# RetrieX config hardening overlay

Scope:
- Multi-tenant and configuration hardening only.
- No retrieval logic rewrite.
- No prompt logic rewrite.
- No security/secrets cleanup in this round.

Install:
1. Backup the current project.
2. Extract this ZIP over the project root.
3. Clear Symfony cache.
4. Run:
   bin/console mto:agent:config:dump-effective --summary
   bin/console mto:agent:config:validate
5. Run the existing 1.4.2 regression tests before deployment.

New config files:
- config/retriex/runtime.yaml
- config/retriex/index.yaml
- config/retriex/vector.yaml
- config/retriex/commerce.yaml
- config/retriex/model.yaml
- config/retriex/prompt.yaml
- config/retriex/agent.yaml
- config/retriex/retrieval.yaml

New commands:
- mto:agent:config:dump-effective
- mto:agent:config:validate

Notes:
- Existing mto.* parameters remain for compatibility.
- services.yaml imports config/retriex/*.yaml explicitly in stable order.
- Retrieval constants are exposed as inventory and validation baseline, but are not dynamically changed in this round.