Configuration reference¶
Every environment variable the platform reads, what it controls, and
how to override it. Source of truth is
openremedy-deployment/docker/.env.example;
this page is the prosaic version.
How values reach the container¶
Operator vars in docker/.env are mostly unprefixed (e.g.
DEEPSEEK_API_KEY=…); the compose file translates them to the
OREMEDY_* form the backend's pydantic Settings expects when it
injects them into the container's environment. A few vars start
with OREMEDY_ directly in .env — those are passed through
unchanged.
Defaults are baked into the compose's ${VAR:-default} substitution.
Override only what you want to change — leaving a variable
commented-out is identical to setting it to its default.
Required (boot fails without these)¶
| Variable | Purpose | Generation |
|---|---|---|
SECRET_KEY |
JWT signing key for HTTP auth. Must be ≥ 32 bytes. | openssl rand -base64 48 |
ENCRYPTION_KEY |
AES-256-GCM key for encrypting stored SSH credentials. Exactly 64 hex chars. | openssl rand -hex 32 |
POSTGRES_PASSWORD |
Password for the openremedy Postgres role. 24+ characters recommended. |
openssl rand -base64 24 |
DOMAIN |
Public hostname Caddy serves traffic on. Used to drive Let's Encrypt cert issuance and the default CORS origin. | Set to your subdomain, e.g. app.example.com. |
If any required variable is missing the stack aborts at
docker compose up with an explicit error.
Component image tags¶
| Variable | Default | Purpose |
|---|---|---|
OREMEDY_BACKEND_TAG |
latest |
The :tag portion of ghcr.io/openremedy/openremedy-backend:…. Use a real semver tag in production (e.g. 0.1.2). |
OREMEDY_FRONTEND_TAG |
latest |
Same for the frontend image. |
OREMEDY_DOCS_TAG |
latest |
Same for the documentation site image. |
Each release of openremedy-deployment ships with a tested
combination of these tags pre-pinned in .env.example. Look at the
deployment repo's CHANGELOG
for the matrix.
Auth tuning¶
| Variable | Default | Purpose |
|---|---|---|
ACCESS_TOKEN_EXPIRE_MINUTES |
480 (8h) |
How long an access token stays valid. Refresh tokens cover longer-lived sessions. |
REFRESH_TOKEN_EXPIRE_DAYS |
30 |
How long a refresh token stays valid before requiring re-login. |
Rare to override. Lower these for environments with strict session policies (compliance, financial). Raise them only if you understand the security trade-off.
CORS¶
| Variable | Default | Purpose |
|---|---|---|
CORS_ORIGINS |
https://${DOMAIN} |
Comma-separated list of origins the API accepts cross-origin requests from. The wildcard * is rejected in production. |
Override only when the dashboard runs on a different host than the
API (e.g. you're rendering the UI from a CDN and pointing it at the
backend's app.example.com). For single-host installs the default
is correct.
Object storage (SeaweedFS)¶
| Variable | Default | Purpose |
|---|---|---|
S3_BUCKET |
openremedy |
The S3 bucket sidechain transcripts and execution outputs land in. |
S3_ACCESS_KEY |
admin |
Bucket credentials. |
S3_SECRET_KEY |
admin |
Bucket credentials. |
The bundled SeaweedFS container accepts the defaults. Override only
if you point the platform at an external S3 implementation (real
AWS, MinIO cluster, Ceph RGW). Fields read by OREMEDY_S3_ENDPOINT
internally — that's pinned to the bundled SeaweedFS at
http://seaweedfs:8333 and not exposed for override.
LLM providers¶
At least one provider key must be set or the agent pipeline cannot run.
| Variable | Default | Purpose |
|---|---|---|
DEEPSEEK_API_KEY |
(empty) | DeepSeek API key. The cheapest production-quality option; recommended default. |
DEEPSEEK_BASE_URL |
https://api.deepseek.com/v1 |
DeepSeek API endpoint. Override only if pointing at a self-hosted compatible endpoint. |
OPENAI_API_KEY |
(empty) | OpenAI API key. |
OPENAI_BASE_URL |
(empty, OpenAI's default) | Override to point at any OpenAI-compatible endpoint — local llama.cpp on http://127.0.0.1:8010/v1, vLLM on :8000/v1, etc. |
ANTHROPIC_API_KEY |
(empty) | Anthropic API key. |
KIMI_API_KEY |
(empty) | Kimi (Moonshot) API key. |
KIMI_BASE_URL |
https://api.moonshot.ai/v1 |
Kimi API endpoint. |
Multiple keys can be set simultaneously. The default provider used
by the agent pipeline is controlled by SWARM_DEFAULT_PROVIDER.
LLM tuning¶
| Variable | Default | Purpose |
|---|---|---|
LLM_ENABLED |
true |
Master switch. false disables LLM-driven classification and the agent pipeline (passive monitoring continues). |
LLM_MINI_MODEL |
deepseek-chat |
Model used for cheap classification (incident-type detection, severity). |
LLM_FULL_MODEL |
deepseek-chat |
Model used for the full agent pipeline (triage / diagnose / validate / execute / review). |
LLM_TEMPERATURE |
0.1 |
Sampling temperature. |
LLM_TOP_P |
0.95 |
Nucleus sampling. |
LLM_TOP_K |
64 |
Top-k sampling. |
LLM_MAX_TOKENS |
4096 |
Max output tokens per call. |
LLM_CONFIDENCE_THRESHOLD |
0.7 |
Floor (0..1) for accepting an LLM classification. Below this the platform escalates rather than auto-classifying. |
LLM_THINKING |
false |
Toggle reasoning/thinking mode for models that support it (Gemma, OpenAI o-series, etc.). |
Defaults work for most installs. Tune temperature lower for stricter
determinism, higher for diversity. The mini/full split lets you pair
a cheap mini model with an expensive full model — set
LLM_MINI_MODEL to a tier-1 model and LLM_FULL_MODEL to whatever
you trust for action proposals.
Swarm engine¶
| Variable | Default | Purpose |
|---|---|---|
SWARM_ENABLED |
true |
Toggle the swarm engine. false falls back to single-agent mode. |
SWARM_DEFAULT_PROVIDER |
deepseek |
Which LLM provider name (matching one of the API keys above) to use when an agent doesn't override it. |
SWARM_DEFAULT_MODEL |
deepseek-chat |
Default model name for that provider. |
SWARM_MAX_CONCURRENT_AGENTS |
10 |
Cap on agents running across the fleet at once. |
SWARM_MAX_TURNS_PER_STAGE |
25 |
Cap on tool-call turns per pipeline stage before we force a stage_complete. |
SWARM_PATROL_ENABLED |
true |
Whether agents run periodic patrols (no incident, just look around). Disable to save tokens. |
Don't lift the concurrency caps unless you've sized the host. Each agent is a separate Python coroutine doing IO + LLM round-trips.
Telemetry & version-check¶
See Privacy for the full data-collection policy.
| Variable | Default | Purpose |
|---|---|---|
OREMEDY_OFFLINE_MODE |
false |
Master kill switch. true blocks all outbound traffic to OpenRemedy infra (no metrics, no version check, no upstream calls). |
OREMEDY_TELEMETRY_DISABLED |
false |
Suppress only the metrics push. The version check still runs so the dashboard's "update available" hint works. |
OREMEDY_TELEMETRY_ENDPOINT |
https://telemetry.openremedy.io |
Where the telemetry receiver lives. Override only if running your own copy of the openremedy-telemetry receiver. |
The three-state model: OFFLINE_MODE overrides everything;
TELEMETRY_DISABLED is a softer opt-out that keeps update
notifications flowing.
SMTP¶
Without SMTP the platform still works but cannot send invitation emails or password-reset links — operators have to share invitation tokens manually.
| Variable | Default | Purpose |
|---|---|---|
SMTP_HOST |
(empty) | SMTP server hostname (e.g. smtp.resend.com). |
SMTP_PORT |
587 |
SMTP port. STARTTLS expected. |
SMTP_USERNAME |
(empty) | SMTP auth username. |
SMTP_PASSWORD |
(empty) | SMTP auth password. |
SMTP_FROM |
(empty) | The From: address used on outgoing mail (e.g. OpenRemedy <noreply@example.com>). |
If any of host / port / username / password is unset, the platform treats SMTP as disabled and returns invitation tokens directly through the dashboard for the operator to copy-paste.
Notifications¶
| Variable | Default | Purpose |
|---|---|---|
DISCORD_WEBHOOK_URL |
(empty) | Discord webhook for fleet-wide notifications (incidents created, executions resolved, escalations). Leave empty to disable. |
Observability¶
| Variable | Default | Purpose |
|---|---|---|
PHOENIX_URL |
http://phoenix:6006 |
Arize Phoenix endpoint for LLM tracing. The bundled Phoenix container exposes this internally; override only if you run an external Phoenix instance. Phoenix is internal-only — there is no Caddy block exposing it; reach it via ssh -L 6006:phoenix:6006. |
Application mode¶
| Variable | Default | Purpose |
|---|---|---|
OREMEDY_ENV |
production |
One of development or production. In production, the validator rejects * in CORS_ORIGINS and demands OREMEDY_DEBUG=false. |
OREMEDY_DEBUG |
false |
Enable verbose error pages. Never set true in production — the validator refuses to boot. |
Daemon-side variables¶
The host-side openremedy-client daemon has its own config file
at /etc/openremedy-client/config.json. See
Daemon → Configure for that reference.
See also¶
- Installation — initial setup walkthrough.
- Privacy — what each telemetry variable controls.
- Security — why the required variables are required.