Environment config
HorizonConfig — env-aware operational settings with .env stacking. State directories, metrics port, log level, tracer exporter, retention policy.
Operational knobs — where the audit DB lives, which port Prometheus listens on, where OTel ships traces — belong in config, not in code. HorizonConfig centralizes them with a predictable precedence chain and per-environment overlay files.
Credentials do not live here. Use Secrets for broker keys, signing material, and any value that must rotate independently of config.
Import
from horizon.config import HorizonConfig, ENV_DEV, ENV_STAGING, ENV_PROD
Defaults (no config file needed)
cfg = HorizonConfig()
print(cfg.state_dir) # ./state
print(cfg.audit_db_path) # ./state/audit.db
print(cfg.metrics_port) # 9100
print(cfg.retention_years) # 5
All fields default sensibly. Tier 1–3 never constructs a config.
Precedence
Highest wins:
- Explicit kwargs passed to
HorizonConfig(...)orHorizonConfig.load(...). - Process environment (
HORIZON_STATE_DIR,HORIZON_METRICS_PORT, …). <config_dir>/<env>.env(e.g./etc/horizon/prod.env).<config_dir>/base.env(shared defaults).- Field defaults on the class.
cfg = HorizonConfig.load(
env="prod", # or env var HORIZON_ENV
config_dir="/etc/horizon", # or env var HORIZON_CONFIG_DIR
metrics_port=9200, # explicit override (wins over all)
)
.env file stacking
/etc/horizon/base.env
HORIZON_STATE_DIR=/var/lib/horizon
HORIZON_METRICS_PORT=9100
HORIZON_LOG_LEVEL=INFO
/etc/horizon/dev.env
HORIZON_LOG_LEVEL=DEBUG
/etc/horizon/prod.env
HORIZON_RETENTION_YEARS=7
HORIZON_TRACER_EXPORTER=otlp
HORIZON_OTLP_ENDPOINT=https://otlp.internal:4317
HorizonConfig.load(env="prod") merges base.env then prod.env, then overlays process env, then explicit kwargs.
Quoted values are unwrapped: HORIZON_STATE_DIR="/var/lib/horizon" and HORIZON_STATE_DIR=/var/lib/horizon behave identically. Comments start with #.
Fields
| Field | Env var | Default | Notes |
|---|---|---|---|
env | HORIZON_ENV | "dev" | Selects the overlay file. |
state_dir | HORIZON_STATE_DIR | ./state | Base for every derived path. |
audit_db_path | HORIZON_AUDIT_DB_PATH | <state_dir>/audit.db | SQLite WORM audit sink. |
dlq_db_path | HORIZON_DLQ_DB_PATH | <state_dir>/dlq.db | Failed-submit DLQ. |
archive_db_path | HORIZON_ARCHIVE_DB_PATH | <state_dir>/audit_archive.db | Retention cold store. |
destruction_log_path | HORIZON_DESTRUCTION_LOG_PATH | <state_dir>/destruction.jsonl | Retention destruction receipts. |
preclearance_db_path | HORIZON_PRECLEARANCE_DB_PATH | <state_dir>/preclearance.db | Pre-clearance queue. |
log_level | HORIZON_LOG_LEVEL | "INFO" | DEBUG / INFO / WARNING / ERROR. |
metrics_host | HORIZON_METRICS_HOST | "0.0.0.0" | Prometheus bind address. |
metrics_port | HORIZON_METRICS_PORT | 9100 | Prometheus port. |
tracer_exporter | HORIZON_TRACER_EXPORTER | "console" | "otlp" / "console" / "none". |
otlp_endpoint | HORIZON_OTLP_ENDPOINT | None | OTLP-over-gRPC endpoint. |
retention_years | HORIZON_RETENTION_YEARS | 5 | SEC 204-2 baseline. |
live_poll_interval_s | HORIZON_LIVE_POLL_INTERVAL_S | 0.05 | Live-loop tick cadence. |
idle_timeout_s | HORIZON_IDLE_TIMEOUT_S | None | Seconds of feed idle before LiveWatchdog fires. |
Wiring into hz.run()
cfg = HorizonConfig.load(env="prod")
hz.run(
mode="live",
feed=...,
venues={...},
# Point each concrete module at the configured path:
audit_log=AuditLog(sink=SQLiteSink(cfg.audit_db_path)),
...
)
The run loop does not consume HorizonConfig directly — it is a thin layer you opt into in deployment scripts. Each module (audit, DLQ, metrics, retention) takes explicit paths, so nothing in the hot path reads the environment on its own.
Serialisation
cfg.to_dict()
# {'env': 'prod', 'state_dir': '/var/lib/horizon', 'audit_db_path': '...', ...}
Useful for structured log context on startup or for a /healthz endpoint that echoes the effective config.
Out of scope
- Secrets. Broker API keys, signing material, TLS certs. Use Secrets.
- Per-account risk limits. Those live on
RiskConfig/IPS. - Feature flags. The SDK does not ship a flag system; toggle via construction.
Related
- Deployment — Dockerfile, systemd, env files per environment.
- Secrets.
- Retention policy — reads
retention_years.