Skip to content
LogoLogo

Configuration

Most Centaur settings come from Helm values and are rendered into service environment variables by service-specific templates under contrib/chart/templates/.

Use these as the main extension points:

SourceUse
secretManager.existingSecretNameRequired runtime secrets such as database, Slack, sandbox signing, and 1Password credentials.
api.extraEnvAPI feature flags, worker tuning, retention, observability, and deployment-specific overrides.
apiRs.extraEnvRust API feature flags, telemetry exporter settings, and deployment-specific overrides.
apiRs.metrics.*Prometheus/VictoriaMetrics scrape metadata for the Rust API /metrics endpoint.
slackbot.extraEnvSlackbot HTTP, Slack, feedback, and cross-org behavior.
sandbox.extraEnvExtra variables copied into every sandbox pod through KUBERNETES_SANDBOX_EXTRA_ENV.
overlays.sourcesOrdered repo-cache-backed overlay repos for tools, workflows, and skills; subdirs default to tools, workflows, and .agents/skills.
overlay.systemPromptSmall inline prompt overlay escape hatch.

Tool credentials are not listed here. Tool plugins declare their own secrets in tools/**/pyproject.toml; Centaur resolves them through secret(...) and iron-proxy instead of treating them as global platform configuration.

Required

These must exist for the normal Helm deployment. For local development, just bootstrap-secrets creates centaur-infra-env from your shell.

Env varSet fromControls
DATABASE_URLsecretManager.existingSecretName; local bootstrap generates it.API and Slackbot Postgres connection.
SLACK_SIGNING_SECRETsecretManager.existingSecretName; local bootstrap reads shell env.Slack request signature verification.
SLACKBOT_API_KEYsecretManager.existingSecretName; local bootstrap reads shell env.Static API key bootstrapped for Slackbot.
SLACK_BOT_TOKENsecretManager.existingSecretName; local bootstrap reads shell env.Slack Web API access for Slackbot and api-rs Slack helpers.
SANDBOX_SIGNING_KEYsecretManager.existingSecretName; local bootstrap generates it.Signing key for short-lived sandbox API tokens.
IRON_MANAGEMENT_API_KEYsecretManager.existingSecretName; local bootstrap generates it.Management key for API-created iron-proxy pods.
IRON_BROKER_TOKENsecretManager.existingSecretName; required when tokenBroker.enabled=true.Bearer token iron-proxy presents to iron-token-broker and the broker enforces on its HTTP API.
OP_SERVICE_ACCOUNT_TOKENLocal shell, then centaur-infra-env; production Secret.1Password service-account auth when using onepassword secret source.
OP_VAULTLocal shell, then centaur-infra-env; defaults to ai-agents in code.1Password vault used for op://... secret refs.

Optional required-by-mode variables:

Env varSet fromControls
OP_CONNECT_CREDENTIALS_FILELocal shell before just deploy.Enables the 1Password Connect subchart and creates its credentials Secret.
OP_CONNECT_TOKENSecret or local bootstrap shell env.Token used by iron-proxy when ironProxy.secretSource=onepassword-connect.
LOCAL_DEV_API_KEYAPI env.Static local admin/dev key bootstrapped into Postgres.
TEAMS_BOT_APP_ID, TEAMS_BOT_APP_PASSWORD, TEAMS_BOT_APP_TENANT_IDLocal shell before just bootstrap-secrets; production Secret.Required by Teamsbot when teamsbot.enabled=true.
TEAMSBOT_API_KEYsecretManager.existingSecretName; local bootstrap generates it when Teams credentials are present and it is omitted.Static API key used by Teamsbot.

API

Env varSet fromControls
CENTAUR_DEFAULT_HARNESSapi.defaultHarness.Default harness for new executions.
CENTAUR_ENVIRONMENTapi.extraEnv or deployment env.Environment label in traces and telemetry.
CENTAUR_LOG_LEVEL, LOG_LEVELHelm sets CENTAUR_LOG_LEVEL=info; override in api.extraEnv.API log level.
CENTAUR_SERVICE_NAMEapi.extraEnv.Default API log service field.
SHUTDOWN_DRAIN_TIMEOUT_Sapi.extraEnv.Graceful shutdown wait for in-flight HTTP requests.
EXECUTION_WORKER_ENABLEDapi.executionWorkerEnabled.Starts the durable agent execution worker.
WORKFLOW_WORKER_ENABLEDapi.workflowWorkerEnabled.Starts the durable workflow worker.
WARM_POOL_ENABLEDapi.warmPoolEnabled.Starts warm sandbox replenishment.
PLUGIN_WATCHER_ENABLEDapi.pluginWatcherEnabled.Enables tool and workflow hot-reload watchers.
TOOL_DIRS, PLUGINS_DIRChart-rendered from overlays.sources[*].toolsSubdir (default tools); fallback to PLUGINS_DIR.Tool discovery paths.
WORKFLOW_DIRSChart-rendered from overlays.sources[*].workflowsSubdir (default workflows).Workflow discovery paths.
SLACKBOT_URLChart-rendered Slackbot service URL.API callback target for Slack delivery.
FINAL_DELIVERY_MAX_ATTEMPTS, FINAL_DELIVERY_READY_GRACE_Sapi.extraEnv.Final-delivery retry and claim timing.
CENTAUR_ENABLE_GCLOUD_BOOTSTRAP, GCP_GCLOUD_CREDENTIAL, GCLOUD_PROJECTapi.extraEnv or Secret.Optional gcloud ADC bootstrap in the API container.
CLAUDE_MODEL, CODEX_MODELapi.extraEnv or request model override.Harness model selection defaults. When set via sandbox.extraEnv, the chart also mirrors them into slackbotv2 and the Console so their model displays track the deployment.

API-RS

Env var or valueSet fromControls
RUST_LOGChart sets info; override with apiRs.extraEnv.Rust tracing filter for the API-RS binary and crates.
OTEL_SERVICE_NAMEapiRs.extraEnv; defaults to centaur-api-rs.OpenTelemetry service name used by trace backends.
CENTAUR_ENVIRONMENT, DEPLOY_ENV, ENVIRONMENTapiRs.extraEnv or deployment env.Deployment environment resource attribute for telemetry.
OTEL_TRACES_EXPORTERapiRs.extraEnv.Set to otlp to force OTLP trace export, or none/off to disable it.
OTEL_EXPORTER_OTLP_ENDPOINT, OTEL_EXPORTER_OTLP_TRACES_ENDPOINTapiRs.extraEnv.Enables OTLP trace export to Tempo, Jaeger, or another OTLP collector.
apiRs.metrics.scrapeAnnotationsHelm value, default true.Adds Prometheus scrape annotations to the API-RS Pod template and Service.
apiRs.metrics.pathHelm value, default /metrics.Metrics scrape path for annotation-based discovery.
apiRs.metrics.annotationsHelm value.Additional scrape annotations for Prometheus-compatible collectors.
apiRs.activitySummary.*Helm values, default disabled.Enables API-RS to summarize live session activity into durable session.activity_summary events.
SLACK_BOT_TOKENExplicit secretKeyRef from secretManager.existingSecretName.Slack Web API access for api-rs Slack proxy and workflow Slack helpers.
OPENAI_API_KEYSecret mounted into api-rs, or apiRs.extraEnv for local/dev overrides.OpenAI credential for activity summaries; the feature stays disabled when no key is present.
SESSION_ACTIVITY_SUMMARY_MODELapiRs.activitySummary.model, default gpt-5.4-nano.Model used for the short live activity sentence.

Sandbox lifecycle:

Env var or valueSet fromControls
SESSION_IDLE_TIMEOUT_MSslackbotv2.extraEnv; default is up to 3 hours.Slackbot v2 execute idle timeout. After an execution reaches a terminal state, api-rs pauses the sandbox if no newer execution has used that sandbox. If SESSION_MAX_DURATION_MS is lower than 3 hours and this value is unset, Slackbot v2 caps the default idle timeout to the max duration.
SESSION_MAX_DURATION_MSslackbotv2.extraEnv.Optional per-execution max duration forwarded to api-rs. api-rs rejects requests where idle_timeout_ms is greater than max_duration_ms.
apiRs.sandboxMaxLifetimeSecs / SESSION_SANDBOX_MAX_LIFETIME_SECSHelm value, default 259200 (72 hours).Restart-surviving sandbox deletion backstop. The reaper stops any non-terminal sandbox older than this, regardless of whether it is running or suspended. Set 0 to disable max-lifetime reaping.
apiRs.sandboxReapIntervalSecs / SESSION_SANDBOX_REAP_INTERVAL_SECSHelm value, default 300.How often api-rs sweeps observed sandboxes for max-lifetime expiry.

There is no separate suspended-only delete timer. Pausing is controlled by the per-execution idle timeout; deletion is controlled by sandbox max lifetime.

Execution tuning:

Env varSet fromControls
EXECUTION_WORKER_CONCURRENCYapi.extraEnv.Max concurrent execution claims.
EXECUTION_RESERVED_USER_SLOTSapi.extraEnv.Worker slots reserved for user-facing requests.
EXECUTION_WORKER_LEASE_Sapi.extraEnv.Execution claim lease duration.
EXECUTION_SILENCE_TIMEOUT_S, EXECUTION_TOOL_SILENCE_TIMEOUT_S, EXECUTION_HARD_TIMEOUT_Sapi.extraEnv.Execution watchdog and absolute timeouts.
EXECUTION_WATCHDOG_POLL_S, EXECUTION_RECONCILE_INTERVAL_S, EXECUTION_STALE_RECOVERY_INTERVAL_Sapi.extraEnv.Execution watchdog and reconciliation cadence.
EXECUTION_RECONCILE_STARTUP_LIMITapi.extraEnv.Max interrupted executions recovered at startup.
EXECUTION_STREAM_EOF_RETRY_DELAY_Sapi.extraEnv.Delay before retrying interrupted sandbox streams.
THREAD_FAILURE_LOOP_WINDOW_S, THREAD_FAILURE_LOOP_THRESHOLDapi.extraEnv.Repeated thread failure detection.
IDLE_TTL_S, SUSPENDED_RETENTION_S, MAX_ACTIVE_SANDBOX_SESSIONSapi.extraEnv.Sandbox cleanup limits.
STREAM_EOF_REATTACH_MAX, STREAM_EOF_REATTACH_BACKOFF_Sapi.extraEnv.Stream reattach retry behavior.
SANDBOX_CROSS_THREAD_READSapi.extraEnv.Lets a sandbox token read any thread it has the key for (messages, status, attachments). Defaults to enabled. Set to 0 to confine reads to the token's own thread. Writes are always confined regardless.

Slackbot

Env varSet fromControls
NODE_ENVRuntime env.Development route listing and telemetry environment fallback.
PORTRuntime env.Slackbot HTTP port.
SLACK_API_URLslackbot.extraEnv.Optional Slack Web API base URL override.
CENTAUR_API_URLChart-rendered API service URL.API base URL used by Slackbot.
CENTAUR_SLACK_EVENTS_PATHslackbot.extraEnv.Slack Events API route; defaults to /api/webhooks/slack.
RUNTIME_ERROR_ALERT_CHANNELslackbot.runtimeErrorAlertChannel.Slack channel for runtime error alerts.
SLACK_EVENT_DEDUP_TTL_MSslackbot.extraEnv.Slack event dedupe window.
SLACK_SIGNATURE_MAX_AGE_SECONDSslackbot.extraEnv.Maximum accepted Slack signature age.
LINEAR_API_KEYSecret or slackbot.extraEnv.Enables Slack feedback commands to create Linear issues.
SLACK_FEEDBACK_COMMANDS, SLACK_FEEDBACK_ALLOWED_CHANNELSslackbot.extraEnv.Feedback slash commands and optional channel allowlist.
SLACK_FEEDBACK_LINEAR_TEAM_ID, SLACK_FEEDBACK_LINEAR_PROJECT_IDslackbot.extraEnv.Linear destination for feedback issues.
SLACKBOT_EXTERNAL_ORG_ALLOWLISTslackbot.extraEnv.Slack team ids allowed for external org handoff.
SLACK_TEAM_IDslackbot.extraEnv.Workspace team ID (e.g. T01ABCD2EFG) used to rewrite https://*.slack.com/archives/... URLs in final-delivery messages into native slack://channel?team=... deep links that open in the Slack app. Leave unset to keep archive URLs unchanged.
COMMIT_SHABuild/deploy env.Commit shown in Slackbot metadata.

Teamsbot

Env varSet fromControls
PORTRuntime env.Teamsbot HTTP port; defaults to 3100.
LOG_LEVELRuntime env.Teamsbot JSON log level: debug, info, warn, error, or silent.
CENTAUR_API_URLChart-rendered API service URL.API base URL used by Teamsbot; local default is http://127.0.0.1:8080.
CENTAUR_API_KEY, TEAMSBOT_API_KEYSecret/env fallback.Static API key used by Teamsbot to call the API.
TEAMSBOT_DATABASE_URL, DATABASE_URL, POSTGRES_URLSecret.Teamsbot Postgres state store. The service refuses to boot without one unless tests/dev inject a state store.
TEAMSBOT_STATE_KEY_PREFIXRuntime env.Postgres state namespace; defaults to centaur-teamsbot.
TEAMS_BOT_APP_ID, TEAMS_BOT_APP_PASSWORD, TEAMS_BOT_APP_TENANT_IDSecret.Required Bot Framework app credentials.
TEAMS_ALLOWED_TEAM_IDS, TEAMS_ALLOWED_CHANNEL_IDS, TEAMS_ALLOWED_TENANT_IDSteamsbot.allowedTeamIds, teamsbot.allowedChannelIds, teamsbot.allowedTenantIds.Comma-separated allowlists. Empty means Teamsbot ignores all Teams messages. Personal chats require an allowed tenant id.
TEAMS_REQUIRE_MENTIONteamsbot.requireMention.Requires a bot mention before activating a thread; defaults to true.
TEAMS_DEFAULT_HARNESS_TYPEsandbox.harnessEngine.Default harness requested for new Teams sessions. Existing harness conflicts retry on the session's current harness.
SESSION_IDLE_TIMEOUT_MS, SESSION_MAX_DURATION_MSRuntime env.Forwarded to api-rs execute. TEAMS_IDLE_TIMEOUT_MS and TEAMS_MAX_DURATION_MS override these for Teams only.
TEAMS_ACTIVE_EXECUTION_TTL_MSRuntime env.Stale execution timeout used to unwedge Teams threads after crashes.
TEAMS_DOWNLOAD_ATTACHMENTSteamsbot.downloadAttachments.Enables allowed Teams attachment downloads into base64 payloads; defaults to false.
TEAMS_ATTACHMENT_MAX_BYTES, TEAMS_ATTACHMENT_ALLOWED_HOSTSRuntime env.Attachment download size cap and HTTPS host allowlist.
TEAMS_GRAPH_BEARER_TOKEN, TEAMS_GRAPH_TOKEN_SCOPERuntime env or Secret.Optional Graph auth fallback for Graph/SharePoint-backed attachment URLs.

Sandbox

API-set variables:

Env varSet fromControls
AGENT_IMAGEsandbox.image.*.Sandbox image used by the Kubernetes backend.
AGENT_API_URLChart-rendered API service URL.Source for sandbox CENTAUR_API_URL; required by Kubernetes backend.
CENTAUR_API_URL, CENTAUR_THREAD_KEY, CENTAUR_TRACE_IDAPI sandbox creation.API callback, thread key, and trace id.
AMP_MODE, AMP_THREAD_VISIBILITY, AMP_CONTINUE_THREAD_IDAPI env or resume path.Amp mode and resume behavior.
FIREWALL_HOST, HTTPS_PROXY, HTTP_PROXY, NO_PROXY and lowercase variantsAPI sandbox creation.Routes sandbox egress through per-sandbox iron-proxy.
NODE_EXTRA_CA_CERTS, REQUESTS_CA_BUNDLE, SSL_CERT_FILE, GIT_SSL_CAINFOAPI sandbox creation.Trust bundle for proxied TLS.
PG_PROXY_PASSWORD_<SECRET_NAME>, <PG_DSN_SECRET_NAME>API per-sandbox proxy creation.Proxied Postgres credentials for tools that declare pg_dsn secrets.

Kubernetes backend:

Env varSet fromControls
KUBERNETES_NAMESPACE, POD_NAMESPACE, KUBERNETES_KUBECONFIGChart namespace, downward API, or api.extraEnv.Kubernetes client namespace/config.
KUBERNETES_AGENT_IMAGE_PULL_POLICY, KUBERNETES_SANDBOX_IMAGE_PULL_SECRETSsandbox.image.pullPolicy, global.imagePullSecrets.Sandbox image pull behavior.
KUBERNETES_SANDBOX_RUNTIME_CLASS_NAME, KUBERNETES_SANDBOX_SERVICE_ACCOUNT_NAMEsandbox.runtimeClassName, api.extraEnv.Pod runtime class and service account.
KUBERNETES_SANDBOX_CPU_LIMIT, KUBERNETES_SANDBOX_MEMORY_LIMIT, KUBERNETES_SANDBOX_CPU_REQUEST, KUBERNETES_SANDBOX_MEMORY_REQUESTsandbox.resources.*.Sandbox pod resources.
KUBERNETES_SANDBOX_READY_TIMEOUT_S, KUBERNETES_ATTACH_LOG_TAIL_LINESapi.extraEnv.Sandbox readiness and attach diagnostics.
SESSION_SANDBOX_RUNNING_LIMIT, SESSION_SANDBOX_HOT_IDLE_GRACE_SECSapiRs.sandboxRunningLimit, apiRs.sandboxHotIdleGraceSecs.Capacity admission for running-like sandboxes; discards ready warm sandboxes first, then pauses least-recently-active idle sessions outside the grace window.
SESSION_SANDBOX_CLEANUP_INTERVAL_SECS, SESSION_SANDBOX_IDLE_CLEANUP_BACKSTOP_SECSapiRs.sandboxCleanupIntervalSecs, apiRs.sandboxIdleCleanupBackstopSecs.DB-aware cleanup of unreferenced sandboxes and restart recovery for idle pauses. Persisted idle_timeout_ms is honored after restart; the backstop is the fallback for older execution rows without that metadata.
KUBERNETES_SANDBOX_EXTRA_ENVsandbox.extraEnv.JSON list copied into each sandbox.
KUBERNETES_WORKFLOW_DIRSChart-rendered from overlays.sources[*].workflowsSubdir (default workflows) using the sandbox repo-cache mount prefix.Workflow-host sandbox discovery paths.
KUBERNETES_FIREWALL_CA_SECRET_NAME, KUBERNETES_FIREWALL_CA_KEY_SECRET_NAMEfirewall.existingCa* or generated CA Secrets.CA material for sandbox/proxy TLS interception.
KUBERNETES_SECRET_ENV_NAME, KUBERNETES_SECRET_ENV_PREFIX, KUBERNETES_BOOTSTRAP_SECRET_NAMEsecretManager.*, secrets.bootstrapSecretName.Secrets read by API-created proxy/sandbox pods.
KUBERNETES_IRON_PROXY_IMAGE, KUBERNETES_IRON_PROXY_IMAGE_PULL_POLICY, KUBERNETES_IRON_PROXY_PORT, KUBERNETES_IRON_PROXY_MANAGEMENT_PORT, KUBERNETES_IRON_PROXY_HEALTH_PORTironProxy.*.Per-sandbox iron-proxy image and ports.
FIREWALL_MANAGER_SECRET_SOURCE, FIREWALL_MANAGER_SECRET_TTL, KUBERNETES_FIREWALL_MANAGER_SECRET_SOURCEironProxy.secretSource, ironProxy.secretTtl.Secret source and cache TTL for rendered proxy config.
FIREWALL_MANAGER_TOKEN_BROKER_TTLtokenBroker.ttl.Proxy-side cache TTL for access tokens minted by iron-token-broker. Applied to every brokered_token secret.
KUBERNETES_TOKEN_BROKER_NAME, KUBERNETES_TOKEN_BROKER_URLtokenBroker.*.iron-token-broker Deployment name and ClusterIP URL. The chart owns the broker Deployment, Service, and NetworkPolicies; the API reconciles its ConfigMap and triggers a rolling restart when the rendered content changes.
KUBERNETES_OP_CONNECT_HOST, KUBERNETES_OP_CONNECT_APP_NAME, KUBERNETES_OP_CONNECT_PORTChart helper or api.extraEnv.1Password Connect endpoint details.
KUBERNETES_API_POD_LABEL_SELECTORChart-rendered labels or api.extraEnv.API pod selector for API-managed proxy policies.
KUBERNETES_EGRESS_DISCOVERY_ENABLED, KUBERNETES_EGRESS_SERVICE_NAMESPACE, KUBERNETES_CLUSTER_DOMAIN, KUBERNETES_EGRESS_TAILNET_FQDN_ANNOTATIONapi.egressDiscovery.*.Egress service discovery for sandbox NetworkPolicies.
REPOS_PATHsandbox.reposPath.Repo cache path mounted into sandboxes.

Sandbox entrypoint and wrappers:

Env varSet fromControls
CENTAUR_HARNESS_CONFIG_DIR, CENTAUR_HARNESS_ADAPTERSandbox image or sandbox.extraEnv.Harness config directory and optional adapter executable.
CENTAUR_SKILL_DIRSChart-rendered from overlays.sources[*].skillsSubdir (default .agents/skills) through SESSION_SANDBOX_EXTRA_ENV.Ordered skill directories copied into the agent workspace.
AGENT_REPO, AGENT_PERSONARuntime assignment metadata.Workspace repo clone and persona prompt.
GOOGLE_APPLICATION_CREDENTIALSSandbox entrypoint or sandbox.extraEnv.Google ADC path; entrypoint creates a local stub when unset.
CODEX_API_KEY, CODEX_HOME, CODEX_CONTINUE_THREAD_IDsandbox.extraEnv or runtime resume.Codex auth/config/resume behavior.
CODEX_AUTH_MODEsandbox.extraEnv.Codex auth flow: api_key (default, hits api.openai.com) or access_token (hits chatgpt.com via the brokered ChatGPT login). See Codex Auth Modes.
META_AI_API_KEYSecret mounted into api-rs.Meta AI direct credential for Codex provider responses and Slack or Linear --meta selection.
CODEX_MODEL_REASONING_SUMMARYsandbox.extraEnv.Sets model_reasoning_summary in the Codex config (auto, concise, detailed, none). Codex >= 0.139 emits no reasoning summaries unless this is set, so renderers show no thinking trace.
CODEX_MODEL_REASONING_EFFORTsandbox.extraEnv.Overrides the codex model_reasoning_effort (baked into harness/codex/config.toml) by patching the per-sandbox ~/.codex/config.toml at boot, without forking the image. One of none, minimal, low, medium, high, xhigh, max; an unknown value is ignored (the config default stands).
CLAUDE_MODEL, CLAUDE_CONTINUE_SESSION_IDsandbox.extraEnv or runtime resume.Claude model and resume behavior.
CLAUDE_CODE_AUTH_MODEsandbox.extraEnv.Claude Code auth flow: api_key (default, uses ANTHROPIC_API_KEY) or access_token (Claude.ai Pro or Max via the brokered OAuth login). See Claude Auth Modes.
DEPLOY_ENV, ENVIRONMENT, TRACEPARENTDeployment env or wrapper-generated.Runtime environment and trace context.
CALL_TIMEOUT_SECONDSSandbox env before running call.Curl watchdog for API tool calls.
SLACK_CHANNEL, SLACK_THREAD_TSSandbox env.File-upload helper target.

Workflows

Env varSet fromControls
WORKFLOW_WORKER_CONCURRENCY, WORKFLOW_WORKER_LEASE_Sapi.extraEnv.Workflow worker pool size and lease duration.
WORKFLOW_RECONCILE_INTERVAL_S, WORKFLOW_RESUSPEND_BACKOFF_Sapi.extraEnv.Workflow claim/reclaim cadence.
WORKFLOW_SCHEDULE_TICK_INTERVAL_S, WORKFLOW_SCHEDULE_CATCHUP_LIMIT, WORKFLOW_SCHEDULE_MISFIRE_GRACE_Sapi.extraEnv.Scheduled workflow timing and catch-up behavior.
MY_THREAD_KEY, <WORKFLOW_NAME>_THREAD_KEY, <WORKFLOW_NAME>_SLACK_CHANNELWorkflow-specific env.Fallback thread/channel targets for workflow agent steps.
<WEBHOOK_SECRET_REF>API env or Secret named by a workflow WebhookSpec.HMAC secret for public workflow webhooks, for example GITHUB_WEBHOOK_SECRET.

Slack ETL workflows:

Env varSet fromControls
SLACK_ETL_ENABLEDapiRs.etl.slack.enabled.Master switch for Slack sync/backfill/context schedules.
SLACK_SYNC_INTERVAL_SECONDS, SLACK_BACKFILL_INTERVAL_SECONDS, COMPANY_CONTEXT_DOCUMENTS_INTERVAL_SECONDSapiRs.etl.slack.syncIntervalSeconds, apiRs.etl.slack.backfill.intervalSeconds, apiRs.etl.companyContextDocuments.intervalSeconds.Slack ETL schedule intervals.
SLACK_SYNC_BACKFILL_LOOKBACK_DAYS, SLACK_SYNC_THREAD_LOOKBACK_DAYSapiRs.etl.slack.syncBackfillLookbackDays, apiRs.etl.slack.syncThreadLookbackDays.Slack history/thread lookback windows.
SLACK_SYNC_INDEX_PRIVATE_CHANNELSapiRs.etl.slack.indexPrivateChannels.Includes private channels visible to the ETL token.
SLACK_ETL_EXCLUDED_CHANNEL_PATTERNSapiRs.etl.slack.excludedChannelPatterns.Comma-separated channel-name globs to skip.
SLACK_BACKFILL_ENABLED, SLACK_BACKFILL_CHANNEL_BATCH_LIMIT, SLACK_BACKFILL_CHANNEL_PAGES_PER_JOBapiRs.etl.slack.backfill.*.Backfill enablement and batch sizing.
SLACK_RETENTION_ENABLED, SLACK_RETENTION_INTERVAL_MINUTES, SLACK_ETL_RETENTION_DAYS, SLACK_DM_RETENTION_DAYSapiRs.etl.slack.retention.*.Slack retention enablement, cadence, and separate public ETL/DM TTLs.
COMPANY_CONTEXT_DOCUMENTS_ENABLEDapiRs.etl.companyContextDocuments.enabled.Enables company-context projection when any ETL is on.
COMPANY_CONTEXT_DOCUMENTS_MAX_WINDOW_SECONDSapiRs.etl.companyContextDocuments.maxWindowSeconds.Maximum source updated_at window projected by one company-context documents run.

Google Workspace ETL workflows:

Env varSet fromControls
GOOGLE_DRIVE_ETL_ENABLEDapiRs.etl.googleDrive.enabled.Enables Google Drive Docs sync.
GOOGLE_DRIVE_SYNC_INTERVAL_SECONDSapiRs.etl.googleDrive.syncIntervalSeconds.Google Drive Docs sync schedule interval.
GOOGLE_CALENDAR_ETL_ENABLEDapiRs.etl.googleCalendar.enabled.Enables Google Calendar sync.
GOOGLE_CALENDAR_SYNC_INTERVAL_SECONDSapiRs.etl.googleCalendar.syncIntervalSeconds.Google Calendar sync schedule interval.

Linear ETL workflows:

Env varSet fromControls
LINEAR_ETL_ENABLEDapiRs.etl.linear.enabled.Enables Linear project/issue/comment sync.
LINEAR_SYNC_INTERVAL_SECONDSapiRs.etl.linear.syncIntervalSeconds.Linear sync schedule interval.

Observability and Retention

Env varSet fromControls
VICTORIAMETRICS_URL, VICTORIAMETRICS_PUSH_ENABLEDapi.extraEnv, api.victoriaMetricsPushEnabled.Push-based API metrics.
apiRs.metrics.*Helm values.Pull-based scrape metadata for API-RS Prometheus metrics.
CENTAUR_RETENTION_ATTACHMENTS_TTL_DAYS, CENTAUR_RETENTION_TRANSCRIPTS_TTL_DAYSapi.extraEnv.Attachment/transcript retention TTLs.
CENTAUR_RETENTION_SWEEP_INTERVAL_SECONDS, CENTAUR_RETENTION_BATCH_SIZE, CENTAUR_RETENTION_DRY_RUNapi.extraEnv.Retention sweep cadence, batch size, and dry-run mode.
TOOL_CALL_TIMEOUT_S, TOOL_BINARY_INLINE_MAX_BYTES, TOOL_BINARY_PREVIEW_BYTESapi.extraEnv.Tool execution timeout and binary result handling.

Local Scripts

Env varSet fromControls
CENTAUR_NAMESPACE, CENTAUR_RELEASELocal shell or .env.Namespace/release used by just and debug scripts.
JUST_BUILD_SEQUENTIALLocal shell.Builds service images sequentially.
CENTAUR_API_URLLocal shell.API target for contrib scripts.
MUESLI_API_KEYLocal shell.API key for the Muesli meeting ingest helper.
MUESLI_CLI, MUESLI_HOST, MUESLI_PUSH_LOG, MUESLI_SLACK_CHANNELLocal shell.Muesli meeting ingest helper behavior.