Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/nicolas344/Sentinel-SoftServe/llms.txt

Use this file to discover all available pages before exploring further.

Sentinel is configured entirely through environment variables. The backend reads from Backend/.env and the frontend reads from Frontend/.env.local. Neither file is committed to the repository — you must create them from the examples below before starting the application.
Create the file at Backend/.env. All variables marked required must be set before the backend will start successfully.

Supabase

VariableRequiredDescription
SUPABASE_URLYour Supabase project URL, e.g. https://xxxx.supabase.co
SUPABASE_SERVICE_KEYSupabase service role key — used by the backend for privileged database access
SUPABASE_JWT_SECRETJWT secret for validating user tokens (found in Supabase → Project Settings → API)

OpenAI

VariableRequiredDefaultDescription
OPENAI_API_KEYOpenAI API key (sk-...) used by all LangGraph agents
OPENAI_MODELNogpt-4o-miniModel name passed to every LLM call

LangFuse observability

VariableRequiredDefaultDescription
LANGFUSE_PUBLIC_KEYNoLangFuse public key (pk-lf-...) for tracing agent runs
LANGFUSE_SECRET_KEYNoLangFuse secret key (sk-lf-...)
LANGFUSE_HOSTNohttp://localhost:3001LangFuse server URL — set to the Docker service name when running inside Compose

Infrastructure URLs

VariableRequiredDefaultDescription
LOKI_URLNohttp://localhost:3100Loki log query endpoint used by the investigation agents
CHROMA_HOSTNohttp://localhost:8001ChromaDB HTTP endpoint for RAG and episodic memory
PROMETHEUS_URLNohttp://localhost:9090Prometheus query API
ALERTMANAGER_URLNohttp://localhost:9093Alertmanager management API
Inside Docker Compose, the service names replace localhost in these URLs. The docker-compose.yml overrides them automatically (e.g. CHROMA_HOST=http://chromadb:8000). The values in Backend/.env are the defaults used when running the backend outside of Compose (e.g. uvicorn main:app --reload).

Webhook authentication

VariableRequiredDescription
ALERT_WEBHOOK_SECRETShared secret for the /api/alerts webhook endpoint. Must match the credentials value in alertmanager/alertmanager.yml.
ALERT_WEBHOOK_SECRET must be identical in Backend/.env and in alertmanager/alertmanager.yml under http_config.authorization.credentials. If they differ, Alertmanager’s POST requests will be rejected with HTTP 401 and no incidents will be created automatically. In development you may omit the variable to leave the webhook open, but this is not safe in any shared environment.

CORS

VariableRequiredDefaultDescription
CORS_ORIGINSNohttp://localhost:5173,http://127.0.0.1:5173Comma-separated list of allowed origins for browser requests
CORS_ORIGIN_REGEXNo^http://(\d{1,3}\.){3}\d{1,3}:5173$Regex for dynamically matching allowed origins — the default permits any LAN IP on port 5173

PostgreSQL (demo instance)

The demo PostgreSQL instance started by Compose is reachable via either a full DSN or individual variables:
VariableDefaultDescription
POSTGRES_DSNFull connection DSN, e.g. postgresql://sentinel:sentinel123@localhost:5433/sentinel_demo. Takes precedence over individual vars.
POSTGRES_HOSTPostgreSQL hostname
POSTGRES_PORTPostgreSQL port
POSTGRES_USERPostgreSQL user
POSTGRES_PASSWORDPostgreSQL password
POSTGRES_DBPostgreSQL database name

Runtime sockets and paths

VariableDefaultDescription
DOCKER_HOSTunix:///var/run/docker.sockDocker daemon socket — used by DockerAgent
PODMAN_HOSTunix:///run/podman/podman.sockPodman socket — used by PodmanAgent (Linux only)
KUBECONFIG/root/.kube/configPath to the Kubernetes config file inside the container
K8S_PROXY_URL(empty)kubectl proxy URL for Docker Desktop environments where 127.0.0.1:6443 is unreachable from containers

Complete example

# Backend/.env

# ── Supabase ──────────────────────────────────────────────────────────────
SUPABASE_URL=https://your-project.supabase.co
SUPABASE_SERVICE_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
SUPABASE_JWT_SECRET=your-jwt-secret

# ── OpenAI ────────────────────────────────────────────────────────────────
OPENAI_API_KEY=sk-...
OPENAI_MODEL=gpt-4o-mini

# ── LangFuse ──────────────────────────────────────────────────────────────
LANGFUSE_PUBLIC_KEY=pk-lf-...
LANGFUSE_SECRET_KEY=sk-lf-...
LANGFUSE_HOST=http://localhost:3001

# ── Infrastructure (localhost defaults for running outside Docker) ─────────
LOKI_URL=http://localhost:3100
CHROMA_HOST=http://localhost:8001
PROMETHEUS_URL=http://localhost:9090
ALERTMANAGER_URL=http://localhost:9093

# ── Webhook ───────────────────────────────────────────────────────────────
ALERT_WEBHOOK_SECRET=sentinel-webhook-secret-change-me

# ── CORS ──────────────────────────────────────────────────────────────────
CORS_ORIGINS=http://localhost:5173,http://127.0.0.1:5173

# ── PostgreSQL demo ───────────────────────────────────────────────────────
POSTGRES_DSN=postgresql://sentinel:sentinel123@localhost:5433/sentinel_demo

# ── Kubernetes (Docker Desktop) ───────────────────────────────────────────
# K8S_PROXY_URL=http://192.168.x.x:8555

Build docs developers (and LLMs) love