attempts

MCP (Model Context Protocol)

VariableTypeDefaultDescription
MCP_ALLOWED_DOMAINSstring*Allowed MCP domains
MCP_MAX_RESPONSE_BYTESinteger10485760Max response size (10MB)
MCP_RETRIESinteger3Retry attempts
MCP_TIMEOUT_SECONDSinteger10Request timeout
MCP_REGISTER_TOKENstring-Registration auth token
MCP_RATE_LIMIT_DEFAULTinteger60Default rate limit (req/min)
MCP_CB_FAILURESinteger5Circuit breaker failure threshold
MCP_CB_RECOVERY_SECONDSinteger60Circuit breaker recovery time
MCP_COST_TO_TOKENSinteger0Cost-to-token conversion
Example - Restricted: 
OPENAPI_ALLOWED_DOMAINS=api.example.com,api.partner.com
MCP_ALLOWED_DOMAINS=mcp.trusted.com
MCP_REGISTER_TOKEN=secret_token_here

Observability & Telemetry

Metrics, tracing, and logging configuration.
VariableTypeDefaultDescription
OTEL_SERVICE_NAMEstringshannon-llm-serviceOpenTelemetry service name
OTEL_EXPORTER_OTLP_ENDPOINTstringlocalhost:4317OTLP endpoint
OTEL_ENABLEDbooleanfalseEnable OpenTelemetry tracing
LOG_FORMATstringplainLog format: plain or json
METRICS_PORTinteger2112Prometheus metrics port
Prometheus Endpoints:
  • Orchestrator: http://localhost:2112/metrics
  • Agent Core: http://localhost:2113/metrics
  • LLM Service: http://localhost:8000/metrics
Example - Production Observability: 
OTEL_ENABLED=true
OTEL_EXPORTER_OTLP_ENDPOINT=otel-collector:4317
LOG_FORMAT=json
METRICS_PORT=2112

Advanced Orchestrator Controls

Low-level tuning for Temporal workers and orchestrator behavior.

Worker Concurrency

VariableTypeDefaultDescription
WORKER_ACTinteger-Activity worker concurrency (all priorities)
WORKER_WFinteger-Workflow worker concurrency (all priorities)
WORKER_ACT_CRITICALinteger10Critical priority activity workers
WORKER_WF_CRITICALinteger5Critical priority workflow workers
WORKER_ACT_HIGHinteger-High priority activity workers
WORKER_WF_HIGHinteger-High priority workflow workers
WORKER_ACT_NORMALinteger-Normal priority activity workers
WORKER_WF_NORMALinteger-Normal priority workflow workers
WORKER_ACT_LOWinteger-Low priority activity workers
WORKER_WF_LOWinteger-Low priority workflow workers

Event & Circuit Settings

VariableTypeDefaultDescription
EVENTLOG_BATCH_SIZEinteger100Event batch size
EVENTLOG_BATCH_INTERVAL_MSinteger100Event batch interval (ms)
RATE_LIMIT_INTERVAL_MSinteger60000Rate limit window (ms)
BACKPRESSURE_THRESHOLDinteger-Backpressure trigger threshold
MAX_BACKPRESSURE_DELAY_MSinteger-Max backpressure delay
CIRCUIT_FAILURE_THRESHOLDinteger-Circuit breaker failure count
CIRCUIT_HALF_OPEN_REQUESTSinteger-Half-open state test requests
CIRCUIT_RESET_TIMEOUT_MSinteger-Circuit reset timeout
LLM_TIMEOUT_SECONDSinteger120LLM request timeout
Performance Tuning: 
# High load
WORKER_ACT_CRITICAL=20
WORKER_WF_CRITICAL=10
EVENTLOG_BATCH_SIZE=500

# Low resources
WORKER_ACT_CRITICAL=5
WORKER_WF_CRITICAL=3
EVENTLOG_BATCH_SIZE=50

Miscellaneous

Additional configuration options.
VariableTypeDefaultDescription
SHANNON_WORKSPACEstring./workspaceWorkspace directory for file operations
SEED_DATAbooleanfalseSeed Qdrant with sample data on startup
AGENT_TIMEOUT_SECONDSinteger600Max runtime per agent execution (10 minutes)
TEMPLATE_FALLBACK_ENABLEDbooleanfalseFallback to AI if template execution fails

Configuration Profiles

Development Profile

# .env.dev
ENVIRONMENT=dev
DEBUG=true
GATEWAY_SKIP_AUTH=1
APPROVAL_ENABLED=false
LOG_FORMAT=plain
MAX_COST_PER_REQUEST=0.10
LLM_DISABLE_BUDGETS=1
OTEL_ENABLED=false

Staging Profile

# .env.staging
ENVIRONMENT=staging
DEBUG=false
GATEWAY_SKIP_AUTH=0
APPROVAL_ENABLED=true
LOG_FORMAT=json
MAX_COST_PER_REQUEST=1.00
LLM_DISABLE_BUDGETS=0
OTEL_ENABLED=true
JWT_SECRET=$(openssl rand -base64 64)

Production Profile

# .env.prod
ENVIRONMENT=prod
DEBUG=false
GATEWAY_SKIP_AUTH=0
APPROVAL_ENABLED=true
APPROVAL_DANGEROUS_TOOLS=file_system,code_execution,shell,network_access
LOG_FORMAT=json
MAX_COST_PER_REQUEST=2.00
LLM_DISABLE_BUDGETS=0
OTEL_ENABLED=true
JWT_SECRET=$(openssl rand -base64 64)
POSTGRES_SSLMODE=require
REDIS_PASSWORD=secure_password
# Add strong passwords and restrict domains
OPENAPI_ALLOWED_DOMAINS=api.trusted.com
MCP_ALLOWED_DOMAINS=mcp.trusted.com

Hot-Reload Support

Most configuration changes require a service restart: 
# After editing .env
docker compose restart orchestrator
docker compose restart agent-core
docker compose restart llm-service
docker compose restart gateway
Services that auto-reload:
  • ✅ Feature flags (config/features.yaml)
  • ✅ Model configuration (config/models.yaml)
Services requiring restart:
  • ❌ Environment variables (.env)
  • ❌ Database credentials
  • ❌ Service endpoints

Validation & Testing

Verify Configuration

# Check loaded environment variables
docker compose exec orchestrator env | sort

# Test database connection
docker compose exec postgres psql -U shannon -d shannon -c "SELECT 1;"

# Test Redis connection
docker compose exec redis redis-cli ping

# Test API endpoints
curl http://localhost:8080/health
curl http://localhost:8000/health

Configuration Debugging

# View service logs
docker compose logs orchestrator | grep -i "config\|environment"

# Check for errors
docker compose logs orchestrator | grep -i "error\|warning"

# Validate YAML syntax
docker compose config

Security Checklist

  • Change JWT_SECRET to strong random value
  • Enable authentication (GATEWAY_SKIP_AUTH=0)
  • Set strong database passwords
  • Enable Redis authentication
  • Use SSL for PostgreSQL (POSTGRES_SSLMODE=require)
  • Enable approvals (APPROVAL_ENABLED=true)
  • Restrict OPENAPI_ALLOWED_DOMAINS
  • Restrict MCP_ALLOWED_DOMAINS
  • Enable structured logging (LOG_FORMAT=json)
  • Set up monitoring (OTEL_ENABLED=true)
  • Configure budget limits appropriately
  • Review worker concurrency for your load
  • Backup .env file securely

Installation

Initial setup guide

Troubleshooting

Common configuration issues

Cost Control

Budget management

Monitoring

Observability setup