3a1395b6af
Follow-up to the OWNER_EMAIL passthrough. The backend service env block is an explicit allow-list, so the documented model-provider keys (ANTHROPIC_*, OPENAI_*, XAI_*, OLLAMA_*, DEFAULT_*_PROVIDER, LLM_MAX_TOKENS, EMBEDDING_DIMENSIONS) and mailer settings (MAILER, SMTP_*, APP_BASE_URL, REQUIRE_EMAIL_VERIFICATION) never reached the container — setting them in .env was a no-op. The AI assistant/policy and the SMTP mailer run in the backend, so forward them here. Side fix: APP_BASE_URL was likewise dropped, so outbound email links used the code default http://localhost instead of the configured domain. Now forwarded (verified live: backend reports APP_BASE_URL=https://provenance.paul.farm). Worker is left as-is (it consumes neither today); it'll need the model vars when embedding/matching jobs land. Alternative to this growing allow-list is `env_file: .env` on the service — deferred to avoid forwarding unrelated secrets. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Signed-off-by: Justin Paul <justin@jpaul.me>