# NATS Server config — Fabric v0.3 with accounts # Hub node (NODA1). Leafnodes connect to this. listen: 0.0.0.0:4222 jetstream { store_dir: /data/jetstream max_mem: 256MB max_file: 2GB } http_port: 8222 # ── Accounts ──────────────────────────────────────────────────────────────── accounts { SYS { users: [ { user: sys, password: "$SYS_NATS_PASS" } ] } FABRIC { users: [ # Router — publishes capability queries + offload requests { user: router password: "$FABRIC_NATS_PASS" permissions: { publish: { allow: [ "node.*.capabilities.get", "node.*.llm.request", "node.*.vision.request", "node.*.stt.request", "node.*.tts.request", "_INBOX.>" ] } subscribe: { allow: ["_INBOX.>"] } } } # NCS — responds to capability queries { user: ncs password: "$FABRIC_NATS_PASS" permissions: { publish: { allow: ["_INBOX.>"] } subscribe: { allow: [ "node.*.capabilities.get", "node.*.capabilities.report" ] } } } # Node Worker — responds to inference requests { user: node_worker password: "$FABRIC_NATS_PASS" permissions: { publish: { allow: [ "_INBOX.>", "node.*.capabilities.report" ] } subscribe: { allow: [ "node.*.llm.request", "node.*.vision.request", "node.*.stt.request", "node.*.tts.request" ] } } } ] exports: [ { stream: ">" } ] } APP { users: [ # Gateway, other services { user: app password: "$APP_NATS_PASS" permissions: { publish: { allow: [">"] } subscribe: { allow: [">"] } } } ] imports: [ { stream: { account: FABRIC, subject: ">" } } ] } } system_account: SYS # ── Leafnode listener ─────────────────────────────────────────────────────── leafnodes { listen: 0.0.0.0:7422 authorization { user: leaf password: "$LEAF_NATS_PASS" account: FABRIC } }