Instance Configuration

The applad.yaml file lives at your project root and defines instance-wide settings. It’s the entry point for Applad’s configuration tree.

Basic Structure

version: "1.0"
name: "my-applad-instance"
description: "My Applad instance"

instance:
  url: "https://api.myapp.com"
  region: "us-east-1"
  secret: ${APPLAD_SECRET}

version

string

required

Configuration schema version. Currently "1.0"

name

string

required

Human-readable name for your Applad instance

description

string

Optional description of what this instance is for

Instance Settings

The instance block defines core instance configuration:

instance.url

string

required

Base URL where your instance will be accessible

instance.region

string

Default cloud region for resources (e.g., "us-east-1", "eu-west-1")

instance.secret

string

required

Secret key for signing tokens and encrypting data. Use ${APPLAD_SECRET} and generate with:

openssl rand -hex 32

Feature Flags

Enable or disable instance-wide features:

instance:
  features:
    ui: true
    api: true
    graphql: true
    realtime: true
    storage: true
    functions: true
    deployments: true
    workflows: true
    flags: true
    analytics: true
    instruct: true
    messaging: true

Available Features

features.ui

boolean

default:"true"

Enable the admin UI dashboard

features.api

boolean

default:"true"

Enable REST API generation

features.graphql

boolean

default:"true"

Enable GraphQL API generation

features.realtime

boolean

default:"true"

Enable real-time subscriptions

features.storage

boolean

default:"true"

Enable file storage system

features.functions

boolean

default:"true"

Enable serverless functions

features.deployments

boolean

default:"true"

Enable deployment pipelines

features.workflows

boolean

default:"true"

Enable workflow orchestration

features.flags

boolean

default:"true"

Enable feature flags

features.analytics

boolean

default:"true"

Enable analytics collection

features.instruct

boolean

default:"true"

Enable Applad Instruct (AI assistant)

features.messaging

boolean

default:"true"

Enable messaging system

AI Configuration

Powers Applad Instruct. API keys are stored encrypted in the admin database, never in config files.

ai:
  enabled: true
  provider: "anthropic"
  model: "claude-sonnet-4-6"

  features:
    scaffolding: true
    debugging: true
    monitoring: true
    migrations: true
    infrastructure: true
    security: true
    dry_run: true

ai.enabled

boolean

default:"true"

Enable AI-powered features

ai.provider

string

default:"anthropic"

AI provider: "anthropic", "openai", or others

ai.model

string

Model identifier (e.g., "claude-sonnet-4-6", "gpt-4")

AI features include scaffolding, debugging, monitoring, migrations, infrastructure management, security auditing, and dry-run mode for safe testing.

Observability

Instance-level logging, tracing, and export configuration:

observability:
  logging:
    level: "info"
    structured: true
    include_request_body: false
    scrub_secrets: true

  tracing:
    enabled: true
    sampling_rate: 0.1

  export:
    - type: "otlp"
      enabled: false
      endpoint: ${OTEL_ENDPOINT}

    - type: "grafana"
      enabled: false
      url: ${GRAFANA_URL}
      api_key: ${GRAFANA_API_KEY}

Logging Configuration

observability.logging.level

string

default:"info"

Log level: "debug", "info", "warn", "error"

observability.logging.structured

boolean

default:"true"

Output logs in structured JSON format

observability.logging.include_request_body

boolean

default:"false"

Include request bodies in logs (can expose sensitive data)

observability.logging.scrub_secrets

boolean

default:"true"

Automatically redact secret values from logs

Tracing Configuration

observability.tracing.enabled

boolean

default:"true"

Enable distributed tracing

observability.tracing.sampling_rate

number

default:"0.1"

Percentage of requests to trace (0.0 - 1.0)

Security

Instance-level security settings:

security:
  ssh:
    password_auth: false
    key_rotation_reminder_days: 90
    session_timeout: 300

  audit:
    enabled: true
    sign_entries: true
    retain_for: "7y"

  scan:
    containers: true
    dependencies: true
    block_on_critical: true

SSH Security

security.ssh.password_auth

boolean

default:"false"

Allow password authentication (disabled by default)

security.ssh.key_rotation_reminder_days

integer

default:"90"

Days before showing key rotation reminder

security.ssh.session_timeout

integer

default:"300"

SSH session timeout in seconds

Audit Configuration

security.audit.enabled

boolean

default:"true"

Enable audit logging

security.audit.sign_entries

boolean

default:"true"

Cryptographically sign audit log entries

security.audit.retain_for

string

default:"7y"

Audit log retention period (e.g., "7y", "90d")

Security Scanning

security.scan.containers

boolean

default:"true"

Scan container images for vulnerabilities

security.scan.dependencies

boolean

default:"true"

Scan dependencies for known vulnerabilities

security.scan.block_on_critical

boolean

default:"true"

Block deployments with critical vulnerabilities

Environment Variable Generation

Controls .env.example auto-generation behavior:

env:
  generate:
    auto: true
    annotate: true
    classify_secrets: true
    gitignore: true

  validate_on_startup: true
  validate_on_push: true

env.generate.auto

boolean

default:"true"

Automatically regenerate .env.example on config changes

env.generate.annotate

boolean

default:"true"

Add helpful comments explaining each variable

env.generate.classify_secrets

boolean

default:"true"

Mark sensitive variables with [SECRET] annotation

env.generate.gitignore

boolean

default:"true"

Automatically add .env to .gitignore

env.validate_on_startup

boolean

default:"true"

Validate environment variables before starting instance

env.validate_on_push

boolean

default:"true"

Validate environment variables in CI/CD pipelines

Complete Example

version: "1.0"
name: "my-applad-instance"
description: "Production Applad instance"

instance:
  url: "https://api.myapp.com"
  region: "us-east-1"
  secret: ${APPLAD_SECRET}

  features:
    ui: true
    api: true
    graphql: true
    realtime: true
    storage: true
    functions: true
    deployments: true
    workflows: true
    flags: true
    analytics: true
    instruct: true
    messaging: true

ai:
  enabled: true
  provider: "anthropic"
  model: "claude-sonnet-4-6"

  features:
    scaffolding: true
    debugging: true
    monitoring: true
    migrations: true
    infrastructure: true
    security: true
    dry_run: true

observability:
  logging:
    level: "info"
    structured: true
    include_request_body: false
    scrub_secrets: true

  tracing:
    enabled: true
    sampling_rate: 0.1

  export:
    - type: "otlp"
      enabled: false
      endpoint: ${OTEL_ENDPOINT}

security:
  ssh:
    password_auth: false
    key_rotation_reminder_days: 90
    session_timeout: 300

  audit:
    enabled: true
    sign_entries: true
    retain_for: "7y"

  scan:
    containers: true
    dependencies: true
    block_on_critical: true

env:
  generate:
    auto: true
    annotate: true
    classify_secrets: true
    gitignore: true

  validate_on_startup: true
  validate_on_push: true

Next Steps

Organizations

Set up organizations with roles and permissions

Getting Started

Core Concepts

Configuration

Guides

Deployment

Instance Configuration

Basic Structure

Instance Settings

Feature Flags

AI Configuration

Observability

Security

Environment Variable Generation

Complete Example

Next Steps

Organizations

Build docs developers (and LLMs) love

Getting Started

Core Concepts

Configuration

Guides

Deployment

​Basic Structure

​Instance Settings

​Feature Flags

​AI Configuration

​Observability

​Security

​Environment Variable Generation

​Complete Example

​Next Steps

Organizations

Build docs developers (and LLMs) love

Basic Structure

Instance Settings

Feature Flags

AI Configuration

Observability

Security

Environment Variable Generation

Complete Example

Next Steps