All Valter configuration is driven by environment variables prefixed with VALTER_. Variables are loaded in this order of precedence: shell environment, .env file, built-in defaults. The Settings class in src/valter/config.py uses pydantic-settings with env_prefix="VALTER_".
Variable Purpose Default Required? VALTER_ENVEnvironment name. Set to production or prod to activate production guardrails. developmentNo VALTER_RUNTIMEExecution mode that determines which process starts. See Runtime Modes . apiNo
Setting VALTER_ENV=production activates strict validation: authentication must be enabled, CORS wildcard is blocked, Neo4j must be remote, and database credentials cannot be defaults. See Production Guardrails below.
Variable Purpose Default Required? VALTER_DATABASE_URLPostgreSQL connection string using the asyncpg driver. postgresql+asyncpg://valter:valter_dev@localhost:5432/valterNo VALTER_QDRANT_URLQdrant vector database URL. http://localhost:6333No VALTER_QDRANT_COLLECTIONName of the Qdrant collection for legal document chunks. legal_chunks_v1No VALTER_NEO4J_URINeo4j connection URI. Use bolt:// for local, neo4j+s:// for Aura. bolt://localhost:7687No VALTER_NEO4J_USERNAMENeo4j authentication username. neo4jNo VALTER_NEO4J_PASSWORDNeo4j authentication password. neo4j_devNo VALTER_REDIS_URLRedis connection URL with database number. redis://localhost:6379/0No VALTER_ARQ_REDIS_DBRedis database number for the ARQ background worker. Kept separate from the main Redis DB to avoid key collisions. 1No
In production, VALTER_DATABASE_URL must not contain valter_dev, VALTER_NEO4J_URI must point to a remote host (not localhost), and VALTER_NEO4J_PASSWORD must not be a weak default like neo4j_dev or password. The application will refuse to start otherwise.
Variable Purpose Default Required? VALTER_EMBEDDING_MODELHuggingFace model identifier for semantic embeddings. Downloaded via make download-model. rufimelo/Legal-BERTimbau-sts-baseNo VALTER_EMBEDDING_DIMENSIONVector dimension produced by the embedding model. Must match the model output. 768No VALTER_EMBEDDING_SERVICE_URLURL of a remote embedding service (hosted on Railway). When set, the local model is bypassed. None No VALTER_RERANKER_SERVICE_URLURL of a remote reranking service (hosted on Railway). When set, the local cross-encoder is bypassed. None No VALTER_GROQ_API_KEYAPI key for Groq LLM. Enables factual extraction and query expansion features. None No VALTER_GROQ_MODELModel identifier used with the Groq API. qwen/qwen3-32bNo VALTER_GROQ_ENABLEDFeature flag to enable Groq-powered features. Requires VALTER_GROQ_API_KEY to be set. falseNo
Variable Purpose Default Required? VALTER_API_HOSTHost address the API server binds to. 0.0.0.0No VALTER_API_PORTPort the API server listens on. 8000No VALTER_AUTH_ENABLEDEnable API key authentication on REST endpoints. falseYes (prod) VALTER_RATE_LIMIT_READMaximum read requests per API key per minute. 100No VALTER_RATE_LIMIT_WRITEMaximum write requests per API key per minute. 10No VALTER_CORS_ORIGINSJSON array of allowed CORS origins. ["*"]No VALTER_LOG_LEVELApplication log level (DEBUG, INFO, WARNING, ERROR). INFONo VALTER_METRICS_IP_ALLOWLISTComma-separated list of IP addresses allowed to access /metrics. Empty Yes (prod)
In production, VALTER_AUTH_ENABLED must be true, VALTER_CORS_ORIGINS must not contain "*", and VALTER_METRICS_IP_ALLOWLIST must be set. The application raises a ValueError at startup if any of these constraints are violated.
Variable Purpose Default Required? VALTER_UPLOAD_STORAGE_PATHLocal filesystem path where uploaded files are stored before processing. data/datasets/uploads/rawNo VALTER_MAX_UPLOAD_MBMaximum upload file size in megabytes. Converted to bytes internally via the max_upload_bytes property. 100No VALTER_INGEST_JOB_TIMEOUT_SECONDSMaximum duration (seconds) an ARQ ingest job can run before being killed. 1800No VALTER_INGEST_WORKER_CONCURRENCYNumber of concurrent jobs the ARQ worker processes. 2No
Variable Purpose Default Required? VALTER_R2_ACCOUNT_IDCloudflare account ID. Used to construct the endpoint URL if VALTER_R2_ENDPOINT_URL is not set. None No VALTER_R2_ACCESS_KEY_IDS3-compatible access key for R2. None No VALTER_R2_SECRET_ACCESS_KEYS3-compatible secret key for R2. None No VALTER_R2_BUCKET_NAMER2 bucket name for storing workflow artifacts. valter-artifactsNo VALTER_R2_ENDPOINT_URLOverride the auto-constructed R2 endpoint URL. None No VALTER_R2_PRESIGN_TTL_SECONDSTime-to-live (seconds) for pre-signed download URLs. 600No VALTER_R2_CANARY_PERCENTPercentage (0-100) of artifact uploads routed to R2 instead of local storage. Use for gradual rollout. 0No
All three credentials (VALTER_R2_ACCOUNT_ID, VALTER_R2_ACCESS_KEY_ID, VALTER_R2_SECRET_ACCESS_KEY) must be set together for R2 to function. When VALTER_R2_CANARY_PERCENT is 0 (default), all artifacts are stored locally. Increase gradually during migration to R2.
Variable Purpose Default Required? VALTER_WORKFLOW_TIMEOUT_SECONDSGlobal timeout for an entire workflow execution. 2400No VALTER_WORKFLOW_MAX_RETRIESMaximum number of retry attempts per workflow step before marking it as failed. 3No VALTER_WORKFLOW_POLL_RECOMMENDED_SECONDSRecommended interval (seconds) for clients polling workflow status. Returned in API responses. 3No VALTER_WORKFLOW_STRICT_INFRA_REQUIREDWhen true, workflows fail immediately if required infrastructure (Qdrant, Redis) is unavailable. When false, they degrade gracefully. trueNo
Variable Purpose Default Required? VALTER_MCP_SERVER_TRANSPORTTransport protocol for the MCP server (streamable-http or stdio). Derived from VALTER_RUNTIME No VALTER_MCP_SERVER_HOSTHost address the MCP remote server binds to. 0.0.0.0No VALTER_MCP_SERVER_PORTPort the MCP remote server listens on. Falls back to $PORT if set (for Railway compatibility). 8001No VALTER_MCP_SERVER_PATHURL path for the MCP HTTP endpoint. /mcpNo VALTER_MCP_SERVER_AUTH_MODEAuthentication mode for incoming MCP requests. api_keyNo VALTER_MCP_SERVER_API_KEYSComma-separated list of valid API keys for MCP authentication. None No VALTER_MCP_API_BASE_URLBase URL of the REST API that the MCP server delegates to internally. http://localhost:8000No VALTER_MCP_API_KEYAPI key the MCP server uses when calling the REST API. None No VALTER_MCP_RATE_LIMIT_PER_MINUTEMaximum MCP requests per minute per client. 60No
The MCP server acts as a bridge: it receives tool calls from LLM clients (ChatGPT, Claude) and translates them into REST API calls against VALTER_MCP_API_BASE_URL. If the REST API has authentication enabled, set VALTER_MCP_API_KEY accordingly.
Variable Purpose Default Required? VALTER_PHASE_RULES_VERSIONVersion of the phase classification rules used for procedural analysis. phase-rules-v1.1No VALTER_PHASE_MIN_PRECEDENT_SCOREMinimum similarity score (0-100) for a precedent to be considered relevant in phase matching. 55.0No VALTER_PHASE_MAX_MATCHES_PER_PHASEMaximum number of precedent matches returned per procedural phase. 5No
Variable Purpose Default Required? VALTER_KG_BOOST_BATCH_ENABLEDEnable batch knowledge graph boosting in the hybrid retriever. Enriches search results with graph context in parallel. trueNo VALTER_KG_BOOST_MAX_CONCURRENCYMaximum number of concurrent Neo4j queries during KG boost. Tune based on Neo4j capacity. 12No VALTER_QUERY_EXPANSION_MAX_VARIANTSMaximum number of query variants generated during search expansion (requires Groq). 3No
The Settings class enforces the following constraints when VALTER_ENV is set to production or prod. These validations run at application startup and cause an immediate failure with a descriptive ValueError if violated.
API runtime guardrails (skipped for MCP-only runtimes which have their own auth):
VALTER_AUTH_ENABLED must be trueVALTER_CORS_ORIGINS must not contain "*"VALTER_METRICS_IP_ALLOWLIST must be non-empty
Infrastructure guardrails (always enforced in production):
VALTER_NEO4J_URI must point to a remote host (not localhost or 127.0.0.1)VALTER_NEO4J_PASSWORD must not be a weak default (neo4j_dev, password, changeme, etc.)VALTER_DATABASE_URL must not contain valter_devVALTER_REDIS_URL must not point to localhost or 127.0.0.1 