Environment Configuration

Deployer

Tip

Each Prodgy service requires a set of environment variables to function correctly. This page documents all required variables per service.

Shared Variables (Root)

These variables are used by multiple services and should be defined globally:

# Supabase (Database and Authentication)
SUPABASE_URL=https://your-project.supabase.co
SUPABASE_ANON_KEY=eyJhbGciOi...
SUPABASE_SERVICE_ROLE_KEY=eyJhbGciOi...

# Service URLs
VITE_PRODGY_API_URL=https://api.yourdomain.com
PRODGY_ENGINE_URL=http://engine:8001
PRODGY_SERVICE_URL=http://service:5000
PRODGY_AGENTIC_URL=http://agentic:3200

# Service-to-Service Tokens
PRODGY_API_TOKEN=secure-api-token
PRODGY_ENGINE_TOKEN=secure-engine-token
PRODGY_SERVICE_TOKEN=secure-service-token
PRODGY_AGENTIC_TOKEN=secure-agentic-token

# Redis
REDIS_HOST=redis
REDIS_PORT=6379
REDIS_PASSWORD=your-redis-password

# Frontend URLs
VITE_PRODGY_DOCS_URL=https://docs.yourdomain.com
VITE_PRODGY_TERMS_URL=https://yourdomain.com/terms
VITE_PRODGY_PRIVACY_URL=https://yourdomain.com/privacy

---

API (Backend)

PORT=4000
NODE_ENV=production
LOG_LEVEL=info

# Supabase
SUPABASE_URL=https://your-project.supabase.co
SUPABASE_ANON_KEY=eyJhbGciOi...
SUPABASE_SERVICE_ROLE_KEY=eyJhbGciOi...

# CORS (allowed origins comma-separated)
CORS_ORIGIN=https://yourdomain.com,https://studio.yourdomain.com

# Encryption (minimum 32 characters)
ENCRYPTION_KEY=encryption-key-with-at-least-32-characters-here

# URLs
VITE_PRODGY_API_URL=https://api.yourdomain.com

# Tokens
PRODGY_API_TOKEN=secure-api-token

Caution

The ENCRYPTION_KEY must be at least 32 characters long and unique per environment. It is used to encrypt secrets stored in the database.

---

Web (Frontend)

VITE_PRODGY_API_URL=https://api.yourdomain.com
VITE_PRODGY_DOCS_URL=https://docs.yourdomain.com
VITE_PRODGY_TERMS_URL=https://yourdomain.com/terms
VITE_PRODGY_PRIVACY_URL=https://yourdomain.com/privacy
VITE_GTM_ID=GTM-XXXXXXX
VITE_DISABLE_SOCIAL_SIGNIN=false

Note

VITE_ variables are injected at build time and visible in the frontend. Never include secrets in variables with the VITE_ prefix.

---

Service (Queues)

NODE_ENV=production
PORT=5000
LOG_LEVEL=info

# Redis
REDIS_HOST=redis
REDIS_PORT=6379
REDIS_PASSWORD=your-redis-password
REDIS_DB=0

# Queue Configuration
QUEUE_CONCURRENCY=5
QUEUE_MAX_RETRIES=3
QUEUE_RETRY_DELAY=5000

# Tokens
PRODGY_SERVICE_TOKEN=secure-service-token
PRODGY_ENGINE_URL=http://engine:8001
PRODGY_ENGINE_TOKEN=secure-engine-token

---

Engine (AI Engine)

ENVIRONMENT=production
PORT=8001
LOG_LEVEL=INFO

# Supabase
SUPABASE_URL=https://your-project.supabase.co
SUPABASE_ANON_KEY=eyJhbGciOi...
SUPABASE_SERVICE_ROLE_KEY=eyJhbGciOi...

# API
VITE_PRODGY_API_URL=https://api.yourdomain.com
PRODGY_API_TOKEN=secure-api-token

---

Studio (Workflow Editor)

VITE_PRODGY_API_URL=https://api.yourdomain.com
VITE_PRODGY_ENGINE_URL=https://engine.yourdomain.com
VITE_PRODGY_TERMS_URL=https://yourdomain.com/terms
VITE_PRODGY_PRIVACY_URL=https://yourdomain.com/privacy
VITE_GTM_ID=GTM-XXXXXXX
VITE_DISABLE_SOCIAL_SIGNIN=false

---

Gateway (MCP Server)

PRODGY_GATEWAY_PORT=3100
LOG_LEVEL=info

# API
PRODGY_API_URL=https://api.yourdomain.com
PRODGY_API_TOKEN=secure-api-token

Note

In HTTP transport, the user token is sent by the MCP client in the Authorization: Bearer prodgy_xxx header. For stdio transport (local development), also set PRODGY_USER_API_TOKEN.

---

Agentic (Agent Orchestrator)

PRODGY_AGENTIC_PORT=3200
NODE_ENV=production
LOG_LEVEL=info

# API
VITE_PRODGY_API_URL=https://api.yourdomain.com
PRODGY_API_TOKEN=secure-api-token

# Service authentication
PRODGY_AGENTIC_TOKEN=secure-agentic-token

Note

PRODGY_AGENTIC_TOKEN is used to authenticate requests from other services (such as the API) to Agentic. LLM providers are configured at the organization level within Prodgy — Agentic resolves them automatically via API.

---

Assistant (Teams Bot)

The Assistant uses appsettings.Production.json instead of environment variables:

{
  "BaseUrl": "https://teams.yourdomain.com",
  "AzureAd": {
    "TenantId": "your-tenant-id",
    "ClientId": "your-client-id",
    "ClientSecret": "your-client-secret",
    "BotUserId": "bot-user-id"
  },
  "GraphCommsBot": {
    "AppId": "app-id",
    "AppSecret": "app-secret",
    "CertificateThumbprint": "certificate-thumbprint",
    "MediaPlatform": {
      "InstanceInternalPort": 8445,
      "InstancePublicPort": 8445
    }
  },
  "ProdgyBack": {
    "BaseUrl": "https://api.yourdomain.com",
    "ApiKey": "secure-api-token"
  },
  "TranscriptEngine": "api",
  "Redis": {
    "ConnectionString": "redis-host:6379,password=your-password,ssl=True",
    "Db": 1
  }
}

Note

The Assistant service runs on a Windows VM and is managed by NSSM (Non-Sucking Service Manager). The appsettings.Production.json file is automatically preserved during deployments.

---

Best Practices

• Never commit .env or appsettings.Production.json files to the repository
• Use a secrets manager (Azure Key Vault, HashiCorp Vault, etc.)
• Generate service tokens with high entropy (minimum 32 random characters)
• Keep tokens unique per environment (dev, staging, production)
• Periodically review variables and rotate secrets