Environment Variables
All configuration is via environment variables. Copy .env.example to .env and fill in your values.
Required
| Variable |
Description |
Example |
ANTHROPIC_API_KEY |
Anthropic API key for Claude models |
sk-ant-... |
DATABASE_URL |
Postgres connection string (asyncpg format). Must include sslmode=require for staging/production |
postgresql+asyncpg://user:pass@host/db?sslmode=require |
WP_BASE_URL |
WordPress site base URL |
https://yourdomain.com |
WP_USERNAME |
WordPress username for REST API |
content-pipeline |
WP_APP_PASSWORD |
WordPress application password |
xxxx xxxx xxxx xxxx |
Optional — Infrastructure
| Variable |
Description |
Default |
ENVIRONMENT |
Runtime environment (local, staging, production). Controls SSL validation and other environment-specific behavior |
production |
DATABASE_URL_MIGRATIONS |
Separate connection string for Alembic migrations with DDL privileges. Falls back to DATABASE_URL if not set |
— |
PREFECT_API_URL |
Prefect API URL. Set in fly.toml [env] (non-secret, points to http://localhost:4200/api for the co-located server) |
— |
PREFECT_API_DATABASE_CONNECTION_URL |
Postgres connection string for the self-hosted Prefect server. Use the direct (non-pooler) Neon endpoint |
— |
SLACK_WEBHOOK_URL |
Slack incoming webhook URL for failure alerts |
— |
SENTRY_DSN |
Sentry DSN for error tracking. Leave empty to disable |
— |
Optional — API Keys
| Variable |
Description |
Default |
OPENAI_API_KEY |
OpenAI key for DALL-E 3 image generation. Leave empty to disable |
— |
NCBI_API_KEY |
NCBI/PubMed API key. Increases rate limit from 3 requests/s to 10 requests/s |
— |
BRAVE_API_KEY |
Brave Search API key. Enables web search during evaluation runs |
— |
S2_API_KEY |
Semantic Scholar API key. Optional; increases rate limits for academic paper search |
— |
Optional — Observability
| Variable |
Description |
Default |
LANGFUSE_PUBLIC_KEY |
Langfuse public key for LLM observability. Leave empty to disable |
— |
LANGFUSE_SECRET_KEY |
Langfuse secret key |
— |
LANGFUSE_HOST |
Langfuse host URL |
https://cloud.langfuse.com |
SENTRY_APP_NAME |
Application name for Sentry server_name field |
— |
SENTRY_RELEASE |
Release identifier for Sentry (set automatically in CI/CD) |
— |
Optional — Image Storage (Cloudflare R2)
| Variable |
Description |
Default |
R2_ACCOUNT_ID |
Cloudflare account ID for R2 storage |
— |
R2_ACCESS_KEY_ID |
R2 access key ID (S3-compatible) |
— |
R2_SECRET_ACCESS_KEY |
R2 secret access key |
— |
R2_BUCKET_NAME |
R2 bucket name (e.g. naluma-wordpress) |
— |
Optional — Dashboard (Cloudflare Access)
| Variable |
Description |
Default |
CF_ACCESS_TEAM_DOMAIN |
Cloudflare Access team domain (e.g. naluma) |
— |
CF_ACCESS_AUD |
Cloudflare Access Application Audience (AUD) tag |
— |
DASHBOARD_DEV_EMAIL |
Dev-mode email bypass (only when ENVIRONMENT=local) |
— |
Optional — Research
| Variable |
Description |
Default |
OBSIDIAN_VAULT_PATH |
Absolute path to an Obsidian vault containing research notes. Used by the researcher agent's vault reader tool |
— |