# Fetch ML Configuration Schema (JSON Schema expressed as YAML) $schema: "http://json-schema.org/draft-07/schema#" title: "Fetch ML API Server Configuration" type: object additionalProperties: false required: - auth - server properties: base_path: type: string description: Base path for experiment data default: "/tmp/ml-experiments" data_dir: type: string description: Data directory (datasets/snapshots) for integrity validation default: "/data/active" auth: type: object additionalProperties: false required: - enabled properties: enabled: type: boolean description: Enable or disable authentication api_keys: type: object description: API key registry additionalProperties: type: object additionalProperties: false required: - hash properties: hash: type: string description: SHA256 hash of the API key admin: type: boolean default: false roles: type: array items: type: string permissions: type: object additionalProperties: type: boolean server: type: object additionalProperties: false required: [address] properties: address: type: string description: Listen address, e.g. ":9101" tls: type: object additionalProperties: false properties: enabled: type: boolean default: false cert_file: type: string key_file: type: string monitoring: type: object additionalProperties: false properties: prometheus: type: object additionalProperties: false properties: enabled: type: boolean port: type: integer minimum: 1 maximum: 65535 path: type: string health_checks: type: object additionalProperties: false properties: enabled: type: boolean interval: type: string database: type: object additionalProperties: false properties: type: type: string enum: [sqlite, postgres, mysql] default: sqlite connection: type: string host: type: string port: type: integer minimum: 1 maximum: 65535 username: type: string password: type: string database: type: string redis: type: object additionalProperties: false properties: url: type: string pattern: "^redis://" addr: type: string description: Optional host:port shorthand for Redis password: type: string db: type: integer minimum: 0 default: 0 queue: type: object additionalProperties: false properties: backend: type: string enum: [redis, sqlite, filesystem] default: redis sqlite_path: type: string filesystem_path: type: string fallback_to_filesystem: type: boolean default: false logging: type: object additionalProperties: false properties: level: type: string enum: [debug, info, warn, error] default: "info" file: type: string audit_log: type: string security: type: object additionalProperties: false properties: production_mode: type: boolean default: false allowed_origins: type: array items: type: string api_key_rotation_days: type: integer minimum: 0 audit_logging: type: object additionalProperties: false properties: enabled: type: boolean log_path: type: string ip_whitelist: type: array items: type: string failed_login_lockout: type: object additionalProperties: false properties: enabled: type: boolean max_attempts: type: integer minimum: 1 lockout_duration: type: string description: Duration string, e.g. "15m" rate_limit: type: object additionalProperties: false properties: enabled: type: boolean default: false requests_per_minute: type: integer minimum: 1 default: 60 burst_size: type: integer minimum: 1 resources: type: object description: Resource configuration additionalProperties: false properties: max_workers: type: integer minimum: 1 default: 1 desired_rps_per_worker: type: integer minimum: 1 requests_per_sec: type: integer minimum: 1 podman_cpus: type: string podman_memory: type: string request_burst: type: integer minimum: 0