Skip to main content

Environment Variables Reference

This reference documents all environment variables available for configuring Simba Intelligence. Variables are grouped by function and include defaults and descriptions.
📝 Note: LLM provider credentials are not configured via environment variables. They are managed per-tenant through the web interface at /llm-configuration. See the LLM Provider Configuration guide.

Application Mode

APP_MODE Values

ModeProcessDescription
webFlask/GunicornMain web application and API server
workerCelery workerBackground task processor for AI queries and data operations
beatCelery beatPeriodic task scheduler (suggestions generation, cleanup jobs)
migrateAlembicRuns database migrations (upgrade, downgrade, or stamp)
validate-schemaAlembicValidates current database schema against migration state
mcpUvicorn/FastMCPMCP server with OAuth2 PKCE authentication

Core Infrastructure

VariableDefaultDescription
MAIN_DB_URLRequired. PostgreSQL connection URL (e.g., postgresql://user:pass@host:5432/dbname)
REDIS_URLredis://localhost:6379/0Redis connection URL for Celery broker and semantic cache
COMPOSER_HOSTRequired. Logi Composer API base URL (e.g., http://composer:8080/discovery)
BASE_PATH"" (empty)URL subpath prefix for non-root deployments (e.g., /intelligence). Trailing slashes are stripped automatically
PORT5050Web server listen port

Web Server (Gunicorn)

These variables tune the Gunicorn web server that runs the main application (APP_MODE=web).
VariableDefaultDescription
GUNICORN_WORKERS4Number of Gunicorn worker processes
GUNICORN_THREADS4Number of threads per worker
GUNICORN_TIMEOUT1200Request timeout in seconds (20 minutes)
GUNICORN_MAX_REQUESTS1000Maximum requests per worker before automatic restart. Helps manage memory
GUNICORN_LOG_LEVELinfoLog level (debug, info, warning, error, critical)
GUNICORN_ACCESS_LOGtrueEnable access logging (true / false)
💡 Pro Tip: For memory-constrained environments, reduce GUNICORN_WORKERS and GUNICORN_MAX_REQUESTS. For high-throughput deployments, increase workers and threads proportionally to available CPU cores.

MCP Server

These variables configure the MCP server container (APP_MODE=mcp).
VariableDefaultDescription
MCP_BASE_URLRequired for MCP. External-facing URL for OAuth2 PKCE redirect URIs (e.g., https://your-domain.com)
MCP_UVICORN_WORKERS4Number of Uvicorn worker processes
UVICORN_LOG_LEVELinfoLog level for the MCP Uvicorn server
See the MCP Server Guide for full deployment details.

Database Migrations

VariableDefaultDescription
DISABLE_DB_MIGRATIONSfalseWhen true, skips Alembic migrations on web startup. Use this when running migrations via a dedicated Kubernetes Job instead
MIGRATIONS_ACTIONupgradeMigration action for APP_MODE=migrate. Values: upgrade, downgrade, stamp
MIGRATIONS_REVISIONTarget revision for downgrade actions. The stamp action always stamps to head regardless of this value
⚠️ Important: In production Kubernetes deployments, it is recommended to set DISABLE_DB_MIGRATIONS=true on the web container and run migrations via the dedicated simba-intelligence-db-migrate-job Helm job instead. This prevents migration race conditions when running multiple web replicas.

CORS Configuration

Cross-Origin Resource Sharing settings for the web application.
VariableDefaultDescription
CORS_ENABLEDfalseEnable CORS headers (true / false). Disabled by default for same-origin deployments
CORS_ORIGINS'self'Comma-separated list of allowed origins (e.g., https://app.example.com,https://admin.example.com)
CORS_METHODSGET,POST,PUT,DELETE,OPTIONSAllowed HTTP methods
CORS_ALLOW_HEADERSContent-Type,Authorization,X-Requested-WithAllowed request headers
CORS_SUPPORTS_CREDENTIALStrueAllow credentials (cookies, authorization headers) in cross-origin requests
CORS_MAX_AGE86400Preflight response cache duration in seconds (24 hours)
📝 Note: CORS is disabled by default, which is the most secure configuration for same-origin deployments. Only enable CORS if your frontend is hosted on a different domain than the Simba Intelligence API.

Content Security Policy (CSP)

These variables control the Content-Security-Policy response headers.
VariableDefaultDescription
SECURITY_HEADERS_ENABLEDtrueEnable CSP and other security headers (true / false)
CSP_DEFAULT_SRC'self'Default content source policy
CSP_SCRIPT_SRC'self' 'unsafe-inline'Allowed JavaScript sources
CSP_STYLE_SRC'self' 'unsafe-inline'Allowed CSS sources
CSP_IMG_SRC'self' data:Allowed image sources
CSP_FONT_SRC'self' data:Allowed font sources
CSP_CONNECT_SRC'self'Allowed AJAX, WebSocket, and EventSource sources
CSP_FRAME_ANCESTORS'self'Controls which origins can embed the page in an iframe
⚠️ Important: If you embed Simba Intelligence in an iframe or load external resources (e.g., custom fonts from a CDN), you must adjust the relevant CSP directives. Overly restrictive CSP values can break frontend functionality.

Logging

VariableDefaultDescription
LOG_FORMATtextLog output format. Values: text (human-readable), json (structured, suitable for log aggregation)
LOG_LEVELS[]JSON array for per-module log level overrides. See the Logging Configuration Guide for details
Example LOG_LEVELS configuration: 
[
  {"module": "simba_intelligence.api", "logLevel": "DEBUG"},
  {"module": "simba_intelligence.ai", "logLevel": "INFO"}
]

Celery (Background Tasks)

VariableDefaultDescription
CELERY_BEAT_SCHEDULE_FILECustom filesystem path for the Celery beat schedule database. Required when using persistent storage for beat (StatefulSet)
📝 Note: REDIS_URL (listed under Core Infrastructure) is also used as the Celery broker and result backend.

Composer Integration

VariableDefaultDescription
DB_HOSTHostname used in development and test environments when constructing JDBC URLs for Composer data connectors
COMPOSER_DEFAULT_TIMEOUT60Default timeout in seconds for HTTP requests to Composer. The Helm chart sets this to 30 by default via extraEnvs