Configuration
Every environment variable, default, and health endpoint for the Palveron stack.
This page is the canonical reference for self-hosters — every variable, what it does, and whether it's required.
Gateway (palveron-gateway)
Required
| Variable | Description |
|---|---|
DATABASE_URL | PostgreSQL connection string |
OPENAI_API_KEY | Used for LLM-assist policy evaluation |
INTERNAL_PROXY_SECRET | Shared secret between dashboard proxy and gateway |
Optional
| Variable | Default | Description |
|---|---|---|
PORT | 8080 | HTTP listen port |
HOST | 0.0.0.0 | Bind address |
REDIS_URL | — | Enables rate-limit cache and approval queue cache when set |
RUST_LOG | palveron_gateway=info,tower_http=info | Log filter |
NGE_MODELS_DIR | /app/models/nge | Path to ONNX model directory (~4 GB) |
NGE_MODE | nge_fallback | disabled, nge_local, nge_fallback, llm_only |
FLARE_PRIVATE_KEY | — | Hex-encoded key for managed-wallet anchoring |
FLARE_CONTRACT_ADDRESS | — | PalveronNotary contract on Flare |
FLARE_RPC_URL | https://coston2-api.flare.network/ext/C/rpc | Switch to mainnet RPC for production |
BRAND_NAME | Palveron | White-label brand name in API responses |
BUDGET_RESET_HOUR_UTC | 0 | Hour at which agent budgets reset (0-23) |
RATE_LIMIT_BURST_PER_SECOND | 100 | Per-key burst limit |
Dashboard (palveron-nexus)
Required
| Variable | Description |
|---|---|
DATABASE_URL | PostgreSQL — same DB as the gateway |
KINDE_CLIENT_ID | Kinde OIDC client ID |
KINDE_CLIENT_SECRET | Kinde OIDC client secret |
KINDE_ISSUER_URL | Kinde issuer URL (e.g. https://palveron.kinde.com) |
KINDE_SITE_URL | Public URL of the dashboard (used for OIDC redirects) |
INTERNAL_PROXY_SECRET | Must match the gateway's value |
Optional
| Variable | Default | Description |
|---|---|---|
PALVERON_CORE_INTERNAL_URL | http://gateway:8080 | Container-to-container gateway URL |
NEXT_PUBLIC_PALVERON_CORE_URL | — | Public gateway URL (for client-side calls) |
RESEND_API_KEY | — | Required only if email notifications are enabled |
STRIPE_SECRET_KEY | — | Required only when self-billing through Stripe |
STRIPE_WEBHOOK_SECRET | — | Used to verify Stripe webhooks |
Health endpoints
Every service exposes a health endpoint. Use them in liveness/readiness probes and uptime monitors.
| Service | Path | Healthy response |
|---|---|---|
| Gateway | GET /health | { "status": "healthy", "version": "...", "dependencies": { ... } } |
| Gateway | GET /ready | 200 when NGE models are loaded and DB is reachable; 503 otherwise |
| Dashboard | GET /api/health | 200 with build metadata |
The gateway's /health does not indicate readiness — use /ready for load-balancer probes during deployments.
Observability
| Endpoint | Description |
|---|---|
GET /metrics (port 9090) | Prometheus exposition |
GET /api/v1/admin/integrity-stats | Continuous tamper-detection counters (admin-only) |
GET /api/v1/admin/flare-status | Last successful anchor + queue depth (admin-only) |
Retry & rate-limit behavior
The gateway returns:
429 Too Many RequestswithRetry-After: <seconds>when the per-key burst limit is hit503 Service UnavailablewithRetry-After: <seconds>during NGE model reload (typically under 2 seconds)
Official SDKs honor Retry-After and retry transient 5xx/timeout errors with exponential backoff and jitter. When building custom clients, replicate the same pattern.
For a complete deployment example with all variables wired in, see palveron-deploy/.env.example.