-
-
Notifications
You must be signed in to change notification settings - Fork 6
Expand file tree
/
Copy pathconfig.yml.example
More file actions
195 lines (174 loc) · 7.65 KB
/
Copy pathconfig.yml.example
File metadata and controls
195 lines (174 loc) · 7.65 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
# EfficientAI Configuration File
# Application Settings
app:
name: "Voice AI Evaluation Platform"
version: "0.1.0"
debug: true
secret_key: "your-secret-key-here-change-in-production"
# Server Settings
server:
host: "0.0.0.0"
port: 8000
# Operational endpoints (/metrics). /health is always open for ALB/kube probes.
# Include VPC CIDRs in trusted_ips if Prometheus scrapes /metrics from inside the VPC.
operational:
public: false
trusted_ips:
- "10.0.0.0/8"
# Database Configuration
database:
url: "postgresql://efficientai:password@localhost:5432/efficientai"
# Alternative: specify individual components
# user: "efficientai"
# password: "password"
# host: "localhost"
# port: 5432
# db: "efficientai"
# Redis Configuration
redis:
url: "redis://localhost:6379/0"
# Alternative: specify individual components
# host: "localhost"
# port: 6379
# db: 0
# Celery Configuration
celery:
broker_url: "redis://localhost:6379/0"
result_backend: "redis://localhost:6379/0"
# File Storage
storage:
upload_dir: "./uploads"
max_file_size_mb: 500
blob_provider: s3 # s3 | gcs | azure — single active cloud blob backend
allowed_audio_formats:
- "wav"
- "mp3"
- "flac"
- "m4a"
# S3 Configuration (for data sources integration)
s3:
enabled: false
bucket_name: "your-s3-bucket-name"
region: "us-east-1"
access_key_id: "your-access-key-id"
secret_access_key: "your-secret-access-key"
endpoint_url: null # Optional: for S3-compatible services (e.g., MinIO, DigitalOcean Spaces)
prefix: "audio/" # Prefix for audio files in bucket
# GCS Configuration (alternative to S3 when storage.blob_provider is gcs)
gcs:
enabled: false
bucket_name: "your-gcs-bucket-name"
project_id: "your-gcp-project-id"
credentials_path: null # Optional path to service-account JSON; falls back to GOOGLE_APPLICATION_CREDENTIALS / ADC
signing_service_account_email: null # Optional override for IAM signBlob when ADC does not expose the SA email (GKE Workload Identity)
prefix: "audio/" # Prefix for audio files in bucket (same layout as S3)
# Azure Blob Storage Configuration (alternative when storage.blob_provider is azure)
azure:
enabled: false
account_name: "your-storage-account"
account_key: "your-account-key"
connection_string: null # Optional; takes precedence over account_name + account_key
container_name: "your-container"
prefix: "audio/" # Prefix for audio files in container (same layout as S3/GCS)
# Speaker Diarization (pyannote.audio)
# For accurate speaker identification in transcripts, configure pyannote.audio:
# 1. Create a HuggingFace account at https://huggingface.co
# 2. Accept model terms at https://huggingface.co/pyannote/speaker-diarization-3.1
# and https://huggingface.co/pyannote/segmentation-3.0
# 3. Generate a read-access token at https://huggingface.co/settings/tokens
diarization:
huggingface_token: null # e.g., "hf_xxxxx"
num_speakers: 2 # Force exact speaker count (2 = agent + customer). Set to null for auto-detect.
# CORS Settings
cors:
origins:
- "http://localhost:3000"
- "http://localhost:8000"
# API Settings
api:
prefix: "/api/v1"
key_header: "X-API-Key"
rate_limit_per_minute: 60
# -----------------------------------------------------------------------------
# Authentication
# -----------------------------------------------------------------------------
# EfficientAI supports three deployment models for authentication:
#
# 1. OSS self-hosted (default):
# providers: [api_key, local_password]
# -> Users sign up with email + password. API keys are minted from the
# UI or via scripts/create_api_key.py for programmatic access.
#
# 2. Enterprise self-hosted (requires an EFFICIENTAI_LICENSE with oidc_sso):
# providers: [api_key, external_oidc]
# -> Humans sign in via your existing identity provider over OIDC:
# Okta, Azure AD / Entra ID, Google Workspace, AWS Cognito, Auth0,
# Ping, JumpCloud, OneLogin, etc. Machines still use API keys.
# Drop local_password from the list to force SSO.
#
# 3. Cloud SaaS (requires oidc_sso + mfa_enforce, allow_signup: false):
# providers: [api_key, external_oidc]
# -> Signups happen through the billing flow, not the API.
#
# Providers listed here but not licensed (external_oidc) will return a 403
# with a pointer to the license feature that unlocks them.
auth:
providers:
- api_key
- local_password
# - external_oidc # requires EFFICIENTAI_LICENSE feature: oidc_sso
local_password:
# Lifetime of the Bearer tokens minted at POST /auth/login (in minutes).
# Keep this short; clients refresh silently via refresh tokens.
token_ttl_minutes: 15
refresh_token_ttl_days: 7
# Turn this off in Cloud SaaS to block self-serve signup.
allow_signup: true
# External OIDC (enterprise): bring your own IdP. Works with any
# OIDC-compliant provider. See README.md > Authentication & Deployment
# Recipes for copy-paste recipes for Okta, Azure AD, Google Workspace
# and AWS Cognito.
#
# oidc:
# issuer: "https://example.okta.com" # REQUIRED
# audience: "efficientai" # expected `aud` claim
# client_id: "0oa..." # SPA client id
# jwks_uri: "https://example.okta.com/oauth2/v1/keys" # optional, derived from issuer
# default_org_name: "Example Inc" # used when no org claim is present
# org_claim_path: ["https://efficientai.com/org"] # dotted path into the JWT to find the org name
# Judge Alignment (AlignEval-style hybrid integration).
# Lets users build LLM-as-a-judge evaluators backed by labeled data,
# measure alignment metrics (precision/recall/F1/Cohen's kappa) and
# optimize the judge prompt via the existing GEPA service.
# Per-org thresholds (min labels to evaluate / optimize) and the judge
# model selection are configured from the UI, NOT from this file -- the
# judge model dropdown is sourced from your configured AI Provider
# integrations.
judge_alignment:
enabled: true # operator-level kill switch
csv_max_rows: 5000 # safety limit for CSV uploads
# LLM gateway (optional). Routes batch/eval LiteLLM calls through a proxy
# instead of directly to providers. Supports Bifrost and self-hosted LiteLLM Proxy.
# Per-org overrides (type, URL, keys, opt-out) are configured in Integrations UI.
# llm_gateway:
# enabled: false
# type: bifrost # bifrost | litellm_proxy
# base_url: "http://localhost:8080/litellm"
# virtual_key: null # Bifrost only (x-bf-vk header)
# master_key: null # LiteLLM Proxy only (LITELLM_MASTER_KEY)
# passthrough_provider_keys: true # false = keys in gateway; AI integrations can omit api_key
# gateway_interface: litellm_shim # litellm_shim | native_openai (Bifrost only)
# Enterprise License (JWT signed with RS256). Unlocks gated features like
# oidc_sso, mfa_enforce, audit_export, voice_playground, gepa_optimization,
# call_imports.
# license:
# key: "eyJhbGciOi..."
# Flexprice usage-based billing (optional). When disabled or api_key is unset,
# no SDK calls are made and the app behaves as today. Cloud SaaS: set enabled
# true and provide FLEXPRICE_API_KEY (env var overrides api_key below).
# flexprice:
# enabled: false
# api_key: null
# api_host: "https://us.api.flexprice.io/v1"
# Env override: FLEXPRICE_ENABLED, FLEXPRICE_API_KEY, FLEXPRICE_API_HOST
# Debug: FLEXPRICE_VERBOSE=1 logs every skipped event (when inactive or verbose)