Operations

Configuration

Environment variable reference for Orbit runtime and SDK behavior. For full defaults, check .env.example.

Core

MDE_DATABASE_URLPostgreSQL runtime DSN

MDE_SQLITE_PATHLocal fallback path

MDE_EMBEDDING_DIMEmbedding dimension

Provider Selection

MDE_SEMANTIC_PROVIDERcontext | openai | anthropic | gemini | ollama

MDE_EMBEDDING_PROVIDERdeterministic | openai | anthropic | gemini | ollama

Authentication

ORBIT_ENVdevelopment | production

ORBIT_JWT_SECRETJWT signing secret

ORBIT_JWT_ISSUERExpected issuer claim

ORBIT_JWT_AUDIENCEExpected audience claim

ORBIT_JWT_ALGORITHMJWT signing algorithm

ORBIT_JWT_REQUIRED_SCOPEOptional required scope

Rate Limits

ORBIT_RATE_LIMIT_PER_MINUTERequests per minute

ORBIT_DASHBOARD_KEY_RATE_LIMIT_PER_MINUTEDashboard key-management requests per minute

ORBIT_RATE_LIMIT_EVENTS_PER_MONTHFree plan monthly ingest quota

ORBIT_RATE_LIMIT_QUERIES_PER_MONTHFree plan monthly retrieve quota

ORBIT_RATE_LIMIT_FREE_API_KEYSFree plan active API key cap

ORBIT_RATE_LIMIT_PILOT_PRO_EVENTS_PER_MONTHPilot Pro monthly ingest quota

ORBIT_RATE_LIMIT_PILOT_PRO_QUERIES_PER_MONTHPilot Pro monthly retrieve quota

ORBIT_RATE_LIMIT_PILOT_PRO_API_KEYSPilot Pro active API key cap

ORBIT_PILOT_PRO_ACCOUNT_KEYSComma-separated account_key allowlist for invite-only Pilot Pro

ORBIT_PILOT_PRO_RESEND_API_KEYResend API key for Pilot Pro request notifications

ORBIT_PILOT_PRO_REQUEST_ADMIN_EMAILAdmin destination email for Pilot Pro request notifications

ORBIT_PILOT_PRO_REQUEST_FROM_EMAILSender identity used by Resend for Pilot Pro notifications

ORBIT_PILOT_PRO_EMAIL_TIMEOUT_SECONDSResend request timeout (seconds)

ORBIT_USAGE_WARNING_THRESHOLD_PERCENTUsage warning threshold (dashboard prompts)

ORBIT_USAGE_CRITICAL_THRESHOLD_PERCENTUsage critical threshold (dashboard prompts)

ORBIT_MAX_INGEST_CONTENT_CHARSMax ingest content length

ORBIT_MAX_QUERY_CHARSMax query length

ORBIT_MAX_BATCH_ITEMSMax items in batch request

Dashboard/Auth Mapping

ORBIT_DASHBOARD_AUTO_PROVISION_ACCOUNTSAuto-create account mapping for new JWT identities

ORBIT_CORS_ALLOW_ORIGINSComma-separated browser origins allowed to call API directly

Personalization

MDE_ENABLE_ADAPTIVE_PERSONALIZATIONMaster switch (default: true)

MDE_PERSONALIZATION_REPEAT_THRESHOLDRepeated signals required (default: 3)

MDE_PERSONALIZATION_SIMILARITY_THRESHOLDSemantic similarity threshold (default: 0.82)

MDE_PERSONALIZATION_WINDOW_DAYSObservation window (default: 30)

MDE_PERSONALIZATION_MIN_FEEDBACK_EVENTSFeedback count for preference inference (default: 4)

MDE_PERSONALIZATION_PREFERENCE_MARGINPreference confidence margin (default: 2.0)

Observability

ORBIT_OTEL_SERVICE_NAMEOpenTelemetry service name

ORBIT_OTEL_EXPORTER_ENDPOINTOTLP exporter endpoint

Frontend (Vercel/Next.js)

NEXT_PUBLIC_ORBIT_API_BASE_URLPublic API base URL for docs/UI display

ORBIT_DASHBOARD_PROXY_BASE_URLOptional server-side proxy target override

ORBIT_DASHBOARD_PROXY_AUTH_MODEexchange | static

ORBIT_DASHBOARD_ORBIT_JWT_SECRETExchange-mode JWT signing secret (server only)

ORBIT_DASHBOARD_ORBIT_JWT_ISSUERExchange-mode JWT issuer claim

ORBIT_DASHBOARD_ORBIT_JWT_AUDIENCEExchange-mode JWT audience claim

ORBIT_DASHBOARD_ORBIT_JWT_ALGORITHMHS256 | HS384 | HS512

ORBIT_DASHBOARD_ORBIT_JWT_TTL_SECONDSShort-lived proxy JWT TTL (default 300)

ORBIT_DASHBOARD_SERVER_BEARER_TOKENStatic-mode fallback bearer token (legacy)

ORBIT_DASHBOARD_AUTH_MODEpassword | oidc | disabled

ORBIT_DASHBOARD_AUTH_PASSWORDPassword-mode dashboard login secret

ORBIT_DASHBOARD_OIDC_GOOGLE_CLIENT_IDGoogle OAuth client ID

ORBIT_DASHBOARD_OIDC_GOOGLE_CLIENT_SECRETGoogle OAuth client secret

ORBIT_DASHBOARD_OIDC_GOOGLE_ISSUER_URLOptional Google issuer override (default: accounts.google.com)

ORBIT_DASHBOARD_OIDC_GOOGLE_REDIRECT_URIOptional Google redirect URI override

ORBIT_DASHBOARD_OIDC_GOOGLE_SCOPESOptional Google scopes string

ORBIT_DASHBOARD_OIDC_GITHUB_CLIENT_IDGitHub OAuth app client ID

ORBIT_DASHBOARD_OIDC_GITHUB_CLIENT_SECRETGitHub OAuth app client secret

ORBIT_DASHBOARD_OIDC_GITHUB_REDIRECT_URIOptional GitHub redirect URI override

ORBIT_DASHBOARD_OIDC_GITHUB_SCOPESOptional GitHub scopes string (default: read:user user:email)

ORBIT_DASHBOARD_OIDC_TENANT_CLAIMSOptional comma-separated tenant claim keys (shared fallback)

ORBIT_DASHBOARD_OIDC_ISSUER_URLLegacy single-provider issuer URL (fallback mode)

ORBIT_DASHBOARD_OIDC_CLIENT_IDLegacy single-provider client identifier (fallback mode)

ORBIT_DASHBOARD_OIDC_CLIENT_SECRETLegacy single-provider client secret (fallback mode)

ORBIT_DASHBOARD_ALLOWED_ORIGINSOptional CSRF origin allow-list for dashboard mutations

ORBIT_DASHBOARD_ALLOW_MISSING_ORIGINAllow mutation requests without Origin/Referer (default false; not recommended)

ORBIT_DASHBOARD_OIDC_ALLOW_UNSIGNED_ID_TOKEN_FALLBACKAllow id_token-only OIDC fallback when userinfo fails (default false; not recommended)

ORBIT_DASHBOARD_LOGIN_WINDOW_SECONDSPassword login throttle window

ORBIT_DASHBOARD_LOGIN_MAX_ATTEMPTSMax failed password attempts per window

ORBIT_DASHBOARD_LOGIN_LOCKOUT_SECONDSPassword lockout duration after threshold

ORBIT_DASHBOARD_SESSION_SECRETHMAC secret for HTTP-only dashboard session cookie

ORBIT_DASHBOARD_SESSION_TTL_SECONDSOptional session TTL (default 43200)

Persistence internals

Idempotent write state is persisted in api_idempotency. Account quota counters are persisted in api_account_usage.

Monitoring ->