compose: forward AI provider + mailer/SMTP env to the backend #242

Merged
justin merged 1 commits from compose-ai-smtp-passthrough into main 2026-06-10 08:39:04 -04:00
Owner

Follow-up to #241. The backend env block is an explicit allow-list, so the documented model-provider keys (ANTHROPIC_*, OPENAI_*, XAI_*, OLLAMA_*, DEFAULT_*_PROVIDER, LLM_MAX_TOKENS, EMBEDDING_DIMENSIONS) and mailer settings (MAILER, SMTP_*, APP_BASE_URL, REQUIRE_EMAIL_VERIFICATION) never reached the container — setting them in .env was a no-op. The assistant/AI-policy and the SMTP mailer run in the backend, so forward them there.

Side fix: APP_BASE_URL was also dropped, so outbound email links used the code default http://localhost instead of the configured domain. Now forwarded — verified live: backend reports APP_BASE_URL=https://provenance.paul.farm.

Verified on prod: all forwarded vars present in the backend container; app healthy (/health/ready 200, /api/v1/public/trees 200).

Worker left as-is (consumes neither today). env_file: .env is the alternative to a growing allow-list — deferred to avoid forwarding unrelated secrets into the app process.

🤖 Generated with Claude Code

Follow-up to #241. The backend env block is an explicit allow-list, so the documented model-provider keys (`ANTHROPIC_*`, `OPENAI_*`, `XAI_*`, `OLLAMA_*`, `DEFAULT_*_PROVIDER`, `LLM_MAX_TOKENS`, `EMBEDDING_DIMENSIONS`) and mailer settings (`MAILER`, `SMTP_*`, `APP_BASE_URL`, `REQUIRE_EMAIL_VERIFICATION`) never reached the container — setting them in `.env` was a no-op. The assistant/AI-policy and the SMTP mailer run in the backend, so forward them there. **Side fix:** `APP_BASE_URL` was also dropped, so outbound email links used the code default `http://localhost` instead of the configured domain. Now forwarded — verified live: backend reports `APP_BASE_URL=https://provenance.paul.farm`. Verified on prod: all forwarded vars present in the backend container; app healthy (`/health/ready` 200, `/api/v1/public/trees` 200). Worker left as-is (consumes neither today). `env_file: .env` is the alternative to a growing allow-list — deferred to avoid forwarding unrelated secrets into the app process. 🤖 Generated with [Claude Code](https://claude.com/claude-code)
justin added 1 commit 2026-06-10 08:39:03 -04:00
Follow-up to the OWNER_EMAIL passthrough. The backend service env block is an
explicit allow-list, so the documented model-provider keys (ANTHROPIC_*,
OPENAI_*, XAI_*, OLLAMA_*, DEFAULT_*_PROVIDER, LLM_MAX_TOKENS,
EMBEDDING_DIMENSIONS) and mailer settings (MAILER, SMTP_*, APP_BASE_URL,
REQUIRE_EMAIL_VERIFICATION) never reached the container — setting them in .env
was a no-op. The AI assistant/policy and the SMTP mailer run in the backend, so
forward them here.

Side fix: APP_BASE_URL was likewise dropped, so outbound email links used the
code default http://localhost instead of the configured domain. Now forwarded
(verified live: backend reports APP_BASE_URL=https://provenance.paul.farm).

Worker is left as-is (it consumes neither today); it'll need the model vars when
embedding/matching jobs land. Alternative to this growing allow-list is
`env_file: .env` on the service — deferred to avoid forwarding unrelated secrets.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Signed-off-by: Justin Paul <justin@jpaul.me>
justin merged commit 519f1c31b5 into main 2026-06-10 08:39:04 -04:00
justin deleted branch compose-ai-smtp-passthrough 2026-06-10 08:39:04 -04:00
Sign in to join this conversation.