ForgeFrame reads runtime settings from environment variables using the FORGEFRAME_ prefix. Legacy FORGEGATE_ names are still accepted for compatibility and tests, but new configuration should use FORGEFRAME_.
Authoritative backend settings source: backend/app/settings/config.py.
- Root runtime env:
.env(example:.env.example) - Backend-local env:
backend/.env(example:backend/.env.example) - Frontend-local env:
frontend/.env(example:frontend/.env.example) - Docker Compose env:
.env.compose(seed fromdeploy/docker/.env.compose.example)
The following are required for standard PostgreSQL-backed operation:
FORGEFRAME_BOOTSTRAP_ADMIN_USERNAMEFORGEFRAME_BOOTSTRAP_ADMIN_PASSWORDFORGEFRAME_HARNESS_STORAGE_BACKEND=postgresqlFORGEFRAME_CONTROL_PLANE_STORAGE_BACKEND=postgresqlFORGEFRAME_OBSERVABILITY_STORAGE_BACKEND=postgresqlFORGEFRAME_GOVERNANCE_STORAGE_BACKEND=postgresqlFORGEFRAME_INSTANCES_STORAGE_BACKEND=postgresqlFORGEFRAME_HARNESS_POSTGRES_URLFORGEFRAME_CONTROL_PLANE_POSTGRES_URLFORGEFRAME_OBSERVABILITY_POSTGRES_URLFORGEFRAME_GOVERNANCE_POSTGRES_URLFORGEFRAME_INSTANCES_POSTGRES_URL
FORGEFRAME_HOST(default127.0.0.1)FORGEFRAME_PORT(default8080)FORGEFRAME_API_BASE(default/v1)FORGEFRAME_FRONTEND_DIST_PATH(defaultfrontend/dist)
Connection and topology helpers seen in examples:
FORGEFRAME_PG_MODE(native,existing, or deployment-specific value)FORGEFRAME_PG_HOST,FORGEFRAME_PG_PORT,FORGEFRAME_PG_DB,FORGEFRAME_PG_USER,FORGEFRAME_PG_PASSWORDFORGEFRAME_POSTGRES_URL- Per-domain URLs (
FORGEFRAME_*_POSTGRES_URL)
Notes:
FORGEFRAME_POSTGRES_URLmay be used as a base convenience variable in deployment workflows.- Storage-domain URLs are validated by backend settings for PostgreSQL-backed modes.
FORGEFRAME_ADMIN_AUTH_ENABLED(defaulttrue)FORGEFRAME_BOOTSTRAP_ADMIN_USERNAMEFORGEFRAME_BOOTSTRAP_ADMIN_PASSWORDFORGEFRAME_ADMIN_SESSION_TTL_HOURS
If FORGEFRAME_ADMIN_AUTH_ENABLED=true, bootstrap admin username/password must be configured.
Supported posture settings:
FORGEFRAME_PUBLIC_TLS_MODE=disabled|manual|integrated_acmeFORGEFRAME_PUBLIC_FQDNFORGEFRAME_PUBLIC_HTTPS_HOST,FORGEFRAME_PUBLIC_HTTPS_PORTFORGEFRAME_PUBLIC_HTTP_HELPER_HOST,FORGEFRAME_PUBLIC_HTTP_HELPER_PORTFORGEFRAME_PUBLIC_ADMIN_BASEFORGEFRAME_PUBLIC_TLS_CERT_PATH,FORGEFRAME_PUBLIC_TLS_KEY_PATHFORGEFRAME_PUBLIC_TLS_WEBROOT_PATH,FORGEFRAME_PUBLIC_TLS_STATE_PATH,FORGEFRAME_PUBLIC_TLS_LAST_ERROR_PATHFORGEFRAME_PUBLIC_TLS_ACME_EMAIL,FORGEFRAME_PUBLIC_TLS_ACME_DIRECTORY_URL
- Local-only development typically keeps TLS disabled and uses loopback/localhost URLs.
- Public deployment uses
FORGEFRAME_PUBLIC_FQDNand a non-disabled TLS mode.
Frontend vars must use the VITE_ prefix.
VITE_ENABLE_UX_REVIEW
UX Review Mode activation is dev-gated and requires explicit opt-in ("true"). See docs/frontend/ux-review-mode.md for full details.
Common optional settings include:
- Default routing/model/provider:
FORGEFRAME_DEFAULT_PROVIDER,FORGEFRAME_DEFAULT_MODEL,FORGEFRAME_ROUTING_STRATEGY - Provider credentials/tokens (for enabled providers only)
- Probe toggles and base URLs for OAuth/account-capable providers
FORGEFRAME_OLLAMA_BASE_URL,FORGEFRAME_OLLAMA_DEFAULT_MODEL
If a provider is disabled, keep related secrets unset.
Use placeholders in committed files:
- FQDN:
forgeframe.example.com - Email:
admin@example.com - Password/token placeholders:
replace-with-... - Database URL pattern:
postgresql+psycopg://forgeframe:replace-with-password@127.0.0.1:5442/forgeframe
- Never commit real passwords, API keys, OAuth tokens, or certificates.
- Keep local secret values in untracked
.envfiles. - Rotate credentials after any accidental exposure.
- Use separate values for local, staging, and production environments.