Configuration
Every environment variable, default, and health endpoint for the Palveron stack.
This page is the canonical reference for self-hosters — every variable, what it does, and whether it's required.
Gateway (palveron-gateway)
Required
| Variable | Description |
|---|---|
DATABASE_URL | PostgreSQL connection string |
OPENAI_API_KEY | Used for LLM-assist policy evaluation |
INTERNAL_PROXY_SECRET | Shared secret between dashboard proxy and gateway |
Optional
| Variable | Default | Description |
|---|---|---|
PORT | 8080 | HTTP listen port |
HOST | 0.0.0.0 | Bind address |
REDIS_URL | — | Enables rate-limit cache and approval queue cache when set |
RUST_LOG | palveron_gateway=info,tower_http=info | Log filter |
NGE_MODELS_DIR | /app/models/nge | Path to ONNX model directory (~4 GB) |
NGE_MODE | nge_fallback | disabled, nge_local, nge_fallback, llm_only |
FLARE_PRIVATE_KEY | — | Hex-encoded key for managed-wallet anchoring |
FLARE_CONTRACT_ADDRESS | — | PalveronNotary contract on Flare |
FLARE_RPC_URL | https://coston2-api.flare.network/ext/C/rpc | Switch to mainnet RPC for production |
BRAND_NAME | Palveron | White-label brand name in API responses |
Dashboard (palveron-nexus)
Required
| Variable | Description |
|---|---|
DATABASE_URL | PostgreSQL — same DB as the gateway |
KINDE_CLIENT_ID | Kinde OIDC client ID |
KINDE_CLIENT_SECRET | Kinde OIDC client secret |
KINDE_ISSUER_URL | Kinde issuer URL (e.g. https://palveron.kinde.com) |
KINDE_SITE_URL | Public URL of the dashboard (used for OIDC redirects) |
INTERNAL_PROXY_SECRET | Must match the gateway's value |
Optional
| Variable | Default | Description |
|---|---|---|
PALVERON_CORE_INTERNAL_URL | http://gateway:8080 | Container-to-container gateway URL |
NEXT_PUBLIC_PALVERON_CORE_URL | — | Public gateway URL (for client-side calls) |
RESEND_API_KEY | — | Required only if email notifications are enabled |
STRIPE_SECRET_KEY | — | Required only when self-billing through Stripe |
STRIPE_WEBHOOK_SECRET | — | Used to verify Stripe webhooks |
Health endpoints
Every service exposes a health endpoint. Use them in liveness/readiness probes and uptime monitors.
| Service | Path | Healthy response |
|---|---|---|
| Gateway | GET /health | 200 — pure liveness (process alive; no dependency checks) |
| Gateway | GET /ready | 200 unless Postgres is critical/unprobed (reads the cached health state, never probes inline) |
| Dashboard | GET /api/health | 200 with build metadata |
The gateway's /health does not indicate readiness — use /ready for load-balancer probes during deployments. A full subsystem snapshot is available at GET /health/detailed, gated by the X-Palveron-Operator-Key header (503 when OPERATOR_API_KEY is unset).
Observability
| Endpoint | Description |
|---|---|
GET /metrics | Prometheus exposition on the gateway port — includes governance-availability, trace-durability and DLQ-replay-p95 SLO gauges |
GET /api/v1/integrity/status | Continuous tamper-detection status (API-key auth) |
GET /api/v1/admin/system-health | System health for the admin panel (admin role required) |
Retry & rate-limit behavior
The gateway returns:
429 Too Many Requestswith aRetry-Afterheader and a structured body (limit_type:rpmormonthly) when a rate limit is hit503 Service Unavailable(empty body) when a governance decision could not be durably recorded (DB and DLQ unavailable) — retry with backoff
Official SDKs honor Retry-After and retry transient 5xx/timeout errors with exponential backoff and jitter. When building custom clients, replicate the same pattern.
For a complete deployment example with all variables wired in, see
gateway/.env.production.example
(Docker Compose) or the commented values.yaml of the Helm chart
(deploy/charts/palveron).