compose: forward AI provider + mailer/SMTP env to the backend

Follow-up to the OWNER_EMAIL passthrough. The backend service env block is an
explicit allow-list, so the documented model-provider keys (ANTHROPIC_*,
OPENAI_*, XAI_*, OLLAMA_*, DEFAULT_*_PROVIDER, LLM_MAX_TOKENS,
EMBEDDING_DIMENSIONS) and mailer settings (MAILER, SMTP_*, APP_BASE_URL,
REQUIRE_EMAIL_VERIFICATION) never reached the container — setting them in .env
was a no-op. The AI assistant/policy and the SMTP mailer run in the backend, so
forward them here.

Side fix: APP_BASE_URL was likewise dropped, so outbound email links used the
code default http://localhost instead of the configured domain. Now forwarded
(verified live: backend reports APP_BASE_URL=https://provenance.paul.farm).

Worker is left as-is (it consumes neither today); it'll need the model vars when
embedding/matching jobs land. Alternative to this growing allow-list is
`env_file: .env` on the service — deferred to avoid forwarding unrelated secrets.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Signed-off-by: Justin Paul <justin@jpaul.me>
This commit is contained in:
2026-06-10 08:38:49 -04:00
parent 2712ae469b
commit 3a1395b6af
+29
View File
@@ -78,6 +78,35 @@ services:
S3_ACCESS_KEY: ${S3_ACCESS_KEY:-provenance}
S3_SECRET_KEY: ${S3_SECRET_KEY:-change-me-too}
S3_REGION: ${S3_REGION:-us-east-1}
# Email / mailer — verification + password-reset links. APP_BASE_URL is the
# base for those links; MAILER=smtp activates the SMTP_* settings.
APP_BASE_URL: ${APP_BASE_URL:-http://localhost}
REQUIRE_EMAIL_VERIFICATION: ${REQUIRE_EMAIL_VERIFICATION:-false}
MAILER: ${MAILER:-console}
SMTP_HOST: ${SMTP_HOST:-}
SMTP_PORT: ${SMTP_PORT:-587}
SMTP_USERNAME: ${SMTP_USERNAME:-}
SMTP_PASSWORD: ${SMTP_PASSWORD:-}
SMTP_FROM: ${SMTP_FROM:-Provenance <no-reply@provenance.local>}
# Model providers (AI assistant + embeddings). Each activates when its key
# is set; DEFAULT_*_PROVIDER picks the default. 'null' keeps AI off.
DEFAULT_LLM_PROVIDER: ${DEFAULT_LLM_PROVIDER:-null}
DEFAULT_EMBEDDING_PROVIDER: ${DEFAULT_EMBEDDING_PROVIDER:-null}
LLM_MAX_TOKENS: ${LLM_MAX_TOKENS:-4096}
EMBEDDING_DIMENSIONS: ${EMBEDDING_DIMENSIONS:-1536}
ANTHROPIC_API_KEY: ${ANTHROPIC_API_KEY:-}
ANTHROPIC_MODEL: ${ANTHROPIC_MODEL:-claude-opus-4-8}
OPENAI_API_KEY: ${OPENAI_API_KEY:-}
OPENAI_BASE_URL: ${OPENAI_BASE_URL:-https://api.openai.com/v1}
OPENAI_MODEL: ${OPENAI_MODEL:-gpt-4o}
OPENAI_EMBEDDING_MODEL: ${OPENAI_EMBEDDING_MODEL:-text-embedding-3-small}
XAI_API_KEY: ${XAI_API_KEY:-}
XAI_BASE_URL: ${XAI_BASE_URL:-https://api.x.ai/v1}
XAI_MODEL: ${XAI_MODEL:-grok-2-latest}
OLLAMA_ENABLED: ${OLLAMA_ENABLED:-false}
OLLAMA_BASE_URL: ${OLLAMA_BASE_URL:-http://localhost:11434/v1}
OLLAMA_MODEL: ${OLLAMA_MODEL:-llama3.1}
OLLAMA_EMBEDDING_MODEL: ${OLLAMA_EMBEDDING_MODEL:-nomic-embed-text}
depends_on:
postgres:
condition: service_healthy