Source:
docs/manual/config-env.mdThis page is generated by
site/scripts/sync-manual-docs.mjs.
Configuration and Environment
All Cruvero configuration is via environment variables with a CRUVERO_* prefix. There are no configuration files. Variables are loaded at startup by internal/config/config.go and can be set in .env files for local development.
This reference is organized by subsystem. For phase-specific rollout guides, see the sections below the core reference.
Source: internal/config/config.go, .env.example, charts/cruvero/values.yaml, cmd/ui/main.go, internal/auth/provider.go
Core Environment Variables
Temporal
CRUVERO_TEMPORAL_ADDRESS(defaulttemporal-grpc.dev.gchinfo.com:443)CRUVERO_TEMPORAL_NAMESPACE(defaultdefault)CRUVERO_TEMPORAL_TLS(autoorfalse)
Database
CRUVERO_POSTGRES_URLCRUVERO_DRAGONFLY_ADDRCRUVERO_DRAGONFLY_POOL_SIZE(default50)CRUVERO_DRAGONFLY_MIN_IDLE_CONNS(default5)CRUVERO_DRAGONFLY_DIAL_TIMEOUT(default5s)CRUVERO_DRAGONFLY_READ_TIMEOUT(default3s)CRUVERO_DRAGONFLY_WRITE_TIMEOUT(default3s)CRUVERO_DB_MAX_OPEN_CONNS(default25)CRUVERO_DB_MAX_IDLE_CONNS(default10)CRUVERO_DB_CONN_MAX_LIFETIME(default5m)CRUVERO_DB_CONN_MAX_IDLE_TIME(default1m)
Events and NATS
CRUVERO_EVENTS_BACKEND(nats,log, ornone; defaultnats)CRUVERO_EVENTS_SUBJECT_PREFIX(defaultcruvero)CRUVERO_EVENTS_TENANT_ISOLATION(defaultfalse; recommendtruefor noisy multi-tenant production environments)CRUVERO_NATS_URL(defaultnats://localhost:4222)CRUVERO_NATS_CLUSTER_ID(defaultcruvero)CRUVERO_NATS_CREDS_FILE(optional)CRUVERO_NATS_TLS(autoorfalse; defaultauto)CRUVERO_NATS_CONNECT_TIMEOUT(default5s)CRUVERO_NATS_RECONNECT_WAIT(default2s)CRUVERO_NATS_MAX_RECONNECTS(default-1; infinite reconnect)CRUVERO_NATS_STREAM_REPLICAS(default1; use3for HA production clusters)CRUVERO_NATS_SUBSCRIBER_BUFFER(default256)CRUVERO_NATS_CIRCUIT_ENABLED(defaulttrue)CRUVERO_NATS_CIRCUIT_FAILURE_THRESHOLD(default8)CRUVERO_NATS_CIRCUIT_COOLDOWN(default5s)CRUVERO_NATS_CONSUMER_MAX_DELIVER(default5; dead-letter cutoff for JetStream consumers)
LLM Providers
CRUVERO_LLM_PROVIDER(openrouter,azure,openai, orgoogle)CRUVERO_LLM_TIMEOUT(default60s)CRUVERO_LLM_FAILOVER_CHAIN(comma-separated provider order, e.g.openrouter,google,openai,azure)CRUVERO_LLM_FAILOVER_THRESHOLD(default3)CRUVERO_LLM_FAILOVER_RECOVERY_INTERVAL(default5m)CRUVERO_LLM_FAILOVER_LATENCY_THRESHOLD(default0s, disabled)CRUVERO_OPENROUTER_API_KEYCRUVERO_OPENROUTER_MODELCRUVERO_AZURE_OPENAI_ENDPOINTCRUVERO_AZURE_OPENAI_API_KEYCRUVERO_AZURE_OPENAI_API_VERSIONCRUVERO_AZURE_OPENAI_DEPLOYMENTCRUVERO_OPENAI_CHAT_API_KEYCRUVERO_OPENAI_API_KEY(non-chat OpenAI key; also used by embedding provider flows)CRUVERO_OPENAI_CHAT_MODEL(defaultgpt-4.1)CRUVERO_OPENAI_CHAT_BASE_URL(defaulthttps://api.openai.com/v1)CRUVERO_OPENAI_EMBEDDING_BASE_URL(optional override for embedding endpoint base URL)CRUVERO_ANTHROPIC_API_KEYCRUVERO_ANTHROPIC_MODELCRUVERO_ANTHROPIC_VERSIONCRUVERO_ANTHROPIC_MAX_TOKENSCRUVERO_GOOGLE_API_KEY(used by embeddings and direct Gemini chat provider)CRUVERO_GOOGLE_MODEL(defaultgemini-2.5-flash)CRUVERO_GOOGLE_BASE_URL(defaulthttps://generativelanguage.googleapis.com/v1beta)CRUVERO_GOOGLE_PROJECT_ID(optional, for provider-specific project scoping)CRUVERO_GOOGLE_LOCATION(optional, for provider-specific location scoping)CRUVERO_GOOGLE_MAX_TOKENS(default8192)CRUVERO_OLLAMA_BASE_URL(optional local/provider-compatible endpoint for Ollama-backed setups)CRUVERO_AZURE_PRICING_JSON(optional, formodels-refresh --source azure)CRUVERO_AZURE_CONTEXT_JSON(optional, formodels-refresh --source azure)
Agent Runtime
CRUVERO_METACOGNITIVE_ENABLED(defaultfalse)CRUVERO_METACOGNITIVE_CHECK_INTERVAL(default3)CRUVERO_METACOGNITIVE_MAX_REPETITION(default3)CRUVERO_METACOGNITIVE_ESCALATION_MODEL(optional escalation model id)CRUVERO_TEMPORAL_REASONING_ENABLED(defaultfalse)CRUVERO_DEFAULT_FAST_MODEL(optional fast model id for deadline pressure)CRUVERO_DEADLINE_ACTION(escalateorhalt; defaultescalate)CRUVERO_PROVENANCE_ENABLED(defaultfalse; enable execution provenance DAG persistence/query)CRUVERO_PROMPT_QUALITY_ENABLED(defaulttrue; enable low-context LLM prompt quality scoring)CRUVERO_PROMPT_QUALITY_TIMEOUT(default2s; timeout per prompt quality evaluation call)CRUVERO_PROMPT_QUALITY_MAX_INPUT_BYTES(default2048; max evaluator payload bytes)CRUVERO_PROMPT_QUALITY_MODEL(optional; overrides evaluator model, defaults to decision model)
Memory
CRUVERO_MEMORY_EPISODIC_STORE(postgresorredis)CRUVERO_MEMORY_REDIS_TTLCRUVERO_SALIENCE_ENABLED(defaulttrue)CRUVERO_MEMORY_SALIENCE_RELEVANCE(default0.4)CRUVERO_MEMORY_SALIENCE_RECENCY(default0.3)CRUVERO_MEMORY_SALIENCE_CONFIDENCE(default0.2)CRUVERO_MEMORY_SALIENCE_USAGE(default0.1)CRUVERO_MEMORY_SALIENCE_FRESHNESS(default0.0)CRUVERO_MEMORY_SALIENCE_HALFLIFE(default24h)CRUVERO_CONTEXT_BUDGET_ENABLED(defaultfalse)CRUVERO_CONTEXT_BUDGET_TOKENS(default8000)CRUVERO_CONTEXT_SYSTEM_TOKENS(default1000)CRUVERO_EMBEDDING_FAILURE_MODE(fail,warn, orhash; defaultfail)CRUVERO_EMBEDDING_PROVIDER(openai,google,mock; deployment default commonlyopenai)CRUVERO_EMBEDDING_MODEL(deployment default commonlytext-embedding-3-small)CRUVERO_EMBEDDING_DIMENSIONS(optional explicit embedding dimension override)CRUVERO_EMBEDDING_TIMEOUT(provider call timeout)CRUVERO_EMBEDDING_BATCH_SIZE(provider batch sizing hint)CRUVERO_EMBEDDING_MAX_RETRIES(provider retry cap)CRUVERO_EMBEDDING_CACHE_ENABLED(defaulttrue)CRUVERO_EMBEDDING_CACHE_TTL(default720h)CRUVERO_EMBEDDING_CACHE_EPOCH(default empty; bump to invalidate stale embedding cache keys)CRUVERO_EMBED_MODE(direct,sync, orasync; defaultdirect)CRUVERO_EMBED_BATCH_SIZE(JetStream consumer batch size forembed-worker)CRUVERO_EMBED_FLUSH_MS(batch flush interval in milliseconds)CRUVERO_EMBED_DLQ_MAX_RETRIES(dead-letter cutoff for embedding jobs)CRUVERO_EMBED_WORKER_CONCURRENCY(parallel embed worker execution units)CRUVERO_EMBED_RECONCILE_ENABLED(defaulttrue; embed-worker pending-fact reconciler loop)CRUVERO_EMBED_RECONCILE_INTERVAL(default30s; cadence for pending-fact reconciliation passes)CRUVERO_EMBED_RECONCILE_BATCH_SIZE(default64; pending rows processed per worker pass)CRUVERO_EMBED_RECONCILE_MAX_ATTEMPTS(default5; terminally mark asfailedafter this many attempts)CRUVERO_EMBED_RECONCILE_WORKERS(default1; parallel reconciliation workers per pass)CRUVERO_EMBED_RECONCILE_STALE_AFTER(default10m; backlog age threshold for stale warning metric/logs)CRUVERO_EMBED_SYNC_TIMEOUT(default10s; sync-mode wait before falling back)CRUVERO_VECTOR_STORE(pgvector,qdrant, orcomposite; defaultpgvector)CRUVERO_QDRANT_URL(defaulthttp://localhost:6334)CRUVERO_QDRANT_API_KEY(optional)CRUVERO_QDRANT_COLLECTION_PREFIX(defaultcruvero_)CRUVERO_QDRANT_ON_DISK(defaulttrue; on-disk payload storage for safer memory usage)CRUVERO_QDRANT_GRPC_POOL_SIZE(default2; concurrent gRPC client connections)CRUVERO_QDRANT_UPSERT_BATCH_SIZE(default500; max points per upsert request)CRUVERO_QDRANT_TLS_CA_CERT(optional custom CA bundle path)CRUVERO_QDRANT_TLS_INSECURE(defaultfalse; skip TLS verification)CRUVERO_QDRANT_MEMORY_LIMIT(deployment/runtime setting for Qdrant container memory cap; recommended in production)
Tools and Registry
CRUVERO_COMPOSITE_MAX_DEPTH(default8; max nested composite invocation depth,0disables limit)CRUVERO_COMPOSITE_MAX_STEPS(default64; max steps allowed per composite execution,0disables limit)CRUVERO_TOOL_CONTRACT_POSTCONDITION_MODE(enforceorwarn; defaultenforce)CRUVERO_TOOL_SELECTION_MODE(llm_onlyorregistry_ranked; defaultregistry_ranked)CRUVERO_TOOL_SELECTION_TOP_K(default10; max candidate tools for registry-ranked selection)CRUVERO_TOOL_SELECTION_MIN_CONFIDENCE(default0.45; minimum route confidence to apply tool hint/override)CRUVERO_TOOL_SELECTION_REQUIRE_ROUTE(defaultfalse; iftrue, halt when required route cannot be satisfied)CRUVERO_LOOP_EFFICIENCY_GUARD_DISABLED(defaultfalse; settrueto disable conservative duplicate-loop auto-halt)CRUVERO_TOOL_QUALITY_ENABLED(enable tool quality scoring lifecycle)CRUVERO_TOOL_QUALITY_DEGRADE_THRESHOLD(quality score threshold for degraded classification)CRUVERO_TOOL_QUALITY_QUARANTINE_AFTER(degrade window before auto-quarantine)CRUVERO_TOOL_QUALITY_RATING_TIMEOUT(timeout for feedback/rating persistence pipeline)CRUVERO_TOOL_SEARCH_SEMANTIC(enable semantic tool retrieval)CRUVERO_TOOL_SEARCH_COLLECTION(vector collection used by tool search)CRUVERO_TOOL_SEARCH_K(top-k semantic retrieval width)CRUVERO_TOOL_SEARCH_RESULT_LIMIT(final ranked result cap)CRUVERO_TOOL_SEARCH_W_SIMILARITYCRUVERO_TOOL_SEARCH_W_QUALITYCRUVERO_TOOL_SEARCH_W_RECENCY
Prompt Library and Evaluation
CRUVERO_PROMPTLIB_EVAL_ENABLEDCRUVERO_PROMPTLIB_EVAL_TIMEOUTCRUVERO_PROMPTLIB_EVAL_MAX_CONCURRENTCRUVERO_PROMPTLIB_EXPERIMENTS_ENABLEDCRUVERO_PROMPTLIB_EXPERIMENT_MAX_VARIANTSCRUVERO_PROMPTLIB_BLUEPRINT_ENABLEDCRUVERO_PROMPTLIB_SNIPPETS_ENABLEDCRUVERO_PROMPTLIB_SNIPPET_MAX_DEPTHCRUVERO_PROMPTLIB_ENVS_ENABLEDCRUVERO_PROMPTLIB_DEFAULT_ENVSCRUVERO_PROMPTLIB_ANALYTICS_RETENTIONCRUVERO_PROMPTLIB_DIFF_CONTEXT_LINESCRUVERO_PROMPTLIB_NATS_CACHE_ENABLEDCRUVERO_PROMPTLIB_NATS_SUBJECT
Supervisor and Trust
CRUVERO_TRUST_ENABLED(defaultfalse; enable supervisor trust-based delegation and trust score updates)CRUVERO_TRUST_REVIEW_THRESHOLD(default0.3; reviewer fallback threshold for low-trust delegates)CRUVERO_TRUST_WEIGHT_SUCCESS(default0.5; success-rate weight in trust scoring)CRUVERO_TRUST_WEIGHT_QUALITY(default0.3; quality-score weight in trust scoring)CRUVERO_TRUST_WEIGHT_RECENCY(default0.2; recency-factor weight in trust scoring)CRUVERO_TRUST_RECENCY_DECAY(default0.1; recency decay coefficient in trust scoring)
Immune System
CRUVERO_IMMUNE_ENABLED(defaultfalse)CRUVERO_IMMUNE_QUARANTINE_THRESHOLD(default5)CRUVERO_IMMUNE_QUARANTINE_TTL(default0s, disabled)CRUVERO_IMMUNE_CLEANUP_ENABLED(defaulttrue)CRUVERO_IMMUNE_CLEANUP_INTERVAL(default24h)CRUVERO_IMMUNE_RETENTION_DAYS(default90)CRUVERO_IMMUNE_TOOL_THRESHOLDS(optional CSVtool:threshold, e.g.sim_git_pr:3,bash_exec:2)CRUVERO_IMMUNE_TOOL_NO_AUTO(optional CSV tool list excluded from auto-quarantine)CRUVERO_IMMUNE_ALERT_ENABLED(defaulttrue)CRUVERO_IMMUNE_ALERT_INTERVAL(default5m)CRUVERO_IMMUNE_ALERT_ANOMALY_DELTA(default20)CRUVERO_IMMUNE_ALERT_QUARANTINE_DELTA(default3)CRUVERO_IMMUNE_ALERT_BLOCKED_DELTA(default10)CRUVERO_IMMUNE_SNAPSHOT_ENABLED(defaulttrue)CRUVERO_IMMUNE_SNAPSHOT_DIR(defaultbackups/immune)CRUVERO_IMMUNE_SNAPSHOT_BATCH(default1000)
Quota and Cost
CRUVERO_QUOTA_ENABLED(defaulttrue)CRUVERO_QUOTA_STORE(postgresordragonfly)CRUVERO_QUOTA_DEFAULT_RPM(default60)CRUVERO_QUOTA_DEFAULT_RPH(default1000)CRUVERO_QUOTA_DEFAULT_TPD(default1000000)CRUVERO_QUOTA_DEFAULT_COST_USD(default100.0)CRUVERO_QUOTA_WARNING_THRESHOLD(default0.8)CRUVERO_QUOTA_CRITICAL_THRESHOLD(default0.95)CRUVERO_QUOTA_DOWNGRADE_MODELCRUVERO_QUOTA_CLEANUP_ENABLED(defaulttrue)CRUVERO_QUOTA_CLEANUP_INTERVAL(default6h)CRUVERO_QUOTA_USAGE_RETENTION(default168h)
Tenant Runtime
CRUVERO_TENANT_MODE(singleormulti; controls tenant bootstrap/policy behavior)CRUVERO_TENANT_STORE(postgresdefault; store backend for tenant metadata)CRUVERO_TENANT_DEFAULT_NAMESPACE(override default Temporal namespace for bootstrap tenant)CRUVERO_TENANT_WORKER_MODE(worker-side tenant execution mode controls)
Audit
CRUVERO_AUDIT_ENABLED(defaultfalse)CRUVERO_AUDIT_BUFFER(postgresornats; runtime buffer backend selector)CRUVERO_AUDIT_BATCH_SIZE(writer batch size)CRUVERO_AUDIT_FLUSH_MS(writer flush interval in milliseconds)CRUVERO_AUDIT_STREAM_RETENTION(NATS stream retention duration)CRUVERO_AUDIT_PII_DETECTION(defaultfalse)CRUVERO_AUDIT_PII_TYPES(defaultemail,phone,ssn,cc,ip)CRUVERO_AUDIT_STORE_ORIGINALS(defaulttrue)CRUVERO_AUDIT_BUFFER_SIZE(default50)CRUVERO_AUDIT_RETENTION_DAYS(default365)CRUVERO_AUDIT_EXPORT_FORMAT(soc2,hipaa,json,csv; defaultjson)CRUVERO_AUDIT_POSTGRES_URL(optional dedicated audit-writer DSN; falls back toCRUVERO_POSTGRES_URL)
PII Detection
CRUVERO_PII_ENABLED(global PII detection toggle)CRUVERO_PII_MODE(runtime policy mode)CRUVERO_PII_CLASSES(comma-separated classes to evaluate)CRUVERO_PII_CONFIDENCE_THRESHOLD(minimum confidence for findings)CRUVERO_PII_POLICY_JSON(inline JSON or path for policy override)CRUVERO_PII_ALLOWLIST(allowlisted token patterns)CRUVERO_PII_CHALLENGE_ENABLED(enable challenge/hold flow)CRUVERO_PII_CHALLENGE_TIMEOUT(challenge timeout)CRUVERO_PII_CHALLENGE_HOLD_STEPS(hold duration in workflow steps)CRUVERO_PII_NER_ENABLED(enable NER-based pass)CRUVERO_PII_MODEL_URL,CRUVERO_PII_MODEL_NAME,CRUVERO_PII_MODEL_DIR(external/local model controls)CRUVERO_PII_HMAC_KEY(required for deterministic token hashing in redaction/audit)
Security and Sandboxing
CRUVERO_SANDBOX_MODE(process,gvisor,nsjail; defaultprocess)CRUVERO_INPUT_SANITIZATION(defaultfalse)CRUVERO_INPUT_SANITIZATION_MODE(block,warn,passthrough; defaultwarn)CRUVERO_OUTPUT_PII_REDACTION(defaulttrue)CRUVERO_OUTPUT_CREDENTIAL_SCAN(defaulttrue)CRUVERO_OUTPUT_FILTER_MODE(redact,block; defaultredact)CRUVERO_NETWORK_POLICY_ENABLED(defaultfalse)CRUVERO_NETWORK_DEFAULT_POLICY(denyorallow; defaultdeny)CRUVERO_MCP_STRICT_ENDPOINTS(defaulttrue; enforce MCP endpoint allowlists)CRUVERO_CSRF_SECRET(CSRF HMAC secret for UI/API mutating route protection)CRUVERO_VAULT_ADDRCRUVERO_VAULT_TOKENCRUVERO_VAULT_SECRET_PATH_PREFIX(defaultsecret/cruvero)CRUVERO_PYTHON_ALLOW_ALL_IMPORTS(defaultfalse)CRUVERO_PYTHON_BLOCK_IMPORTS(comma-separated import blocklist)CRUVERO_PYTHON_MAX_CPU_SECS(default2)CRUVERO_PYTHON_MAX_MEM_MB(default256)CRUVERO_PYTHON_MAX_OUTPUT_KB(default64)CRUVERO_PYTHON_MAX_FILE_KB(default256)CRUVERO_BASH_ALLOWED_CMDS(comma-separated command allowlist)CRUVERO_BASH_ALLOW_NETWORK(defaultfalse)CRUVERO_BASH_MAX_OUTPUT_KB(default64)CRUVERO_BASH_MAX_FILE_KB(default256)
Observability
CRUVERO_LOG_LEVELCRUVERO_HEALTH_CHECK_INTERVAL(default30s)CRUVERO_WORKER_PROBE_ADDR(default:8082, worker health probe HTTP server)CRUVERO_STREAM_HEARTBEAT_INTERVAL(stream health heartbeat cadence in UI stream monitor)CRUVERO_STREAM_HEARTBEAT_TIMEOUT(stream heartbeat timeout)CRUVERO_STREAM_LAG_THRESHOLD(lag threshold for unhealthy stream classification)CRUVERO_STREAM_STALE_THRESHOLD_EVENTS(staleness threshold for events stream)CRUVERO_STREAM_STALE_THRESHOLD_AUDIT(staleness threshold for audit stream)CRUVERO_TELEMETRY_NATS(enable telemetry publication over NATS)
Backup
CRUVERO_BACKUP_DIR(defaultbackups)CRUVERO_BACKUP_PG_DUMP_BIN(defaultpg_dump)CRUVERO_BACKUP_PG_RESTORE_BIN(defaultpg_restore)CRUVERO_BACKUP_PG_DUMP_FORMAT(defaultcustom)CRUVERO_BACKUP_S3_BUCKET(required for S3 upload/download)CRUVERO_BACKUP_S3_PREFIX(defaultcruvero)CRUVERO_BACKUP_S3_REGION(defaultus-east-1)CRUVERO_BACKUP_S3_ENDPOINT(optional S3-compatible endpoint)CRUVERO_BACKUP_S3_FORCE_PATH_STYLE(defaultfalse; often required for MinIO)CRUVERO_BACKUP_S3_ACCESS_KEY_ID/CRUVERO_BACKUP_S3_SECRET_ACCESS_KEY/CRUVERO_BACKUP_S3_SESSION_TOKEN(optional static credentials)CRUVERO_BACKUP_AUDIT_ARCHIVE_DAYS(default30)CRUVERO_BACKUP_AUDIT_ARCHIVE_BATCH_CAP(default250000; max rows exported per archive run)
Flow Builder and Git Integration
CRUVERO_FLOW_GITHUB_TOKEN(GitHub token used for flow commit/PR integration)CRUVERO_FLOW_GITHUB_REPO(default target repository for flow commits)CRUVERO_FLOW_GITHUB_BRANCH(default branch for flow commit operations)CRUVERO_FLOW_GITHUB_PR_MODE(controls PR behavior for flow commits)CRUVERO_SEARCH_AUTOCOMPLETE_ENABLED(enable search autocomplete endpoints)CRUVERO_SEARCH_AUTOCOMPLETE_MAX_RESULTS(autocomplete result cap)CRUVERO_SEARCH_AUTOCOMPLETE_MIN_SIMILARITY(similarity floor for autocomplete)
UI
CRUVERO_AUTH_PROVIDER(defaultnone; provider used by the UI auth middleware)CRUVERO_UI_MODE(reactorhtmx; defaultreact)CRUVERO_UI_AUTH(none,keycloak,oidc; runtime auth mode)CRUVERO_UI_JWKS_URL(JWT/JWKS endpoint)CRUVERO_UI_ISSUER(expected JWT issuer)CRUVERO_UI_AUDIENCE(expected JWT audience)CRUVERO_UI_OIDC_CLIENT_IDCRUVERO_UI_OIDC_CLIENT_SECRETCRUVERO_UI_OIDC_AUTH_URLCRUVERO_UI_OIDC_TOKEN_URLCRUVERO_UI_OIDC_LOGOUT_URLCRUVERO_UI_OIDC_REDIRECT_URICRUVERO_UI_OIDC_SCOPESCRUVERO_UI_SESSION_TIMEOUT(OIDC session max age)CRUVERO_UI_STATIC_DIR(override static assets directory)CRUVERO_UI_DEV_PROXY(frontend dev proxy target)CRUVERO_UI_COST_CACHE_TTL(default30s)CRUVERO_UI_ADMIN_TOKEN(required forPOST /api/quota/resetandPOST /api/quota/override)CRUVERO_FLOW_COLLAB_ENABLED(enable collaborative flow editing mode)CRUVERO_FLOW_COLLAB_WS_BACKEND(websocket backend endpoint for collaboration transport)CRUVERO_FLOW_COLLAB_WS_URL(browser-facing collaboration websocket URL override)
Production API (cmd/api)
| Variable | Default | Description |
|---|---|---|
CRUVERO_API_PORT | 8900 | API listen port |
CRUVERO_API_READ_TIMEOUT | 30s | HTTP read timeout |
CRUVERO_API_WRITE_TIMEOUT | 60s | HTTP write timeout |
CRUVERO_API_IDLE_TIMEOUT | 120s | HTTP idle timeout |
CRUVERO_API_SHUTDOWN_TIMEOUT | 15s | Graceful shutdown timeout |
CRUVERO_API_AUTH | none | Auth mode: none, keycloak, apikey |
CRUVERO_API_JWKS_URL | — | JWKS endpoint for JWT verification |
CRUVERO_API_ISSUER | — | Expected JWT issuer |
CRUVERO_API_AUDIENCE | — | Expected JWT audience |
CRUVERO_API_API_KEYS | — | Comma-separated static API keys for apikey auth mode |
CRUVERO_API_RATE_LIMIT | 1000 | Requests per minute per tenant |
CRUVERO_API_RATE_LIMIT_BURST | 50 | Per-tenant burst allowance (requests per second limiter) |
CRUVERO_API_CORS_ORIGINS | * | Comma-separated CORS allowlist |
CRUVERO_API_CORS_MAX_AGE | 3600 | CORS preflight cache max-age (seconds) |
CRUVERO_OTEL_ENDPOINT | — | OTLP trace exporter endpoint |
CRUVERO_OTEL_INSECURE | false | Use insecure OTLP transport |
MCP Variables
See MCP Integration.
CRUVERO_MCP_SERVERS(server definitions string used for static MCP bootstrap)CRUVERO_MCP_DISCOVERY(static|nats|both)CRUVERO_MCP_TRANSPORT(stdio|http|sse|gateway)CRUVERO_MCP_GATEWAY_URL(gateway endpoint forgatewaytransport)CRUVERO_MCP_GATEWAY_AUTH(gateway auth mode/credential source)CRUVERO_MCP_GATEWAY_INIT_REQUIRE_AUTH(fail startup if gateway auth is missing/invalid)CRUVERO_MCP_HTTP_TIMEOUTCRUVERO_MCP_HTTP_MAX_CONNSCRUVERO_MCP_RETRY_MAXCRUVERO_MCP_RETRY_BACKOFFCRUVERO_MCP_CACHE_ENABLEDCRUVERO_MCP_CACHE_ADDRCRUVERO_MCP_CACHE_TTLCRUVERO_MCP_CIRCUIT_ENABLEDCRUVERO_MCP_CIRCUIT_FAILURE_THRESHOLDCRUVERO_MCP_CIRCUIT_FAILURE_WINDOWCRUVERO_MCP_CIRCUIT_HALF_OPEN_INTERVALCRUVERO_MCP_CIRCUIT_SUCCESS_THRESHOLDCRUVERO_MCP_HEARTBEAT_INTERVALCRUVERO_MCP_STALE_THRESHOLDCRUVERO_MCP_REGISTRY_ENABLED(publish discovered MCP tools into runtime registry)CRUVERO_MCP_TLS_ENABLEDCRUVERO_MCP_TLS_CA_CERTCRUVERO_MCP_TLS_CERTCRUVERO_MCP_TLS_KEYCRUVERO_MCP_VAULT_ENABLEDCRUVERO_MCP_VAULT_PATHCRUVERO_MCP_ENDPOINTS_<SERVER>(comma-separated allowed endpoint URLs for server-specific MCP endpoint pinning)CRUVERO_CODE_EXEC_MCP_REQUIRED(defaultfalse; whentrue,python_exec/bash_execfail closed if MCPmcp-code-execroute is unavailable inhttp|gatewaymode)
Gateway Integration
CRUVERO_MCPGW_ENABLED(defaultfalse; enables MCP gateway integration)CRUVERO_MCPGW_GATEWAY_ID(defaultdefault; gateway instance ID for NATS subject scoping,mcpgw.{gateway_id}.events.*andmcpgw.{gateway_id}.config.*)CRUVERO_MCPGW_TENANT_ID(defaultdefault; tenant ID used by MCPGW subscriber/publisher store operations)CRUVERO_MCPGW_POLICY_JSON(default empty; gateway policy profiles as inline JSON or file path)CRUVERO_MCPGW_AUTH_MODE(defaultjwt; auth modejwt|oidc|apikey|none)CRUVERO_MCPGW_AUTH_ALLOW_NONE(defaultfalse; explicit opt-in required beforeCRUVERO_MCPGW_AUTH_MODE=noneis accepted)CRUVERO_MCPGW_OIDC_ISSUER(OIDC issuer URL forCRUVERO_MCPGW_AUTH_MODE=oidc)CRUVERO_MCPGW_OIDC_AUDIENCE(OIDC audience forCRUVERO_MCPGW_AUTH_MODE=oidc)CRUVERO_MCPGW_OIDC_JWKS_URL(OIDC JWKS URL forCRUVERO_MCPGW_AUTH_MODE=oidc)CRUVERO_MCPGW_AUTO_REGISTRY_REFRESH_ENABLED(auto-refresh local MCP registry on gateway changes)CRUVERO_MCPGW_AUTO_REGISTRY_REFRESH_DEBOUNCE(debounce window for repeated refresh triggers)CRUVERO_MCPGW_AUTO_REGISTRY_REFRESH_INTERVAL(periodic reconcile interval; default15m, set0to disable)CRUVERO_MCPGW_AUTO_REGISTRY_REFRESH_REGISTRY_ID(target registry id for MCPGW-driven refresh)
Behavior notes:
- Startup validation fails if
CRUVERO_MCPGW_AUTH_MODE=noneandCRUVERO_MCPGW_AUTH_ALLOW_NONEis nottrue. - Gateway config publication always targets gateway-scoped subjects only (
mcpgw.{gateway_id}.config.{scope}). - Store reads and writes in MCPGW subscriber/publisher paths use
CRUVERO_MCPGW_TENANT_ID; avoid hardcoding tenant IDs in runtime code.
Phase 10: Neuro-Inspired Intelligence
10A Metacognitive Monitoring
CRUVERO_METACOGNITIVE_ENABLED(defaultfalse)CRUVERO_METACOGNITIVE_CHECK_INTERVAL(default3)CRUVERO_METACOGNITIVE_MAX_REPETITION(default3)CRUVERO_METACOGNITIVE_ESCALATION_MODEL(optional)
10B Salience and Context Budget
CRUVERO_SALIENCE_ENABLED(defaulttrue)CRUVERO_MEMORY_SALIENCE_RELEVANCE(default0.4)CRUVERO_MEMORY_SALIENCE_RECENCY(default0.3)CRUVERO_MEMORY_SALIENCE_CONFIDENCE(default0.2)CRUVERO_MEMORY_SALIENCE_USAGE(default0.1)CRUVERO_MEMORY_SALIENCE_FRESHNESS(default0.0)CRUVERO_MEMORY_SALIENCE_HALFLIFE(default24h)CRUVERO_CONTEXT_BUDGET_ENABLED(defaultfalse)CRUVERO_CONTEXT_BUDGET_TOKENS(default8000)CRUVERO_CONTEXT_SYSTEM_TOKENS(default1000)
10C Temporal Reasoning
CRUVERO_TEMPORAL_REASONING_ENABLED(defaultfalse)CRUVERO_DEFAULT_FAST_MODEL(optional)CRUVERO_DEADLINE_ACTION(defaultescalate, allowedescalate|halt)
10D Agent Immune System
CRUVERO_IMMUNE_ENABLED(defaultfalse)CRUVERO_IMMUNE_QUARANTINE_THRESHOLD(default5)CRUVERO_IMMUNE_QUARANTINE_TTL(default0s)CRUVERO_IMMUNE_CLEANUP_ENABLED(defaulttrue)CRUVERO_IMMUNE_CLEANUP_INTERVAL(default24h)CRUVERO_IMMUNE_RETENTION_DAYS(default90)CRUVERO_IMMUNE_TOOL_THRESHOLDS(optional CSVtool:threshold)CRUVERO_IMMUNE_TOOL_NO_AUTO(optional CSV tool list)CRUVERO_IMMUNE_ALERT_ENABLED(defaulttrue)CRUVERO_IMMUNE_ALERT_INTERVAL(default5m)CRUVERO_IMMUNE_ALERT_ANOMALY_DELTA(default20)CRUVERO_IMMUNE_ALERT_QUARANTINE_DELTA(default3)CRUVERO_IMMUNE_ALERT_BLOCKED_DELTA(default10)CRUVERO_IMMUNE_SNAPSHOT_ENABLED(defaulttrue)CRUVERO_IMMUNE_SNAPSHOT_DIR(defaultbackups/immune)CRUVERO_IMMUNE_SNAPSHOT_BATCH(default1000)
10E Compositional Tools and Contracts
CRUVERO_COMPOSITE_MAX_DEPTH(default8)CRUVERO_COMPOSITE_MAX_STEPS(default64)CRUVERO_TOOL_CONTRACT_POSTCONDITION_MODE(defaultenforce, allowedenforce|warn)
10F Trust-Based Delegation
CRUVERO_TRUST_ENABLED(defaultfalse)CRUVERO_TRUST_REVIEW_THRESHOLD(default0.3)CRUVERO_TRUST_WEIGHT_SUCCESS(default0.5)CRUVERO_TRUST_WEIGHT_QUALITY(default0.3)CRUVERO_TRUST_WEIGHT_RECENCY(default0.2)CRUVERO_TRUST_RECENCY_DECAY(default0.1)
10G Provenance Graph
CRUVERO_PROVENANCE_ENABLED(defaultfalse)
Phase 10 Rollout Guide
Use staged enablement so each capability can be validated independently and rolled back quickly.
Stage 0: Baseline Validation
- Keep all optional Phase 10 flags disabled (
10A,10C,10D,10F,10G). - Run:
go test ./...go test -tags integration ./internal/agent ./internal/supervisor -count=1
- Confirm worker startup is clean with defaults.
Stage 1: Cognitive Features
- Enable:
CRUVERO_METACOGNITIVE_ENABLED=trueCRUVERO_SALIENCE_ENABLED=true(default)CRUVERO_CONTEXT_BUDGET_ENABLED=trueCRUVERO_TEMPORAL_REASONING_ENABLED=true
- Keep
CRUVERO_IMMUNE_ENABLED=false,CRUVERO_TRUST_ENABLED=false,CRUVERO_PROVENANCE_ENABLED=false. - Validate prompt quality/latency and verify no unexpected escalation loops.
Stage 2: Runtime Safety
- Enable:
CRUVERO_IMMUNE_ENABLED=true
- Keep trust/provenance disabled initially.
- Validate anomaly, quarantine, and cleanup behavior in staging before production.
Stage 3: Delegation Policy
- Enable:
CRUVERO_TRUST_ENABLED=true
- Set policy knobs explicitly:
CRUVERO_TRUST_REVIEW_THRESHOLDCRUVERO_TRUST_WEIGHT_SUCCESSCRUVERO_TRUST_WEIGHT_QUALITYCRUVERO_TRUST_WEIGHT_RECENCYCRUVERO_TRUST_RECENCY_DECAY
- Validate trust score drift and reviewer fallback rates.
Stage 4: Provenance and Forensics
- Enable:
CRUVERO_PROVENANCE_ENABLED=true
- Validate provenance node/edge persistence, subgraph retrieval, and run-diff behavior.
Rollback Order
- Disable in reverse order to minimize operational risk:
CRUVERO_PROVENANCE_ENABLED=falseCRUVERO_TRUST_ENABLED=falseCRUVERO_IMMUNE_ENABLED=falseCRUVERO_TEMPORAL_REASONING_ENABLED=falseCRUVERO_CONTEXT_BUDGET_ENABLED=falseCRUVERO_METACOGNITIVE_ENABLED=false
Temporal TLS
- If TLS enabled and address ends with
:443, uses system CA (no mTLS).
Templates
- Agent scaffold includes
.env.exampleanddocker-compose.override.yml.