Gateway Configuration
The gateway is configured entirely through rivano.yaml. This page documents every field in the gateway: section and how they interact.
Full example
gateway:
port: 8080
providers:
openai:
apiKey: "${OPENAI_API_KEY}"
isPrimary: true
anthropic:
apiKey: "${ANTHROPIC_API_KEY}"
baseUrl: "https://api.anthropic.com"
isFallback: true
ollama:
baseUrl: "http://localhost:11434"
middleware:
pii: true
injection: true
audit: stdout
cache: false
rateLimit: 60
cloud:
apiKey: "${RIVANO_API_KEY}"
baseUrl: "https://api.rivano.ai"Environment variable references in the format ${VAR_NAME} are expanded at startup from the process environment.
Top-level fields
| Field | Type | Default | Description |
|---|---|---|---|
port | number | 8080 | Port the gateway listens on |
providers | ProviderMap | Required | Map of provider keys to provider config |
middleware | MiddlewareConfig | See below | Middleware toggles and settings |
cloud | CloudConfig | Optional | Control plane sync settings |
ProviderConfig
Each key under providers: is a provider name (e.g. openai, anthropic). The value is a ProviderConfig:
| Field | Type | Required | Description |
|---|---|---|---|
apiKey | string | Yes (except Ollama) | Provider API key |
baseUrl | string | No | Override the default provider URL |
isPrimary | boolean | No | Route requests here when no provider hint is given |
isFallback | boolean | No | Route here if the primary provider fails |
timeoutMs | number | No | Per-request timeout (default: 30000) |
⚠
Only one provider should have isPrimary: true. If no provider is marked primary, the gateway uses the first configured provider as the default.
MiddlewareConfig
| Field | Type | Default | Description |
|---|---|---|---|
pii | boolean | true | Enable PII detection |
injection | boolean | true | Enable prompt injection scoring. Requests scoring ≥ 0.7 trigger the block-injection policy if enabled |
audit | 'stdout' | 'file' | 'off' | 'stdout' | Where to write the audit log |
cache | boolean | false | Cache identical requests/responses |
rateLimit | number | 60 | Maximum requests per minute per IP |
Audit modes
| Mode | Behavior |
|---|---|
stdout | Writes JSON audit entries to standard output — suitable for log aggregation |
file | Writes to ./rivano-audit.log in the gateway’s working directory |
off | No audit log — use only in development |
CloudConfig
The cloud: section connects the gateway to the Rivano control plane:
| Field | Type | Required | Description |
|---|---|---|---|
apiKey | string | Yes | Your Rivano API key (rv_...) |
baseUrl | string | No | Control plane URL (default: https://api.rivano.ai) |
When cloud: is present, the gateway:
- Pulls the latest policy set from the control plane on startup and every 60 seconds
- Forwards trace metadata (not content) to the control plane for dashboard visibility
- Receives policy updates pushed from the dashboard in near-real-time
Validate configuration
Check your rivano.yaml for errors without starting the gateway:
rivano-gateway validate
# ✔ rivano.yaml is valid
rivano-gateway validate --file ./config/rivano.prod.yamlRelated
- Gateway Overview — When to use the gateway
- Gateway Middleware — Middleware pipeline details
- Gateway Providers — Provider routing logic
- CLI Deploy — The agents section of rivano.yaml