Struct ServerConfig 

pub struct ServerConfig {

    pub host: String,
    pub port: u16,
    pub tls: bool,
    pub cluster: bool,
    pub partition_config: PartitionConfig,
    pub lanes: Vec<LaneId>,
    pub listen_addr: String,
    pub engine_config: EngineConfig,
    pub skip_library_load: bool,
    pub cors_origins: Vec<String>,
    pub api_token: Option<String>,
    pub waitpoint_hmac_secret: String,
    pub waitpoint_hmac_grace_ms: u64,
    pub max_concurrent_stream_ops: u32,
}

Server configuration, loaded from environment variables.

Fields

host: String

Valkey host. Default: "localhost".

port: u16

Valkey port. Default: 6379.

tls: bool

Enable TLS for Valkey connections.

cluster: bool

Enable Valkey cluster mode.

partition_config: PartitionConfig

Partition counts (execution/flow/budget/quota).

lanes: Vec<LaneId>

Lanes to manage. Default: ["default"].

listen_addr: String

Listen address for the API surface. Default: "0.0.0.0:9090".

engine_config: EngineConfig

Scanner intervals and engine config.

skip_library_load: bool

Skip library loading (for tests where TestCluster already loaded it).

cors_origins: Vec<String>

Allowed CORS origins. ["*"] means permissive (all origins).

api_token: Option<String>

Shared-secret API token. If set, all requests except GET /healthz must include Authorization: Bearer <token>. If unset, auth is disabled.

waitpoint_hmac_secret: String

Hex-encoded secret used to sign waitpoint HMAC tokens (RFC-004 §Waitpoint Security). Required on boot; the server refuses to start without it so multi-tenant signal authentication is never silently disabled. Recommended length: 64 hex chars (32 bytes).

waitpoint_hmac_grace_ms: u64

Grace window during which tokens signed by the previous kid remain accepted after rotation. Tokens already in flight survive operator rotation; operators tighten this for sensitive tenants. Default 24h.

max_concurrent_stream_ops: u32

Maximum concurrent stream-op callers (read_attempt_stream + tail_attempt_stream combined). Each caller holds one semaphore permit for the duration of its Valkey round-trip(s); contention surfaces as HTTP 429 at the REST boundary.

Shared bound for both read and tail because both run on the same dedicated tail_client (see Server.tail_client) — a big 10_000-frame XRANGE reply can head-of-line the mux just as badly as a long XREAD BLOCK, so they should share fairness accounting.

Default 64. Set below the server’s request-concurrency budget so stream ops cannot starve other routes. Env var: FF_MAX_CONCURRENT_STREAM_OPS (preferred) or legacy FF_MAX_CONCURRENT_TAIL (accepted during the R4 rename; both valid for at least one release).

Implementations

impl ServerConfig

pub fn from_env() -> Result<Self, ConfigError>

Load configuration from environment variables.

The table below enumerates every variable this function reads. It is the canonical rustdoc mirror of the identical table in the top-level README.md. docs/DEPLOYMENT.md references these names.

Maintenance contract: every env var key this function consumes — whether via a direct std::env::var(...) call or through the env_or / env_bool / env_u16 / env_u16_positive / env_u64 / env_u32_positive helpers — MUST have a row here. When you add, rename, or remove an env var, update this table in the same commit. There is no compile-time check — reviewers enforce it. Legacy aliases accepted during a rename window (e.g. FF_MAX_CONCURRENT_TAIL) should be listed alongside their preferred name.

Variable	Default	Description
FF_WAITPOINT_HMAC_SECRET	required	Hex-encoded HMAC signing secret for waitpoint tokens (RFC-004 §Waitpoint Security). Even-length hex; 64 chars (32 bytes) recommended. Boot fails without it.
FF_HOST	localhost	Valkey host
FF_PORT	6379	Valkey port
FF_TLS	false	Enable TLS for Valkey (1 or true)
FF_CLUSTER	false	Enable Valkey cluster mode (1 or true)
FF_LISTEN_ADDR	0.0.0.0:9090	API listen address
FF_LANES	default	Comma-separated lane names; at least one non-empty lane required
FF_FLOW_PARTITIONS	256	Flow partition count — authoritative; under RFC-011 hash-tag co-location, exec keys also route here
FF_BUDGET_PARTITIONS	32	Budget partition count
FF_QUOTA_PARTITIONS	32	Quota partition count
FF_CORS_ORIGINS	*	Comma-separated CORS origins (* = permissive). Empty string is rejected; unset the var to get the default.
FF_API_TOKEN	(none)	Shared-secret Bearer token. If set, all non-/healthz requests require it.
FF_WAITPOINT_HMAC_GRACE_MS	86400000	Grace window (ms) during which tokens signed by the previous kid remain accepted after rotation. Default 24h.
FF_MAX_CONCURRENT_STREAM_OPS	64	Shared semaphore bound for read_attempt_stream + tail_attempt_stream. Legacy FF_MAX_CONCURRENT_TAIL is accepted as a fallback; if both are set, the new name wins.
FF_MAX_CONCURRENT_TAIL	(legacy)	Deprecated alias for FF_MAX_CONCURRENT_STREAM_OPS; accepted during the R4 rename window.
FF_LEASE_EXPIRY_INTERVAL_MS	1500	Lease-expiry scanner interval
FF_DELAYED_PROMOTER_INTERVAL_MS	750	Delayed-promoter scanner interval
FF_INDEX_RECONCILER_INTERVAL_S	45	Index reconciler interval
FF_ATTEMPT_TIMEOUT_INTERVAL_S	2	Attempt-timeout scanner interval
FF_SUSPENSION_TIMEOUT_INTERVAL_S	2	Suspension-timeout scanner interval
FF_PENDING_WP_EXPIRY_INTERVAL_S	5	Pending-waitpoint expiry scanner interval
FF_RETENTION_TRIMMER_INTERVAL_S	60	Retention-trimmer scanner interval
FF_BUDGET_RESET_INTERVAL_S	15	Budget-reset scanner interval
FF_BUDGET_RECONCILER_INTERVAL_S	30	Budget reconciler interval
FF_QUOTA_RECONCILER_INTERVAL_S	30	Quota reconciler interval
FF_UNBLOCK_INTERVAL_S	5	Unblock scanner interval
FF_DEPENDENCY_RECONCILER_INTERVAL_S	15	DAG dependency reconciler interval (safety net behind push-based promotion)
FF_FLOW_PROJECTOR_INTERVAL_S	15	Flow projector scanner interval
FF_EXECUTION_DEADLINE_INTERVAL_S	5	Execution-deadline scanner interval
FF_CANCEL_RECONCILER_INTERVAL_S	15	Cancel reconciler scanner interval

Trait Implementations

impl Default for ServerConfig

fn default() -> Self

Returns the “default value” for a type.