Environment Variable Reference¶

Complete reference for all configuration environment variables.

Time to read: ~10 min Prerequisites: None

Configuration Cascade¶

Configuration priority hierarchy and feature toggles overview.

Overview¶

Configuration is managed through environment variables. Set these in:

• .env file in the project root
• Shell environment (export VAR=value)
• Container environment (docker-compose.yml)

Priority: Environment > .env > Defaults

Database¶

Format: postgresql+asyncpg://user:password@host:port/database

Examples:

# Local development
DATABASE_URL=postgresql+asyncpg://security:password@localhost:5432/security

# Docker container
DATABASE_URL=postgresql+asyncpg://security:password@postgres:5432/security

Redis¶

Connection¶

Format: redis://[password@]host:port[/database] or rediss:// for TLS

Examples:

# Local development
REDIS_URL=redis://localhost:6379/0

# Docker container
REDIS_URL=redis://redis:6379/0

# With password
REDIS_URL=redis://:password@localhost:6379/0

# TLS
REDIS_URL=rediss://redis-host:6379/0

Redis SSL/TLS¶

AI Services¶

Service URLs¶

Warning: Use HTTPS in production to prevent MITM attacks.

Service Authentication¶

Service Timeouts¶

Enrichment Feature Toggles¶

These control enrichment behaviors in the backend. Defaults are designed for “rich context”, but you can disable them if you’re resource constrained or running without those services.

Florence Feature Toggles¶

Re-ID / Scene Change Tuning¶

Image Quality Assessment¶

Enrichment Circuit Breakers¶

CLIP Circuit Breakers¶

Florence Circuit Breakers¶

AI Service Retries¶

AI Concurrency¶

Nemotron Context Window¶

AI Warmup Settings¶

Camera Integration¶

Camera images are expected at: {FOSCAM_BASE_PATH}/{camera_name}/

File Watcher¶

Note: Enable polling for Docker Desktop on macOS/Windows where inotify doesn't work across volume mounts.

Detection Settings¶

Fast Path Settings¶

High-confidence detections can bypass batching for immediate alerts.

Batch Processing¶

Retention¶

GPU Monitoring¶

Recommended values:

• 1-2s: Real-time debugging
• 5s: Balanced (default)
• 15-30s: Lower overhead under pressure
• 60s: Minimal monitoring

Deduplication¶

Severity Thresholds¶

Risk score ranges for severity levels. See Risk Levels Reference.

Constraint: 0 <= low_max < medium_max < high_max <= 100

Logging¶

API Server¶

Authentication¶

Example:

API_KEY_ENABLED=true
API_KEYS=["key1-here", "key2-here"]

Rate Limiting¶

WebSocket¶

TLS/HTTPS Configuration¶

Modern Configuration (Recommended)¶

Legacy Configuration (Deprecated)¶

CORS¶

Notifications¶

Email (SMTP)¶

Webhooks¶

General¶

Queue Settings¶

Queue Overflow Policy Options¶

When the queue reaches QUEUE_MAX_SIZE, the system applies the configured overflow policy:

Consequences by policy:

• dlq (default): Overflowed items are moved to dlq:detection_queue or dlq:analysis_queue. No data loss but requires monitoring DLQ depth. Use /api/dlq/stats to check and /api/dlq/requeue-all/{queue_name} to recover items.

• reject: New detections are dropped when queue is full. Backend logs error Queue overflow: item rejected. Useful for alerting on capacity issues but causes immediate data loss.

• drop_oldest: Oldest queued items are removed to make space. Prioritizes freshness over completeness. May result in missed security events from earlier timeframes.

Recommendation: Use dlq (default) for production deployments. Monitor hsi:queue:dlq:* Redis keys or the /api/dlq/stats endpoint to detect overflow conditions.

Dead Letter Queue (DLQ)¶

Video Processing¶

Clip Generation¶

Service Health¶

Note: Set to false in containerized deployments where restart scripts aren't available.

Admin Endpoints¶

Security: Admin endpoints require BOTH DEBUG=true AND ADMIN_ENABLED=true.

Cache TTL Settings¶

Internal Service Timeouts¶

Worker Supervisor¶

Orchestrator Settings¶

Job Management¶

Pagination¶

Transcode Cache¶

Thumbnail Settings¶

Hardware Acceleration¶

Performance Profiling¶

Slow Query Logging¶

Request Logging¶

Request Recording¶

HSTS Configuration¶

Idempotency¶

Background Evaluation¶

Orphan File Cleanup¶

Configuration for periodic cleanup of orphaned files (files on disk without corresponding database records).

Safety: Files younger than ORPHAN_CLEANUP_AGE_THRESHOLD_HOURS are skipped to allow for incomplete processing. This prevents deletion of files that may still be in use.

Model Zoo¶

Configuration for the Model Zoo, which provides on-demand AI model loading during enrichment.

The Model Zoo contains supplementary AI models loaded on-demand during batch processing:

• License plate detection (yolo11-license-plate)
• Face detection (yolo11-face)
• OCR text extraction (paddleocr)
• Clothing segmentation (segformer-b2-clothes)
• Violence detection
• Weather classification
• And more

Note: Models are loaded sequentially within a ~1,650 MB VRAM budget (shared with the primary Nemotron and YOLO26 models).

Frontend (Build-Time)¶

These are embedded at frontend build time:

Next Steps¶

• Risk Levels Reference - Severity configuration details
• Troubleshooting - Configuration issues

See Also¶

• AI Configuration - AI-specific configuration
• Batching Logic - Batch timing configuration
• Local Setup - Development environment setup

Back to Operator Hub | Developer Hub