Skip to content

Environment variables

Exhaustive list of environment variables recognized by arka-deck. Source of truth: .env.example at the root, addons/cortex-lite/.env.example for the embedded sidecar, and effective reads at boot.


VariableDefaultDescription
ARKA_DECK_WEB_PORT3117HTTP server port
ARKA_DECK_WEB_HOST127.0.0.1 (or 0.0.0.0 if --lan)Bind address
ARKA_DECK_WEB_LAN0Enables LAN mode if 1, true or yes (priority 2, see CLI)
ARKA_DECK_WEB_BASE_URLderived from host/portOverride the public base URL emitted by the server (OAuth callbacks, links)
ARKA_DECK_LOGinfoFastify log level (fatal/error/warn/info/debug/trace/silent)
ARKA_DECK_RATE_LIMIT_MAX300Rate limit ceiling / minute
ARKA_DECK_RATE_LIMIT_WINDOW1 minuteRate limit window (Fastify rate-limit syntax)

VariableDefaultDescription
ARKA_DECK_HOME~/.arka-deck/Override the global user folder
ARKA_PLATFORM_DIRplatform-specificOverride the platform data directory (advanced)

VariableDefaultDescription
ARKA_DECK_CORTEX_URLhttps://public.arkalabs.appCortex endpoint for the catalogue (read-only)
ARKA_DECK_CORTEX_MCP_URLhttps://mcp.public.arkalabs.appCortex MCP endpoint for agents
ARKA_DECK_CORTEX_RUNTIME_URL(unset, loopback fallback)Dedicated Cortex runtime endpoint

By default, the ARKA_DECK_CORTEX_URL, ARKA_DECK_CORTEX_MCP_URL and ARKA_DECK_CORTEX_RUNTIME_URL overrides accept only:

  • Loopback (127.0.0.1, localhost) — for local Cortex Lite
  • HTTPS hosts on *.arkalabs.app

Any other host is refused. To bypass in development:

Terminal window
ARKA_DECK_CORTEX_ALLOW_UNSAFE_URL=1

This variable must never be set in production.

See ADR 0006.


These variables are read by the embedded addons/cortex-lite sidecar (SurrealDB + Express REST + optional MCP stdio). When arka-deck launches the sidecar through Docker compose, it forwards the variables present in the host environment.

Schema source: addons/cortex-lite/.env.example.

VariableDefaultDescription
MODEapiProcess mode: api (HTTP REST) or mcp (stdio MCP)
PORT9100HTTP listen port (loopback-only via docker-compose bind 127.0.0.1:${PORT}:9100)
CORTEX_LITE_MCP_DISABLEDunsetWhen set (1/true), the MCP stdio server is not started even in MODE=mcp
CORTEX_LITE_COMPOSE_FILEbundled docker-compose.ymlOverride the compose file used by the launcher
VariableDefaultDescription
SURREAL_URLhttp://127.0.0.1:8000SurrealDB endpoint
SURREAL_USERrootDB user
SURREAL_PASS(unset, no default)DB password — never reuse root outside ephemeral dev
SURREAL_NScortexSurrealDB namespace
SURREAL_DBliteSurrealDB database
DB_INIT_RETRY_MS1000Delay between DB bootstrap attempts (ms)
DB_INIT_MAX_ATTEMPTS30Max DB bootstrap attempts before giving up
VariableDefaultDescription
API_KEYS(unset)JSON array [{ "key": "...", "role": "admin"|"readonly", "label": "..." }] — generate keys via openssl rand -hex 32
CORTEX_LITE_DEV_AUTHunsetWhen 1, the magic value dev-key-lite is accepted as an admin key. Sandbox only
CORS_ORIGINloopback-onlyComma-separated allowlist. * is accepted only when set explicitly
ARKA_TOKEN(unset)Shared LAN token between arka-deck and Cortex Lite (auto-injected as admin)

The API key check uses crypto.timingSafeEqual over SHA-256 hashes (constant-time across the cached key set and the ARKA_TOKEN branch).

VariableDefaultDescription
CORTEX_PUBLIC_URLhttps://public.arkalabs.appRead-only upstream Cortex catalogue URL

The sidecar applies the same anti-SSRF policy as the arka-deck core (HTTPS + arkalabs.app only). The dev override is the shared ARKA_DECK_CORTEX_ALLOW_UNSAFE_URL=1 — keep it consistent across both surfaces.

The Cortex Lite Express app does not carry its own rate-limit middleware. Justification:

  • the sidecar is published on loopback only (127.0.0.1:9100 Docker bind);
  • any LAN flood path goes through the arka-deck Fastify reverse proxy, which already enforces ARKA_DECK_RATE_LIMIT_MAX / ARKA_DECK_RATE_LIMIT_WINDOW;
  • the payload is capped at 2 MB (express.json({ limit: '2mb' })).

If Cortex Lite is ever exposed beyond loopback, add express-rate-limit (target 600 req/min, allowlist 127.0.0.1) and update this section.

VariableDefaultDescription
INGEST_BATCH_SIZE20Atoms per batch when syncing the public catalogue
INGEST_DELAY_MS100Delay between batches (ms), to be gentle on the public Cortex
INGEST_FETCH_CONTENTunsetFetch full atom content during ingestion (1/true) or only summary
SYNC_INTERVAL_HOURS24Frequency of the automatic resync
SYNC_ON_STARTtrueTrigger an immediate sync at startup

VariableDescription
ARKA_DECK_NOTION_OAUTH_CLIENT_IDNotion OAuth client ID (first-party integration)
ARKA_DECK_NOTION_OAUTH_CLIENT_SECRETNotion OAuth client secret
ARKA_DECK_NOTION_OAUTH_REDIRECT_URINotion OAuth callback URL, usually /api/connectors/installations/oauth/callback
NOTION_OAUTH_CLIENT_IDLegacy alias (deprecated; prefer the ARKA_DECK_* form)
NOTION_OAUTH_CLIENT_SECRETLegacy alias (deprecated; prefer the ARKA_DECK_* form)
NOTION_OAUTH_REDIRECT_URILegacy alias (deprecated; prefer the ARKA_DECK_* form)

OAuth variables are only needed if you use the Notion browser OAuth flow. Notion can still use an internal integration token.

Gmail and Google Drive do not use global arka-deck OAuth variables. Their API token/gateway token and optional MCP endpoint are configured per connector installation from the UI.


VariableDefaultDescription
ARKA_DECK_MCP_PROBE1When 0, the MCP endpoint probe is skipped during installs
ARKA_DECK_ENABLE_CUSTOM_STDIO_MCP0Enables custom STDIO MCP server registration
ARKA_DECK_GOOGLE_GENAI_ALLOW_UNSAFE_BASE_URLunsetDEV ONLY — disables Google GenAI base URL anti-SSRF check
ARKA_REFUSE_DRAFTunsetDefensive flag for tests: refuse to send drafts through external connectors

VariableDescription
PLAYWRIGHT_BASE_URLBase URL for Playwright tests (default http://127.0.0.1:3117)
ARKA_E2E_PORTAlternate listen port used by the Playwright web server
ARKA_SMOKE_SKIP_BUILDSmoke test helper: skip the build phase in scripts/smoke-binary.sh

  • Put overrides in .env.local (never in a versioned .env).
  • Never commit an API key. The historical dev-key-lite Cortex Lite value is refused unless CORTEX_LITE_DEV_AUTH=1 is set explicitly.
  • For persistent secrets, use the Settings → Providers UI rather than an environment variable (AES-256-GCM encryption).
  • Check .env.example at the root and addons/cortex-lite/.env.example for the maintained list.