Skip to main content

Settings & Configuration

This page summarizes public‑facing settings, recommended values by environment, and where they take effect. For the complete list, see Reference → Environment Variables.

Core URLs

  • BASE_URL — canonical API URL (set via Terraform in production). Used for absolute links and OIDC audience hints.
  • FRONTEND_ORIGIN — allowed origin for the SPA (CORS).
  • CORS_ORIGINS — comma‑separated additional origins for tools and integrations.

OpenAPI & Docs

OpenAPI is enabled by default; secure behind auth and proxies in production.

  • Docs: public docs are hosted at docs.smartsre.smartmigrate.ai.

Approvals & Notifications

  • Tenant admins can configure approver groups and webhooks in the app UI (see Risk Guardrails). System defaults:
    • Webhook timeouts/backoff: APPROVAL_WEBHOOK_* variables.
    • Email defaults: SMTP_* and FROM_EMAIL (platform‑wide), overridable per tenant.

Risk Guardrails (defaults)

  • Global limits and per‑service caps are seeded from DEFAULT_RISK_CONFIG and overlaid per tenant.
  • Notable caps (changeable by tenant admins):
    • Cloud Run: max_memory_gi, max_cpu_m
    • GKE: min_nodes, max_nodes, max_hpa_max
    • BigQuery: min_slots, max_slots
    • Cloud SQL: allow_ha

Queues & Scheduling

  • Periodic scans (advise) are tenant‑configured in the Settings UI (admin/platform‑admin).
  • Cadence is controlled by AGENT_ADVISE_INTERVAL_MINUTES.
  • Optional Cloud Tasks can be configured via CLOUD_TASKS_* for background transport.

Environments

  • Local/dev: set minimal values in .env (DEBUG=true).
  • Staging: prefer OIDC for internal callbacks; restrict API docs to internal access via network or auth.
  • Production: set BASE_URL, INTERNAL_AUDIENCE, restrict CORS; protect API docs behind auth/proxies or disable exposure at the edge.

Who owns what

  • Platform Admin: environment and Terraform variables, global email/SMTP, default risk config.
  • Tenant Admin: per‑tenant risk guardrails, notification channels, approver groups.
  • Operator: none (uses UI and APIs only).

See also: Architecture → Risk Guardrails, Architecture → API Architecture, Deployment → Terraform Guide.