Configuration Reference

Configuration File
#

Default: ~/.tantoc2/config.yaml

Override: TANTOC2_CONFIG=/path/to/config.yaml

Fields
#

Server
#

Field	Type	Default	Env Var	Description
`host`	str	`0.0.0.0`	`TANTOC2_HOST`	Bind address
`port`	int	`8443`	`TANTOC2_PORT`	API server port
`data_dir`	str	`./data`	`TANTOC2_DATA_DIR`	Root data directory
`log_level`	str	`INFO`	`TANTOC2_LOG_LEVEL`	DEBUG, INFO, WARNING, ERROR
`default_engagement_dir`	str	`engagements`	`TANTOC2_DEFAULT_ENGAGEMENT_DIR`	Subdirectory for engagement DBs

TLS
#

Field	Type	Default	Env Var	Description
`tls_enabled`	bool	`false`	`TANTOC2_TLS_ENABLED`	Enable TLS
`tls_cert_file`	str\|None	—	`TANTOC2_TLS_CERT_FILE`	PEM certificate path (optional)
`tls_key_file`	str\|None	—	`TANTOC2_TLS_KEY_FILE`	PEM private key path (optional)

Background Services
#

Field	Type	Default	Env Var	Description
`bg_dead_agent_interval`	int	`60`	`TANTOC2_BG_DEAD_AGENT_INTERVAL`	Dead agent scan interval (s)
`bg_stale_task_interval`	int	`300`	`TANTOC2_BG_STALE_TASK_INTERVAL`	Stale task cleanup interval (s)
`bg_key_rotation_interval`	int	`300`	`TANTOC2_BG_KEY_ROTATION_INTERVAL`	Key rotation check interval (s)
`bg_plugin_watcher_interval`	int	`30`	`TANTOC2_BG_PLUGIN_WATCHER_INTERVAL`	Plugin inbox scan interval (s)

Session Key Rotation
#

Field	Type	Default	Env Var	Description
`key_rotation_enabled`	bool	`false`	`TANTOC2_KEY_ROTATION_ENABLED`	Enable auto key rotation
`key_rotation_session_ttl`	int	`3600`	`TANTOC2_KEY_ROTATION_SESSION_TTL`	Max session key age (s)

Task Management
#

Field	Type	Default	Env Var	Description
`task_pending_ttl`	int	`3600`	`TANTOC2_TASK_PENDING_TTL`	Pending task TTL (s)
`task_sent_ttl`	int	`7200`	`TANTOC2_TASK_SENT_TTL`	Sent task TTL (s)
`task_archival_age`	int	`86400`	`TANTOC2_TASK_ARCHIVAL_AGE`	Auto-archive threshold (s)

Plugins
#

Field	Type	Default	Env Var	Description
`plugin_inbox_dir`	str	`""`	`TANTOC2_PLUGIN_INBOX_DIR`	Directory for plugin inbox (auto-routing `.py` and `.whl` files)

Security
#

Field	Type	Default	Env Var	Description
`log_redaction_enabled`	bool	`true`	`TANTOC2_LOG_REDACTION_ENABLED`	Redact sensitive log values
`clock_drift_tolerance`	int	`300`	`TANTOC2_CLOCK_DRIFT_TOLERANCE`	Acceptable clock drift (s)

Precedence
#

CLI arguments (highest)
Environment variables (TANTOC2_ prefix)
Config file (~/.tantoc2/config.yaml)
Built-in defaults (lowest)

Full Example
#

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
# ~/.tantoc2/config.yaml
host: 0.0.0.0
port: 8443
data_dir: /opt/tantoc2/data
log_level: INFO

tls_enabled: true
tls_cert_file: /opt/tantoc2/certs/server.crt
tls_key_file: /opt/tantoc2/certs/server.key

bg_dead_agent_interval: 60
bg_stale_task_interval: 300
bg_key_rotation_interval: 300

key_rotation_enabled: true
key_rotation_session_ttl: 3600

task_pending_ttl: 3600
task_sent_ttl: 7200

log_redaction_enabled: true
task_archival_age: 86400
clock_drift_tolerance: 300

bg_plugin_watcher_interval: 30
plugin_inbox_dir: /opt/tantoc2/plugin_inbox

Configuration File#

Fields#

Server#

TLS#

Background Services#

Session Key Rotation#

Task Management#

Plugins#

Security#

Precedence#

Full Example#

Configuration File
#

Fields
#

Server
#

TLS
#

Background Services
#

Session Key Rotation
#

Task Management
#

Plugins
#

Security
#

Precedence
#

Full Example
#