1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78# Equalify Iris deployment configuration (PRD §10.3).
#
# ${ENV_VAR} references are expanded from the process environment at startup.
# Changes require a restart in v1 (hot-reload is out of scope).
server:
port: 8080
# Public base URL of this deployment. Used to build the GitHub OAuth
# callback URL and surfaced in device-flow instructions.
base_url: http://localhost:8080
storage:
# Root directory for sessions/, tmp/, and the agents/ git checkout.
data_dir: ./data
# Path to the agent library git checkout. Modified ONLY by `git pull`
# from upstream (PRD §8.1).
agents_dir: ./agents
# Session metadata store. SQLite by default; a postgres URL is a supported
# alternative for multi-instance deployments (not implemented in v1).
database: ./data/iris.sqlite
# GitHub OAuth is the only auth mechanism (PRD §9.1). The same token opens
# PRs on /close, so `repo` scope is required.
github:
# Leave blank to use the bundled "Equalify Iris" OAuth App via the device flow
# (no per-operator app setup needed — like the GitHub CLI). Set it only to
# point at your own OAuth App. The client_id is not a secret.
client_id: ${GITHUB_CLIENT_ID}
# Only required for the WEB redirect flow (/auth/github/start + /callback). The
# device flow (CLI/Postman) needs no secret. Never commit a real secret.
client_secret: ${GITHUB_CLIENT_SECRET}
# The upstream agent library repo. Its origin is the PR target (PRD §7.13).
upstream_repo: ${IRIS_UPSTREAM_REPO}
# GitHub host base URLs. Override for GitHub Enterprise (e.g.
# https://github.example.com/api/v3 and https://github.example.com). Defaults
# to public GitHub when omitted.
api_base_url: ${GITHUB_API_BASE_URL}
oauth_base_url: ${GITHUB_OAUTH_BASE_URL}
# Optional override for who authors auto-filed agent-suggestion issues. Blank
# (default): filed as the logged-in user. Set to a service-account PAT to file
# everything under that bot account instead.
issue_token: ${IRIS_GITHUB_TOKEN}
# LLM provider abstraction (PRD §10.3). Each agent declares a capability;
# the deployment decides which provider serves it.
providers:
default: openrouter
# Per-agent overrides. Two forms:
# <agent>: <provider> # route this agent to a provider
# <agent>: { provider: ..., model: ... } # also pin a specific model
# Model resolution falls back: per-agent model -> provider per_capability ->
# provider default_model. Agent names are the file stem (e.g. table, heading,
# image_analysis for the triage agent, reader, copy_editor).
per_agent:
image_analysis: openrouter
# table: { model: anthropic/claude-opus-4.7 } # stronger model, same provider
# reader: { provider: bedrock, model: us.anthropic.claude-haiku-4-5-20251001-v1:0 }
openrouter:
api_key: ${OPENROUTER_API_KEY}
base_url: https://openrouter.ai/api/v1
default_model: anthropic/claude-opus-4.7
per_capability:
vision: anthropic/claude-opus-4.7
structured_output: anthropic/claude-opus-4.7
text: anthropic/claude-opus-4.7
bedrock:
region: us-east-2
default_model: anthropic.claude-opus-4-7-v1
per_capability:
vision: anthropic.claude-opus-4-7-v1
structured_output: anthropic.claude-opus-4-7-v1
text: anthropic.claude-opus-4-7-v1
defaults:
max_review_iterations: 3