Configuration
Declarative configuration with atlas.config.ts for multi-datasource deployments, plugins, RLS, and actions.
Self-hosted only
Configuration files are used for self-hosted deployments. Hosted users at app.useatlas.dev can skip this — configure datasources, plugins, and settings from the admin console instead. See Workspace Settings.
Atlas can be configured via environment variables (see Environment Variables) or a declarative atlas.config.ts file. For multi-datasource setups, plugins, RLS, or actions, use the config file. For simple single-datasource deployments, env vars alone are sufficient.
File Location
The config file lives at the project root, alongside package.json:
my-atlas-project/
├── atlas.config.ts # ← here
├── package.json
├── semantic/
│ └── entities/
└── .envAtlas looks for atlas.config.ts, atlas.config.js, or atlas.config.mjs (checked in that order). If none is found, Atlas falls back to environment variables.
Run atlas validate to check your config file and semantic layer for errors — no database or API key required.
Precedence
Config loading is binary: when a config file exists, it is used exclusively. Env vars like ATLAS_DATASOURCE_URL are not merged in. When no config file exists, all configuration comes from environment variables.
- Config file found → parsed and validated via Zod. Fields omitted from the config file get Zod schema defaults (e.g.
auth: "auto",semanticLayer: "./semantic"), not env var values - No config file → all configuration comes from environment variables
- Secrets should stay in env vars — reference them via
process.envin the config file (this is user code executing at import time, not a config-loader merge)
Auth mode resolution priority: ATLAS_AUTH_MODE env var (highest) → config file auth field → auto-detection from env var presence (lowest). Setting auth: "managed" in the config file pins the auth mode without needing ATLAS_AUTH_MODE, but the env var still overrides if set. See Authentication for details.
// atlas.config.ts — secrets from env, structure in config
import { defineConfig } from "@atlas/api/lib/config";
export default defineConfig({
datasources: {
// URL from env var, structure in config
default: { url: process.env.ATLAS_DATASOURCE_URL! },
},
});When to Use Config File vs Env Vars
| Scenario | Recommended |
|---|---|
| Single datasource, simple setup | Env vars only |
| Multiple datasources | Config file |
| Custom plugins | Config file |
| RLS policies | Config file |
| Action framework overrides | Config file |
| CI/CD with secrets | Env vars for secrets, config file for structure |
defineConfig
defineConfig() is a type-safe helper that validates your config at build time (TypeScript) and at runtime (Zod). It accepts optional fields — defaults are applied when the config is loaded.
// atlas.config.ts — minimal config
import { defineConfig } from "@atlas/api/lib/config";
export default defineConfig({
datasources: {
default: { url: process.env.ATLAS_DATASOURCE_URL! },
},
// All other fields are optional with sensible defaults:
// tools: ["explore", "executeSQL"]
// auth: "auto"
// semanticLayer: "./semantic"
// maxTotalConnections: 100
});Datasources
Configure one or more datasources. Each gets its own connection pool, table whitelist, and optional semantic layer partition.
// atlas.config.ts — single Postgres datasource
export default defineConfig({
datasources: {
default: {
// Connection string from env var
url: process.env.ATLAS_DATASOURCE_URL!,
// PostgreSQL schema (omit for default search_path)
schema: "public",
// Shown in the agent system prompt
description: "Primary PostgreSQL database",
},
},
});// atlas.config.ts — multiple datasources (plugins required for non-PG/MySQL)
import { clickhousePlugin } from "@useatlas/clickhouse";
import { snowflakePlugin } from "@useatlas/snowflake";
export default defineConfig({
datasources: {
default: {
url: process.env.ATLAS_DATASOURCE_URL!,
description: "Primary PostgreSQL database",
},
warehouse: {
// Snowflake connection via plugin
url: process.env.WAREHOUSE_URL!,
description: "Snowflake data warehouse",
},
analytics: {
// ClickHouse connection via plugin
url: process.env.CLICKHOUSE_URL!,
description: "ClickHouse analytics cluster",
},
},
plugins: [
snowflakePlugin({ connectionId: "warehouse" }),
clickhousePlugin({ connectionId: "analytics" }),
],
});// atlas.config.ts — per-datasource rate limiting
export default defineConfig({
datasources: {
default: {
url: process.env.ATLAS_DATASOURCE_URL!,
// Limit queries to this datasource
rateLimit: {
queriesPerMinute: 30, // Max 30 queries/min (default: 60)
concurrency: 3, // Max 3 concurrent queries (default: 5)
},
},
},
});Datasource fields
| Field | Type | Required | Default | Description |
|---|---|---|---|---|
url | string | Yes | — | Connection string (postgresql://, mysql://, or plugin schemes) |
schema | string | No | — | PostgreSQL schema name (sets search_path). When omitted, PostgreSQL's default search_path applies (typically public). Ignored for MySQL and plugins |
description | string | No | — | Human-readable label shown in the agent system prompt |
maxConnections | number | No | — | Connection pool size for this datasource |
idleTimeoutMs | number | No | — | Idle connection timeout in milliseconds |
rateLimit | object | No | { queriesPerMinute: 60, concurrency: 5 } | Per-datasource rate limiting. queriesPerMinute caps queries per minute (default: 60). concurrency caps concurrent queries (default: 5) |
The "default" datasource is used when the agent's executeSQL tool is called without a connectionId. See Multi-Datasource Routing for a full guide on how the agent selects and queries multiple datasources.
Semantic Layer Path
Override the default semantic layer directory:
// atlas.config.ts — custom semantic layer path
export default defineConfig({
// Relative to project root (default: "./semantic")
semanticLayer: "./custom/semantic",
});Per-datasource semantic layers
Each named datasource can have its own semantic layer directory at semantic/{sourceId}/entities/. The CLI's --connection flag writes to the matching subdirectory automatically:
# Profile the "warehouse" datasource → writes to semantic/warehouse/entities/
bun run atlas -- init --connection warehousesemantic/
├── entities/ # Default datasource entities
│ └── users.yml
├── warehouse/
│ └── entities/ # "warehouse" datasource entities
│ └── inventory.yml
├── metrics/
└── glossary.ymlAtlas discovers per-source subdirectories automatically and maps entities to connections by directory name.
Auth
Set the authentication mode explicitly or let Atlas auto-detect:
// atlas.config.ts — pin auth mode
export default defineConfig({
// "auto" | "none" | "api-key" | "managed" | "byot"
auth: "managed",
});When set to "auto" (or omitted), Atlas detects the mode from environment variables. See Authentication for full setup guides.
Tools
Specify which tools the agent has access to:
// atlas.config.ts — default tool set
export default defineConfig({
// These are the defaults when omitted
tools: ["explore", "executeSQL"],
});The default tools are explore (read semantic layer files) and executeSQL (run validated SQL queries). When the action framework is enabled, action tools are also registered. See Actions below.
Plugins
Register plugins with optional per-plugin configuration:
// atlas.config.ts — plugins
import { clickhousePlugin } from "@useatlas/clickhouse";
import { snowflakePlugin } from "@useatlas/snowflake";
export default defineConfig({
plugins: [
// Each plugin binds to a named datasource
clickhousePlugin({ connectionId: "analytics" }),
snowflakePlugin({ connectionId: "warehouse" }),
],
});Every plugin must expose id, types, and version. Atlas validates these at startup and rejects plugins with missing or invalid fields.
Plugin fields
| Field | Type | Required | Description |
|---|---|---|---|
id | string | Yes | Unique identifier for the plugin. Duplicate IDs cause a startup error |
types | string[] | Yes | Non-empty array of plugin categories. Valid values: datasource, context, interaction, action, sandbox |
version | string | Yes | Semver version string (e.g. "0.0.6") |
Published plugins (e.g. @useatlas/clickhouse) set these fields internally via definePlugin(). You only need to worry about types when authoring a custom plugin. See Plugin Authoring Guide for details.
Connection Pool
Control the total number of database connections across all datasources:
// atlas.config.ts — connection pool limit
export default defineConfig({
// Max total connections across all datasource pools (default: 100)
// When exceeded, least-recently-used datasources are evicted
maxTotalConnections: 50,
});Pool Warmup & Auto-Drain
Connection pools are automatically warmed at startup and drained when consecutive errors exceed a threshold. Configure via environment variables:
| Variable | Default | Description |
|---|---|---|
ATLAS_POOL_WARMUP | 2 | Number of SELECT 1 probes per connection at startup. 0 disables warmup |
ATLAS_POOL_DRAIN_THRESHOLD | 5 | Consecutive query errors before the pool is drained and recreated |
Auto-drain has a 30-second cooldown to prevent drain storms. Manual drain is available via the admin console or POST /api/v1/admin/connections/:id/drain.
Per-Org Pool Isolation
For multi-tenant deployments, each organization can get its own isolated connection pool. This prevents noisy-neighbor issues where one org's heavy queries starve another org's connections.
export default defineConfig({
pool: {
perOrg: {
maxConnections: 5, // Max connections per org (default: 5)
idleTimeoutMs: 30000, // Idle timeout in ms (default: 30000)
maxOrgs: 50, // Max org pools before LRU eviction (default: 50)
warmupProbes: 2, // Warmup probes when pool created (default: 2)
drainThreshold: 5, // Consecutive errors before auto-drain (default: 5)
},
},
});| Field | Type | Default | Description |
|---|---|---|---|
perOrg.maxConnections | number | 5 | Max connections per pool per org |
perOrg.idleTimeoutMs | number | 30000 | Idle timeout in ms for per-org pool connections |
perOrg.maxOrgs | number | 50 | Max org pool sets before LRU eviction |
perOrg.warmupProbes | number | 2 | Warmup probes when an org pool is first created. 0 disables warmup |
perOrg.drainThreshold | number | 5 | Consecutive query errors before auto-drain of an org pool |
Per-org pooling requires multi-tenancy (Better Auth organization plugin). When not configured, all orgs share the global pool.
Query Cache
Identical queries return cached results within the TTL. Cache keys include the org ID, connection ID, and user claims for tenant isolation.
export default defineConfig({
cache: {
enabled: true, // default: true
ttl: 300_000, // 5 minutes (milliseconds)
maxSize: 1000, // max cached entries
},
});| Field | Type | Default | Description |
|---|---|---|---|
enabled | boolean | true | Enable/disable query result caching |
ttl | number | 300000 | Time-to-live in milliseconds |
maxSize | number | 1000 | Maximum cached entries (LRU eviction) |
The cache is automatically flushed on config reload. Manual flush is available via POST /api/v1/admin/cache/flush. Plugins can provide an external cache backend (e.g. Redis) via the cacheBackend field on the plugin object.
Dynamic Learning
Configure how the offline learning loop (atlas learn) promotes discovered query patterns into the semantic layer.
export default defineConfig({
learn: {
confidenceThreshold: 0.7, // default: 0.7
},
});| Field | Type | Default | Description |
|---|---|---|---|
confidenceThreshold | number | 0.7 | Minimum confidence score (0–1) for a learned pattern to be eligible for auto-promotion. Lower values promote more aggressively; higher values require stronger evidence from the audit log |
Env var equivalent:
ATLAS_LEARN_CONFIDENCE_THRESHOLD=0.7RLS (Row-Level Security)
Define RLS policies that inject WHERE clauses on every query based on user JWT claims. Each policy specifies which tables it applies to, which column to filter on, and which JWT claim provides the value.
See Row-Level Security for the full guide.
// atlas.config.ts — single RLS policy
export default defineConfig({
rls: {
enabled: true,
policies: [
{
// Filter these tables by tenant_id
tables: ["orders", "customers"],
column: "tenant_id",
// Value comes from the user's org_id JWT claim
claim: "org_id",
},
],
},
});// atlas.config.ts — different policies per table
export default defineConfig({
rls: {
enabled: true,
policies: [
// Orders filtered by org
{ tables: ["orders"], column: "tenant_id", claim: "org_id" },
// Support tickets filtered by account
{ tables: ["support_tickets"], column: "account_id", claim: "account" },
],
},
});// atlas.config.ts — apply to all tables
export default defineConfig({
rls: {
enabled: true,
policies: [
{
// Wildcard: applies to every table
tables: ["*"],
column: "tenant_id",
claim: "org_id",
},
],
},
});// atlas.config.ts — OR-combined policies (match any one policy)
export default defineConfig({
rls: {
enabled: true,
// "or" = user passes if ANY policy matches (default: "and" = ALL must match)
combineWith: "or",
policies: [
{ tables: ["orders"], column: "tenant_id", claim: "org_id" },
{ tables: ["orders"], column: "region", claim: "region" },
],
},
});RLS config fields
| Field | Type | Required | Default | Description |
|---|---|---|---|---|
enabled | boolean | No | false | Whether RLS is active. When true, policies are enforced on every query |
policies | RLSPolicy[] | Yes (when enabled) | [] | Array of RLS policies (see below) |
combineWith | "and" | "or" | No | "and" | How to combine conditions from different policies. "and" requires all policies to match. "or" requires at least one policy to match |
RLS policy fields
Each policy must specify either { column, claim } (single-condition shorthand) or { conditions } (multi-condition array), but not both.
| Field | Type | Required | Description |
|---|---|---|---|
tables | string[] | Yes | Tables this policy applies to. Use ["*"] for all tables |
column | string | Required when conditions not used | Column name to filter on (must be a valid SQL identifier) |
claim | string | Required when conditions not used | Dot-delimited JWT claim path (e.g. org_id, app_metadata.tenant) |
conditions | Array<{ column, claim }> | Required when column/claim not used | Multiple column/claim conditions — ANDed together within this policy. Each entry has the same column and claim fields described above |
Multi-condition example
Use conditions when a single policy must filter on multiple columns simultaneously. All conditions within a policy are ANDed together:
// atlas.config.ts — multi-condition RLS policy
export default defineConfig({
rls: {
enabled: true,
policies: [
{
tables: ["orders", "invoices"],
// Both conditions must match — the query gets:
// WHERE tenant_id = <org_id claim> AND region = <region claim>
conditions: [
{ column: "tenant_id", claim: "org_id" },
{ column: "region", claim: "app_metadata.region" },
],
},
],
},
});When rls.enabled is true, at least one policy must be defined. RLS is fail-closed — if the user's claims are missing, the query is blocked.
Env var shorthand (single global policy only):
ATLAS_RLS_ENABLED=true
ATLAS_RLS_COLUMN=tenant_id
ATLAS_RLS_CLAIM=org_idFor per-table policies or multi-condition policies, use the config file.
Actions
Configure the action framework with default approval modes and per-action overrides.
// atlas.config.ts — action framework
export default defineConfig({
actions: {
// Default settings for all actions
defaults: {
approval: "manual", // "auto" | "manual" | "admin-only"
timeout: 300000, // 5 min per-action timeout in ms
maxPerConversation: 10, // Max actions per conversation
},
// Per-action overrides (key = action type)
"email:send": {
approval: "admin-only",
requiredRole: "admin",
// Credentials validated at startup
credentials: {
RESEND_API_KEY: { env: "RESEND_API_KEY" },
},
},
"jira:create": {
approval: "manual",
requiredRole: "analyst",
},
},
});Action fields
| Field | Type | Description |
|---|---|---|
defaults.approval | string | Default approval mode: auto, manual, admin-only |
defaults.timeout | number | Per-action timeout in ms |
defaults.maxPerConversation | number | Max actions per conversation |
[actionType].enabled | boolean | Enable/disable this action |
[actionType].approval | string | Override approval mode for this action |
[actionType].requiredRole | string | Minimum role to approve: viewer, analyst, admin |
[actionType].timeout | number | Execution timeout in ms. Overrides defaults.timeout for this action type |
[actionType].credentials | object | Required env vars ({ VAR_NAME: { env: "VAR_NAME" } }) |
[actionType].rateLimit | number | Max executions per minute for this action type |
Scheduler
Configure recurring scheduled tasks. Requires ATLAS_SCHEDULER_ENABLED=true.
// atlas.config.ts — scheduler
export default defineConfig({
scheduler: {
// "bun" (in-process) | "webhook" (external cron) | "vercel" (Vercel Cron)
backend: "bun",
// Max concurrent task executions per tick (default: 5)
maxConcurrentTasks: 5,
// Per-task execution timeout in ms (default: 60000)
taskTimeout: 60_000,
// How often the scheduler checks for due tasks in seconds (default: 60)
tickIntervalSeconds: 60,
},
});See Scheduled Tasks for the full guide.
Sandbox
Override the default explore backend selection priority. By default, Atlas tries backends in this order: plugin > Vercel sandbox > nsjail (explicit) > sidecar > nsjail (auto-detect) > just-bash. Plugin backends always take highest priority regardless of config.
// atlas.config.ts — sidecar first, fall back to nsjail then bash
export default defineConfig({
sandbox: {
priority: ["sidecar", "nsjail", "just-bash"],
},
});// atlas.config.ts — only try nsjail, fall back to bash
export default defineConfig({
sandbox: {
priority: ["nsjail", "just-bash"],
},
});// atlas.config.ts — skip sandbox entirely (dev only)
export default defineConfig({
sandbox: {
priority: ["just-bash"],
},
});Sandbox fields
| Field | Type | Required | Description |
|---|---|---|---|
priority | string[] | No | Ordered list of backends to try. Valid values: "vercel-sandbox", "nsjail", "sidecar", "just-bash" |
Env var shorthand:
# Comma-separated backend names
ATLAS_SANDBOX_PRIORITY=sidecar,nsjail,just-bashPython Import Guard
Customize the defense-in-depth import checker for the Python execution tool. The import guard runs before the sandbox — it is not the security boundary, but catches obvious mistakes early.
// atlas.config.ts — allow requests for internal API calls (sandboxed environments)
export default defineConfig({
python: {
allowModules: ["requests", "httpx"],
},
});// atlas.config.ts — block additional modules beyond defaults
export default defineConfig({
python: {
blockedModules: ["boto3", "fabric", "paramiko"],
},
});// atlas.config.ts — allow HTTP clients, block cloud SDKs
export default defineConfig({
python: {
allowModules: ["requests"],
blockedModules: ["boto3", "google"],
},
});Module matching operates on top-level package names only (the first component before any dot). For example, to block google.cloud.storage, use "google" — not "google.cloud".
Python config fields
| Field | Type | Required | Default | Description |
|---|---|---|---|---|
blockedModules | string[] | No | [] | Additional modules to add to the default blocked list |
allowModules | string[] | No | [] | Modules to remove from the default blocked list |
Critical modules are always blocked
The following modules are always blocked regardless of blockedModules or allowModules configuration — Atlas rejects the config at startup if any appear in allowModules:
os— filesystem and environment accesssubprocess— arbitrary process executionsys— interpreter internals andsys.modulesmanipulationshutil— high-level file operations (copy, move, delete trees)
These are enforced by the PYTHON_CRITICAL_MODULES list in packages/api/src/lib/config.ts and the runtime CRITICAL_MODULES set in packages/api/src/lib/tools/python.ts. No configuration — including allowModules — can override this.
Default blocked modules
These modules are blocked by default. Use allowModules to selectively unblock non-critical ones in sandboxed environments.
| Category | Modules |
|---|---|
| OS / process | subprocess, os*, sys*, shutil*, signal, multiprocessing, threading, pty, fcntl, termios, resource, posixpath |
| Code injection | ctypes, importlib, code |
| Network | http, urllib, requests, httpx, aiohttp, webbrowser |
| Serialization / filesystem | pickle, tempfile, pathlib |
* Critical — cannot be unblocked via allowModules.
Session Timeouts
Configure automatic session invalidation policies. Both timeouts are disabled by default (value 0).
export default defineConfig({
session: {
idleTimeout: 3600, // 1 hour — invalidate sessions inactive for this long
absoluteTimeout: 86400, // 24 hours — hard limit regardless of activity
},
});Session timeout fields
| Field | Type | Required | Description |
|---|---|---|---|
idleTimeout | number | No | Seconds of inactivity before invalidation. 0 = disabled |
absoluteTimeout | number | No | Maximum session lifetime in seconds. 0 = disabled |
Env var equivalents:
ATLAS_SESSION_IDLE_TIMEOUT=3600
ATLAS_SESSION_ABSOLUTE_TIMEOUT=86400These settings can be changed at runtime via Admin > Settings without a restart.
Semantic Index
The semantic index pre-computes a summary of the semantic layer at server startup and injects it into the agent system prompt. This reduces explore tool calls by giving the agent upfront knowledge of available tables, columns, measures, and glossary terms.
export default defineConfig({
semanticIndex: {
enabled: true, // default: true
},
});Semantic index fields
| Field | Type | Required | Description |
|---|---|---|---|
enabled | boolean | No | Whether the index is active. Default: true |
Env var equivalent:
ATLAS_SEMANTIC_INDEX_ENABLED=false # Set to "false" to disableThe index automatically switches between full mode (< 20 entities, shows all columns and types) and summary mode (20+ entities, compact one-liner per table). It rebuilds when the semantic layer cache is invalidated (e.g. file changes in dev mode).
Enterprise
Gate enterprise-only features behind a license key. When disabled (default), the AGPL core is completely unaffected.
export default defineConfig({
enterprise: {
enabled: true,
licenseKey: process.env.ATLAS_ENTERPRISE_LICENSE_KEY,
},
});Enterprise fields
| Field | Type | Required | Default | Description |
|---|---|---|---|---|
enabled | boolean | No | false | Whether enterprise features are active |
licenseKey | string | No | — | License key for enterprise features |
Env var equivalents:
ATLAS_ENTERPRISE_ENABLED=true
ATLAS_ENTERPRISE_LICENSE_KEY=your-key-herePlanned enterprise features include SSO (SAML/OIDC), SCIM provisioning, PII detection, custom roles, and advanced audit capabilities. The AGPL-licensed core is fully functional without enterprise features enabled.
Residency
SaaS only. Requires enterprise features to be enabled.
Data residency configuration for routing workspaces to geographic regions with region-specific databases.
export default defineConfig({
enterprise: { enabled: true, licenseKey: process.env.ATLAS_ENTERPRISE_LICENSE_KEY },
residency: {
regions: {
"us-east": { label: "US East", databaseUrl: process.env.US_EAST_DB_URL! },
"eu-west": { label: "EU West", databaseUrl: process.env.EU_WEST_DB_URL! },
},
defaultRegion: "us-east",
},
});Residency fields
| Field | Type | Required | Default | Description |
|---|---|---|---|---|
regions | Record<string, RegionConfig> | Yes | — | Map of region identifiers to database configuration. At least one region required |
defaultRegion | string | Yes | — | Default region for new workspaces. Must be a key in the regions map |
strictRouting | boolean | No | false | When true, misrouted requests receive 421 Misdirected Request instead of a warning log. Also configurable via ATLAS_STRICT_ROUTING env var |
RegionConfig fields:
| Field | Type | Required | Default | Description |
|---|---|---|---|---|
label | string | Yes | — | Human-readable region name for the admin console |
databaseUrl | string | Yes | — | Connection string for the region's internal database |
datasourceUrl | string | No | — | Analytics datasource override for the region. When unset, uses the default datasource |
apiUrl | string | No | — | Public API endpoint for this region (e.g. https://api-eu.useatlas.dev). Used in 421 Misdirected Request responses to redirect clients to the correct region |
Full Example
// atlas.config.ts — complete example
import { defineConfig } from "@atlas/api/lib/config";
import { snowflakePlugin } from "@useatlas/snowflake";
export default defineConfig({
// Named datasources (at least "default")
datasources: {
default: {
url: process.env.ATLAS_DATASOURCE_URL!,
description: "Primary Postgres",
},
warehouse: {
url: process.env.WAREHOUSE_URL!,
schema: "analytics",
description: "Snowflake warehouse",
rateLimit: { queriesPerMinute: 20, concurrency: 2 },
},
},
// Agent tools
tools: ["explore", "executeSQL"],
// Auth mode (auto-detect from env vars)
auth: "auto",
// Semantic layer directory
semanticLayer: "./semantic",
// Connection pool cap
maxTotalConnections: 50,
// Plugins
plugins: [
snowflakePlugin({ connectionId: "warehouse" }),
],
// Row-Level Security
rls: {
enabled: true,
policies: [
{ tables: ["orders", "customers"], column: "tenant_id", claim: "org_id" },
],
},
// Action framework
actions: {
defaults: { approval: "manual" },
"email:send": {
approval: "admin-only",
credentials: {
RESEND_API_KEY: { env: "RESEND_API_KEY" },
},
},
},
// Scheduler
scheduler: {
backend: "bun",
maxConcurrentTasks: 3,
taskTimeout: 120_000,
tickIntervalSeconds: 30,
},
// Sandbox backend priority
sandbox: {
priority: ["sidecar", "nsjail", "just-bash"],
},
// Python import guard (allow HTTP clients for sandboxed internal API access)
python: {
allowModules: ["requests"],
blockedModules: ["boto3"],
},
// Semantic index (pre-computed summary in agent prompt)
semanticIndex: {
enabled: true,
},
// Dynamic learning (offline audit log analysis)
learn: {
confidenceThreshold: 0.7,
},
// Enterprise features (commercial license, /ee directory)
enterprise: {
enabled: true,
licenseKey: process.env.ATLAS_ENTERPRISE_LICENSE_KEY,
},
});All Config Options
| Field | Type | Default | Description |
|---|---|---|---|
datasources | Record<string, DatasourceConfig> | {} | Named datasource connections |
tools | string[] | ["explore", "executeSQL"] | Agent tool names to enable |
auth | "auto" | "none" | "api-key" | "managed" | "byot" | "auto" | Authentication mode |
semanticLayer | string | "./semantic" | Path to semantic layer directory (relative to project root) |
maxTotalConnections | number | 100 | Max total pool slots across all datasources |
plugins | unknown[] | — | Plugin instances to register at boot |
actions | ActionsConfig | — | Action framework configuration |
rls | RLSConfig | — | Row-Level Security policies |
scheduler | object | — | Scheduled task configuration (details) |
sandbox | object | — | Sandbox backend priority (details) |
python | object | — | Python import guard overrides (details) |
session | object | — | Session timeout configuration (details) |
cache | object | — | Query result caching (details) |
pool | object | — | Per-org connection pool isolation (details) |
semanticIndex | object | — | Semantic index configuration (details) |
learn | object | — | Dynamic learning configuration (details) |
enterprise | object | { enabled: false } | Enterprise feature gating (details) |
deployMode | "auto" | "saas" | "self-hosted" | "auto" | Deployment mode. saas enables hosted product features (enterprise-gated). auto detects from environment |
residency | object | — | Data residency region routing (enterprise-gated) |
See Also
- Environment Variables — Env-var-only configuration (used when no config file exists)
- CLI Reference —
atlas validatechecks your config file for errors - Deploy — Platform-specific deployment with config examples
- Multi-Datasource Routing — Guide for configuring multiple datasources
- Plugin Authoring Guide — Building plugins registered via the config file
- Row-Level Security — Full RLS guide for the
rlsconfig option
Last updated on