Expand description
Layered, runtime configuration for CorTeX.
This replaces two prototype-era patterns: the compile-time dotenv! baking of the database
URL into the binary (so the deployment target could not change without a rebuild), and ad-hoc
hard-coded constants for the dispatcher ports.
Values are resolved with the following precedence (lowest to highest):
- built-in
Defaultvalues, - an optional
cortex.tomlfile in the working directory, CORTEX_-prefixed environment variables (nested with__, e.g.CORTEX_DISPATCHER__SOURCE_PORT),- the legacy
DATABASE_URL/TEST_DATABASE_URLvariables (also read from a local.env), which take final precedence so existing deployments keep working unchanged.
Access the process-wide configuration through config().
Structs§
- Assets
Config - On-disk asset locations, so the binary is not bound to its working directory.
- Auth
Config - Frontend authentication / secrets. The only source is the JSON token file
(
auth_file_path—config.json/CORTEX_AUTH_FILE); this is never read from or written tocortex.toml(theCortexConfig::authfield is#[serde(skip)]). - Cortex
Config - Top-level
CorTeXruntime configuration. - Database
Config - Database connection settings.
- Dispatcher
Config - ZeroMQ dispatcher settings.
- Jobs
Config - Background-job lifecycle settings (W-4 stall handling).
- Webauthn
Config - Passkey (WebAuthn) sign-in settings for the human admin UI
(
docs/archive/WEBAUTHN_DESIGN.md). The relying party is the CorTeX server itself — no external IdP, no per-deploy app registration. The admin token (seeAuthConfig) remains the bootstrap / break-glass path; passkeys are the convenient day-to-day human sign-in once enrolled.
Functions§
- auth_
file_ path - The path of the token file — the JSON holding
rerun_tokens(admin/agent credentials). It is gitignored and scaffolded bycortex init; the trackedconfig.example.jsonis only a template. Defaults toconfig.jsonin the working directory, overridable viaCORTEX_AUTH_FILEso a deployment keeps its live token outside the repo (e.g./etc/cortex/config.json, root-owned) and the repo copy stays the demo/test fixture — the live secret is never checked in. - config
- Returns the process-wide, lazily-loaded configuration.
- config_
file_ path - The path of the optional
cortex.tomlconfiguration file, read and written by both the loader and the Settings write path. Overridable via theCORTEX_CONFIG_FILEenvironment variable. - to_
persisted_ toml - Serializes the non-secret configuration sections (everything except the
authsecrets) to TOML. Shared bycortex init’s config scaffold and the Settings write path so the on-disk shape is identical.