ARGUS — ArgusLabs

Configuration

Configure ARGUS via YAML files and environment variables.

Config File

ARGUS looks for argus.yaml in your project root. Every setting has a sensible default — you only need a config file to override them.

yamlargus.yaml
# Core watcher settings
watcher:
  strict: false
  investigate: true
  max_field_size: 50000

# Detection layer configuration
detection:
  statistical:
    enabled: true
    z_threshold: 2.5
  semantic:
    enabled: true
    similarity_threshold: 0.7
  behavioral:
    enabled: true
    max_loop_count: 10
  structural:
    enabled: true

# Storage
storage:
  backend: sqlite
  path: .argus/traces.db

# Security
security:
  redact_keys:
    - api_key
    - password
    - secret
    - token

Environment Variables

All config values can be set via environment variables with the ARGUS_ prefix. Environment variables override config file values.

Core
ARGUS_STRICTbool

Halt execution when a detection fires. Useful in CI/CD to fail builds on quality regressions.

Default: false

ARGUS_INVESTIGATEbool | "always"

Run forensic root cause analysis. Set to "always" to analyze even when no detections fire.

Default: true

ARGUS_MAX_FIELD_SIZEint

Maximum character length for captured state fields. Larger values give more context but use more storage.

Default: 50000

Semantic detection
ARGUS_SEMANTIC_JUDGEbool

Enable LLM-as-judge for semantic detection. Requires an API key for the judge model.

Default: false

ARGUS_JUDGE_MODELstr

Model to use for LLM-as-judge semantic evaluation.

Default: "gpt-4o"

Storage
ARGUS_STORAGE_PATHstr

Path to the SQLite database file for trace storage.

Default: ".argus/traces.db"

Precedence

Configuration values are resolved in this order (highest priority first):

  1. Constructor arguments — values passed directly to ArgusWatcher()
  2. Environment variablesARGUS_* vars
  3. Config fileargus.yaml in project root
  4. Defaults — built-in sensible defaults

Tip

Use constructor arguments for per-run overrides, environment variables for per-environment settings (dev vs prod), and the config file for project-wide defaults.

Example Config

A production-ready configuration with semantic judging enabled and sensitive keys redacted:

yamlargus.yaml
watcher:
  strict: true
  investigate: "always"
  max_field_size: 100000

detection:
  statistical:
    enabled: true
    z_threshold: 2.0
  semantic:
    enabled: true
    similarity_threshold: 0.75
    judge: true
    judge_model: "gpt-4o"
  behavioral:
    enabled: true
    max_loop_count: 5
  structural:
    enabled: true

security:
  redact_keys:
    - api_key
    - password
    - secret
    - token
    - authorization
    - x-api-key

storage:
  backend: sqlite
  path: /var/argus/traces.db

Security

Always add sensitive field names to redact_keys. ARGUS captures full state at every step — without redaction, API keys and secrets will appear in your traces.
Previous

Core Concepts

Next

Watchers