Environment Variables
All environment variables verified at commit 4b572c2. Variables are injected via GCP Secret Manager or Cloud Run service configuration.
Common Variables (All Node.js Services)
| Variable |
Type |
Required |
Description |
NODE_ENV |
string |
Yes |
production or development |
PORT |
number |
No |
Server port (default varies by service) |
DATABASE_URL |
string |
Yes |
PostgreSQL connection string |
LOG_LEVEL |
string |
No |
debug, info, warn, error (default: info) |
SENTRY_DSN |
string |
No |
Sentry error monitoring endpoint |
OTEL_ENABLED |
boolean |
No |
Enable OpenTelemetry tracing |
Authentication Variables
| Variable |
Type |
Required |
Description |
JWT_SECRET |
string |
Yes |
JWT signing key (minimum 32 characters) |
JWT_SECRET_PREV |
string |
No |
Previous JWT key for zero-downtime rotation |
Service Communication
| Variable |
Type |
Required |
Description |
INTERNAL_SERVICE_SECRET |
string |
Yes |
Shared secret for HMAC service-to-service auth (minimum 32 characters) |
INTERNAL_AUTH_MODE |
string |
No |
enforce (production default), audit (development default) |
Event Bus
| Variable |
Type |
Required |
Description |
EVENT_BUS_TYPE |
string |
No |
Event transport backend (default: postgres) |
Redis
| Variable |
Type |
Required |
Description |
REDIS_URL |
string |
No |
Redis connection string (rate limiting, idempotency, circuit breaker) |
Service URLs (API Gateway)
The API Gateway requires URLs for each downstream service:
| Variable |
Description |
INSIGHTS_SERVICE_URL |
Insights Service base URL |
DATA_SERVICE_URL |
Unified Data Service base URL |
WORKFLOW_ENGINE_URL |
Workflow Engine base URL |
AGENT_ORCHESTRATOR_URL |
Agent Orchestrator base URL |
ML_SERVICE_URL |
ML Service base URL |
SANITIZATION_SERVICE_URL |
Sanitization Service base URL |
Frontend (Admin UI)
Build-time variables injected via Vite for API endpoint configuration. Runtime variable API_GATEWAY_URL configures the Nginx reverse proxy to route API requests to the backend.
ML Service (Python)
| Variable |
Type |
Description |
SCORING_METHOD |
string |
heuristic (default) or ml |
GCS_BUCKET |
string |
GCS bucket for ML model storage |
CORS_ORIGINS |
string |
Comma-separated allowed origins |
Webhook Secrets
Webhook signature verification uses per-type HMAC secrets configured via environment variables.
Implemented across service configurations at commit 4b572c2.