From 3a1395b6af5c366455460f8620265bcc2b2a1b2e Mon Sep 17 00:00:00 2001 From: Justin Paul Date: Wed, 10 Jun 2026 08:38:49 -0400 Subject: [PATCH] compose: forward AI provider + mailer/SMTP env to the backend MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Follow-up to the OWNER_EMAIL passthrough. The backend service env block is an explicit allow-list, so the documented model-provider keys (ANTHROPIC_*, OPENAI_*, XAI_*, OLLAMA_*, DEFAULT_*_PROVIDER, LLM_MAX_TOKENS, EMBEDDING_DIMENSIONS) and mailer settings (MAILER, SMTP_*, APP_BASE_URL, REQUIRE_EMAIL_VERIFICATION) never reached the container — setting them in .env was a no-op. The AI assistant/policy and the SMTP mailer run in the backend, so forward them here. Side fix: APP_BASE_URL was likewise dropped, so outbound email links used the code default http://localhost instead of the configured domain. Now forwarded (verified live: backend reports APP_BASE_URL=https://provenance.paul.farm). Worker is left as-is (it consumes neither today); it'll need the model vars when embedding/matching jobs land. Alternative to this growing allow-list is `env_file: .env` on the service — deferred to avoid forwarding unrelated secrets. Co-Authored-By: Claude Opus 4.8 (1M context) Signed-off-by: Justin Paul --- deploy/docker-compose.yml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/deploy/docker-compose.yml b/deploy/docker-compose.yml index a5557fa..5113c12 100644 --- a/deploy/docker-compose.yml +++ b/deploy/docker-compose.yml @@ -78,6 +78,35 @@ services: S3_ACCESS_KEY: ${S3_ACCESS_KEY:-provenance} S3_SECRET_KEY: ${S3_SECRET_KEY:-change-me-too} S3_REGION: ${S3_REGION:-us-east-1} + # Email / mailer — verification + password-reset links. APP_BASE_URL is the + # base for those links; MAILER=smtp activates the SMTP_* settings. + APP_BASE_URL: ${APP_BASE_URL:-http://localhost} + REQUIRE_EMAIL_VERIFICATION: ${REQUIRE_EMAIL_VERIFICATION:-false} + MAILER: ${MAILER:-console} + SMTP_HOST: ${SMTP_HOST:-} + SMTP_PORT: ${SMTP_PORT:-587} + SMTP_USERNAME: ${SMTP_USERNAME:-} + SMTP_PASSWORD: ${SMTP_PASSWORD:-} + SMTP_FROM: ${SMTP_FROM:-Provenance } + # Model providers (AI assistant + embeddings). Each activates when its key + # is set; DEFAULT_*_PROVIDER picks the default. 'null' keeps AI off. + DEFAULT_LLM_PROVIDER: ${DEFAULT_LLM_PROVIDER:-null} + DEFAULT_EMBEDDING_PROVIDER: ${DEFAULT_EMBEDDING_PROVIDER:-null} + LLM_MAX_TOKENS: ${LLM_MAX_TOKENS:-4096} + EMBEDDING_DIMENSIONS: ${EMBEDDING_DIMENSIONS:-1536} + ANTHROPIC_API_KEY: ${ANTHROPIC_API_KEY:-} + ANTHROPIC_MODEL: ${ANTHROPIC_MODEL:-claude-opus-4-8} + OPENAI_API_KEY: ${OPENAI_API_KEY:-} + OPENAI_BASE_URL: ${OPENAI_BASE_URL:-https://api.openai.com/v1} + OPENAI_MODEL: ${OPENAI_MODEL:-gpt-4o} + OPENAI_EMBEDDING_MODEL: ${OPENAI_EMBEDDING_MODEL:-text-embedding-3-small} + XAI_API_KEY: ${XAI_API_KEY:-} + XAI_BASE_URL: ${XAI_BASE_URL:-https://api.x.ai/v1} + XAI_MODEL: ${XAI_MODEL:-grok-2-latest} + OLLAMA_ENABLED: ${OLLAMA_ENABLED:-false} + OLLAMA_BASE_URL: ${OLLAMA_BASE_URL:-http://localhost:11434/v1} + OLLAMA_MODEL: ${OLLAMA_MODEL:-llama3.1} + OLLAMA_EMBEDDING_MODEL: ${OLLAMA_EMBEDDING_MODEL:-nomic-embed-text} depends_on: postgres: condition: service_healthy