Skip to main content

archon.yaml and You

archon.yaml is the lifeblood of your application, as far as Archon is concerned. It defines the fundamentals of your application's interactions with Archon services, like role-based access control, secret management, and more.

warning

Currently, when editing archon.yaml, you will need to manually restart your application to see changes. Run archon dev restart to restart your environment. This will change in a future release!

general

This section defines the basic metadata for the environment.

  • name (string, required): The name of the environment.
  • id (string, required): A unique identifier for the environment, which can be retrieved from the Archon dashboard once you have access. Set to any string in the meantime.

policy

This section defines the resource types and roles available in the environment.

note

While you can edit many of these elements from the admin panel, you should strongly prefer edits in archon.yaml as they will better survive redeployment. Use the admin panel for spot debugging if necessary.

resource-types

Defines the list of resource types available in the environment. Resource types are ways to categorize broad sets of resources, like many elements being of the type chat-message for a chat application.

They are also hierarchical. For instance, chat-message may be a subtype of chat.

note

For more info, see 6. Access Control

  • resource-type (string, required): The unique name of the resource type.
  • singleton (boolean, optional): Indicates whether only one instance of this resource type can exist.
note

This feature is usually useful for grouping objects (e.g., a  conversations object containing individual conversation objects).

  • description (string, required): A description of the resource type.
  • intents (array, required): A list of intents that can be performed on this resource type.
    • intent (string, required): The unique name of the intent (e.g., create-conversationread-conversation).
    • description (string, required): A description of the intent.
  • parent (string, optional): The parent resource type for establishing relationships between resources.

roles

Defines user roles and their associated permissions.

  • role (string, required): The unique name of the role.
  • description (string, required): A description of the role.
  • privileged (boolean, optional): Specifies if the role has elevated permissions requiring re-authentication for critical actions.
note

For instance, a role should be privileged if it allows access to an administrator panel

  • permissions (array, optional): Specifies the permissions assigned to the role.
    • resource (string, optional): The ARID (Archon Resource Identifier) of the resource to which the permission applies.
    • resource-type (string, optional): The resource type to which the permission applies.
note

Either resource or resource-type must be declared, but not both

  • user (string, optional): The UUID of a specific user for user-specific permissions.
  • intents (array, required): The list of intents covered by the permission.
note

Intents are from those declared on resource-type above

  • effect (enum, required): Whether the permission allows or denys the specified actions.
  • conditions (array, optional): Additional conditions that must be met for permission to be applied.
note

See Conditions for more information about how to write conditions

orchestrator

This section configures the runtime environment that your application runs in.

warning

Orchestrator settings do not hot-reload! After changing settings here, you will need to run archon dev restart. If this does not achieve the desired change, you will likely need to run archon dev clean and rebuild. This will change in a future version!

components

Components are parts of your application that Orchestrator will bring into your environment See Components for expanded info

At a minimum, components must have

  • component (string, required): The type of component to generate

service-accounts

Service accounts are how user-controlled components communicate with the Archon environment. They are defined as follows

  • username(string, required): The username of the service account to create
  • roles(array of strings, required): Roles that this service account can act as
note

The service account's default role will be the first in this list