Settings are loaded via pydantic settings models:
agent:agent/config.py, prefixRK_knowledge_bases:knowledge_bases/config.py, prefixKBS_
RK_DATABASE_URL- Async SQLAlchemy DSN for primary backend DB.
RK_DEBUG- Enables debug mode behavior.
RK_CORS_ORIGINS- Allowed frontend origins.
RK_JWT_SECRETRK_JWT_ALGORITHM(defaultHS256)RK_JWT_EXPIRE_MINUTESRK_ENCRYPTION_KEY- Fernet key used for encrypting sensitive data at rest.
RK_ALLOW_LEGACY_WS_API_KEY- Enables legacy API-key query-param WS auth.
RK_MINIMUM_SDK_VERSIONRK_SUPPORTED_SDK_MAJOR_VERSIONSRK_CHAT_CAPABILITY_SECRETRK_CHAT_CAPABILITY_TTL_SECONDSRK_REDIS_URL- Redis DSN for cross-instance WS continuity (owner lease, outbox replay, tool-result handoff).
RK_INSTANCE_ID- Stable process identifier for Redis owner leasing (defaults to hostname).
RK_WS_OWNER_TTL_SECONDS- Owner lease TTL for active WS session shards.
RK_WS_OUTBOX_TTL_SECONDS- TTL for buffered WS outbound frames in Redis.
RK_WS_TOOL_RESULT_TTL_SECONDS- TTL for bridged tool results in Redis.
RK_KNOWLEDGE_BASES_BASE_URLRK_KNOWLEDGE_BASES_AUDIENCERK_KNOWLEDGE_BASES_SIGNING_KEYRK_KNOWLEDGE_BASES_JWT_ALGORITHMRK_KNOWLEDGE_BASES_TIMEOUT_SECONDSRK_KNOWLEDGE_BASES_CONNECT_TIMEOUT_SECONDS
NEXT_PUBLIC_API_BASE_URL- Dashboard API base URL used from
dashUI. - In split-host production this is typically
https://api.<domain>. - In the single-host quickstart this can be the dashboard origin itself.
- Dashboard API base URL used from
NEXT_PUBLIC_IOS_SDK_REPO_URL- Optional public link used by dashboard onboarding CTAs for iOS SDK source/docs.
NEXT_PUBLIC_ANDROID_SDK_REPO_URL- Optional public link used by dashboard onboarding CTAs for Android SDK source/docs.
NEXT_PUBLIC_IOS_SAMPLE_DMG_URL- Optional public link used by dashboard onboarding CTAs to download the iOS sample app DMG.
NEXT_PUBLIC_ANDROID_SAMPLE_DEBUG_APK_URL- Optional public link used by dashboard onboarding CTAs to download the Android sample debug APK.
NEXT_PUBLIC_ANDROID_SAMPLE_RELEASE_APK_URL- Optional public link used by dashboard onboarding CTAs to download the Android sample release APK.
DATABASE_URL- Dashboard Next route handler DB connection string (Prisma).
RESOLVEKIT_SERVER_AGENT_BASE_URL- Optional server-only agent URL used by dashboard server-side runtime lookups.
- Must use HTTPS unless it targets
localhost. - Useful in reverse-proxy or internal-network deployments where the dashboard server should use a server-only URL that differs from the browser-facing control-plane URL.
- In dockerized deployments this can point directly at
http://backend:8000.
RK_JWT_SECRETRK_JWT_ALGORITHMRK_JWT_EXPIRE_MINUTES- Dashboard browser-session token settings.
RK_ENCRYPTION_KEY- Used by dashboard API for encrypting/decrypting provider profile API keys (Fernet-compatible).
- Production must provide an explicit valid Fernet key.
- During local Next.js development, the dashboard can derive a stable fallback from
RK_JWT_SECRETwhen this value is missing or invalid.
RK_KNOWLEDGE_BASES_BASE_URLRK_KNOWLEDGE_BASES_AUDIENCERK_KNOWLEDGE_BASES_SIGNING_KEYRK_KNOWLEDGE_BASES_JWT_ALGORITHM- Used by dashboard API to call KB service internal endpoints directly.
KBS_DATABASE_URLKBS_DEBUGKBS_WORKER_ENABLEDKBS_WORKER_POLL_SECONDS
KBS_SERVICE_JWT_SIGNING_KEYKBS_SERVICE_JWT_ALGORITHMKBS_SERVICE_JWT_AUDIENCEKBS_ENCRYPTION_KEY
KBS_CRAWL_TIMEOUT_SECONDSKBS_CRAWL_MAX_PAGESKBS_CRAWL_MAX_DEPTHKBS_CRAWL_USER_AGENTKBS_USE_CRAWL4AIKBS_CRAWL4AI_HEADLESSKBS_CRAWL4AI_VERBOSEKBS_CRAWL4AI_BASE_DIRECTORY
KBS_UPLOAD_MAX_FILE_BYTESKBS_UPLOAD_ALLOWED_EXTENSIONSKBS_UPLOAD_OCR_ENABLED
- See
.env.exampleanddocker-compose.ymlfor local defaults and service wiring. .env.local-deploy.exampledemonstrates the single-host quickstart (/agentpath prefix)..env.prod.exampledemonstrates the recommended split-host production topology.
- Production must override insecure defaults for:
RK_JWT_SECRETRK_ENCRYPTION_KEYKBS_SERVICE_JWT_SIGNING_KEYKBS_ENCRYPTION_KEY
agentstartup validates critical secrets when debug mode is off.