Configuration
Plystra Core is configured through environment variables. In production, cmd/plystrad validates safety-critical settings before opening the database.
Server
Section titled “Server”| Variable | Default | Description |
|---|---|---|
SERVER_HOST / PLYSTRA_SERVER_HOST | empty | Optional bind host. Empty binds all interfaces. |
SERVER_PORT / PLYSTRA_SERVER_PORT | 8080 | HTTP port. |
SERVER_MODE / PLYSTRA_ENV | development | Set to production for production guards. |
SERVER_PUBLIC_URL / PLYSTRA_SERVER_PUBLIC_URL | local development URL in .env.example | Public URL. Required and non-localhost in production. |
PLYSTRA_CORE_VERSION / CORE_VERSION | 1.0.0-dev | Reported by the version endpoint. |
Database
Section titled “Database”| Variable | Default | Description |
|---|---|---|
DATABASE_URL | development PostgreSQL URL | Primary database URL. |
PLYSTRA_DATABASE_URL | none | Compatibility alias used by tests and tools. |
DOCKER_DATABASE_URL | Compose PostgreSQL URL | Used by docker-compose.yml for the Core container. |
Production rejects the default plystra:plystra credentials.
Security
Section titled “Security”| Variable | Default | Description |
|---|---|---|
PLYSTRA_ADMIN_TOKEN / ADMIN_TOKEN | development placeholder | Bootstrap token for non-public Core API routes. Must be at least 32 characters in production. |
PLYSTRA_SESSION_SECRET / SESSION_SECRET | development placeholder | Preferred secret for HMAC hashing stored opaque bearer tokens. |
JWT_SECRET / PLYSTRA_JWT_SECRET | compatibility placeholder | Compatibility alias for the session secret. Core v1.0 does not issue JWT claims. |
TRUSTED_PROXIES | empty | Enables trusted forwarded IP parsing for known proxies. |
Do not use the placeholder values from .env.example in production.
CORS and Request Metadata
Section titled “CORS and Request Metadata”| Variable | Default | Description |
|---|---|---|
CORS_ALLOWED_ORIGINS | localhost list in .env.example, * Compose fallback | Comma-separated allowed origins. Production rejects empty or wildcard values. |
REQUEST_ID_HEADER | X-Request-ID | Request ID header name. |
HTTP authorization checks ignore body-provided ip, user_agent, and canonical request_id. The server derives those values from the request and middleware.
Audit and Trace
Section titled “Audit and Trace”| Variable | Default | Description |
|---|---|---|
AUDIT_WRITE_MODE | always | Store write mode for authz audit decisions. |
TRACE_VERSION | 1.0 | Trace version for decision snapshots. |
AuditLog is append-only. Production deployments should define retention and export policies.
Feature Flags
Section titled “Feature Flags”| Variable | Default | Description |
|---|---|---|
DATA_CONSOLE_ENABLED | false | Enables /api/v1/data/* preview routes when explicitly set. |
METRICS_ENABLED | false | Enables /metrics when explicitly set. |
METRICS_TOKEN / PLYSTRA_METRICS_TOKEN | empty | Token for /metrics. If omitted, admin token is accepted when metrics are enabled. |
Disabled feature routes return FEATURE_DISABLED.
Production Guard Summary
Section titled “Production Guard Summary”With SERVER_MODE=production, Core refuses to start if:
- database URL is missing or uses default development credentials.
- session secret is missing, too short, or a placeholder.
- admin token is missing, too short, or a placeholder.
- CORS origins are missing or include
*. - public URL is missing or points to localhost.