Skip to content
SAM Docs

Configuration Reference

SAM uses environment variables for platform configuration. User-specific settings (cloud provider tokens, agent API keys) are stored encrypted in the database, not as environment variables.

Platform Secrets

Section titled “Platform Secrets”

These are Cloudflare Worker secrets, set during deployment. Pulumi auto-generates security keys on first deploy.

SecretDescription
ENCRYPTION_KEYAES-256-GCM key for credential encryption (auto-generated)
JWT_PRIVATE_KEYRSA-2048 private key for signing tokens (auto-generated)
JWT_PUBLIC_KEYRSA-2048 public key for token verification (auto-generated)
CF_API_TOKENCloudflare API token for infrastructure, DNS, observability, AI Gateway, and admin log access
CF_ZONE_IDCloudflare zone ID for DNS record management
CF_ACCOUNT_IDCloudflare account ID
GITHUB_CLIENT_IDGitHub App client ID for OAuth
GITHUB_CLIENT_SECRETGitHub App client secret for OAuth
GITHUB_APP_IDGitHub App ID for installation tokens
GITHUB_APP_PRIVATE_KEYGitHub App private key (PEM or base64)
GITHUB_APP_SLUGGitHub App URL slug
GITHUB_WEBHOOK_SECRETGitHub App webhook HMAC secret; set from GitHub Actions secret GH_WEBHOOK_SECRET
ORIGIN_CA_CERTCloudflare Origin CA certificate for VM-agent TLS (auto-generated)
ORIGIN_CA_KEYCloudflare Origin CA private key for VM-agent TLS (auto-generated)
TRIAL_CLAIM_TOKEN_SECRETTrial onboarding HMAC secret (auto-generated)

Worker Variables

Section titled “Worker Variables”

Set as [vars] in wrangler.toml or as environment variables:

VariableDefaultDescription
BASE_DOMAINRoot domain for the deployment (e.g., example.com)
VERSIONDeployment version string

GitHub Environment Variables

Section titled “GitHub Environment Variables”

Set in GitHub Settings → Environments → production:

VariableDescriptionExample
BASE_DOMAINDeployment domainexample.com
RESOURCE_PREFIXCloudflare resource name prefixsam
PULUMI_STATE_BUCKETR2 bucket for Pulumi statesam-pulumi-state

Feature Flags

Section titled “Feature Flags”
VariableDefaultDescription
REQUIRE_APPROVAL(unset)Require admin approval for new users. First user becomes superadmin.

AI Idea Title Generation

Section titled “AI Idea Title Generation”
VariableDefaultDescription
TASK_TITLE_MODEL@cf/google/gemma-3-12b-itWorkers AI model for title generation
TASK_TITLE_MAX_LENGTH100Max characters in generated title
TASK_TITLE_TIMEOUT_MS5000Timeout before falling back to truncation
TASK_TITLE_GENERATION_ENABLEDtrueSet false to disable AI generation
TASK_TITLE_SHORT_MESSAGE_THRESHOLD100Messages at or below this length bypass AI
TASK_TITLE_MAX_RETRIES2Max retry attempts on failure
TASK_TITLE_RETRY_DELAY_MS1000Base delay between retries (exponential backoff)
TASK_TITLE_RETRY_MAX_DELAY_MS4000Max delay cap for backoff

Warm Node Pooling

Section titled “Warm Node Pooling”
VariableDefaultDescription
NODE_WARM_TIMEOUT_MS1800000 (30 min)Time a node stays warm after idea execution completes
MAX_AUTO_NODE_LIFETIME_MS14400000 (4 hr)Absolute max lifetime for auto-provisioned nodes
NODE_WARM_GRACE_PERIOD_MS2100000 (35 min)Cron sweep grace period (must be > warm timeout)
NODE_LIFECYCLE_ALARM_RETRY_MS60000 (1 min)Retry delay for DO alarm failures
DEFAULT_TASK_AGENT_TYPEopencodeDefault agent for autonomous idea execution

Notification System

Section titled “Notification System”
VariableDefaultDescription
NOTIFICATION_PROGRESS_BATCH_WINDOW_MS300000 (5 min)Min interval between progress notifications per idea
NOTIFICATION_DEDUP_WINDOW_MS60000 (60s)Dedup window for task_complete notifications
NOTIFICATION_AUTO_DELETE_AGE_MS7776000000 (90 days)Auto-delete old notifications
MAX_NOTIFICATIONS_PER_USER500Max stored notifications per user
NOTIFICATION_PAGE_SIZE50Default page size for notification list
MAX_NOTIFICATION_PAGE_SIZE100Max allowed page size

ACP Session Lifecycle

Section titled “ACP Session Lifecycle”
VariableDefaultDescription
ACP_SESSION_DETECTION_WINDOW_MS300000 (5 min)Heartbeat timeout before marking session interrupted
ACP_SESSION_HEARTBEAT_INTERVAL_MS60000 (60s)How often VM agent sends heartbeats
ACP_SESSION_RECONCILIATION_TIMEOUT_MS30000 (30s)VM agent startup reconciliation timeout
ACP_SESSION_MAX_FORK_DEPTH10Maximum session fork chain depth
ACP_SESSION_FORK_CONTEXT_MESSAGES20Context messages included when forking

ACP Protocol (VM Agent)

Section titled “ACP Protocol (VM Agent)”
VariableDefaultDescription
ACP_MESSAGE_BUFFER_SIZE5000Buffer size for ACP messages
ACP_PING_INTERVAL30sWebSocket keepalive ping interval
ACP_PONG_TIMEOUT10sPong response timeout
ACP_TASK_PROMPT_TIMEOUT6hTask execution prompt timeout
ACP_IDLE_SUSPEND_TIMEOUT30mIdle session auto-suspend timeout
ACP_NOTIF_SERIALIZE_TIMEOUT5sNotification serialization timeout

MCP (Agent Tools)

Section titled “MCP (Agent Tools)”
VariableDefaultDescription
MCP_TOKEN_TTL_SECONDS14400 (4 hours)Token lifetime for agent MCP access (must be >= max execution time)
MCP_RATE_LIMIT120Max MCP requests per window
MCP_RATE_LIMIT_WINDOW_SECONDS60Rate limit window
MCP_DISPATCH_MAX_DEPTH3Max recursion depth for dispatch_task
MCP_DISPATCH_MAX_PER_TASK5Max dispatched tasks per parent task
MCP_DISPATCH_MAX_ACTIVE_PER_PROJECT10Max active dispatched tasks per project

Voice & Text-to-Speech

Section titled “Voice & Text-to-Speech”
VariableDefaultDescription
WHISPER_MODEL_ID@cf/openai/whisper-large-v3-turboTranscription model
MAX_AUDIO_SIZE_BYTES10485760 (10 MB)Max upload audio size
MAX_AUDIO_DURATION_SECONDS60Max recording duration
RATE_LIMIT_TRANSCRIBE30Max transcriptions per minute
TTS_ENABLEDtrueEnable/disable text-to-speech
TTS_MODEL@cf/deepgram/aura-2-enTTS model
TTS_SPEAKERlunaTTS voice selection
TTS_ENCODINGmp3Audio output format
TTS_MAX_TEXT_LENGTH100000Max characters per TTS synthesis
TTS_TIMEOUT_MS60000TTS synthesis timeout

Context Summarization (Forking)

Section titled “Context Summarization (Forking)”
VariableDefaultDescription
CONTEXT_SUMMARY_MODEL@cf/google/gemma-3-12b-itModel for conversation context summarization
CONTEXT_SUMMARY_MAX_LENGTH4000Max summary length in characters
CONTEXT_SUMMARY_TIMEOUT_MS10000Summarization timeout
CONTEXT_SUMMARY_MAX_MESSAGES50Max messages to include in summary
CONTEXT_SUMMARY_SHORT_THRESHOLD5Skip AI for conversations this short

Idea Execution Timeouts

Section titled “Idea Execution Timeouts”
VariableDefaultDescription
TASK_RUN_MAX_EXECUTION_MS14400000 (4 hr)Max task execution time
TASK_STUCK_QUEUED_TIMEOUT_MS600000 (10 min)Timeout for tasks stuck in queued state
TASK_STUCK_DELEGATED_TIMEOUT_MS1860000 (31 min)Timeout for tasks stuck in delegated state
TASK_CALLBACK_TIMEOUT_MS10000Callback response timeout
TASK_CALLBACK_RETRY_MAX_ATTEMPTS3Max callback retry attempts
TASK_RUN_CLEANUP_DELAY_MS5000Delay before task cleanup

Node & Workspace Readiness

Section titled “Node & Workspace Readiness”
VariableDefaultDescription
NODE_AGENT_READY_TIMEOUT_MS600000 (10 min)Wait for VM agent to report ready
NODE_AGENT_READY_POLL_INTERVAL_MS5000Poll interval for agent readiness
TASK_RUNNER_WORKSPACE_READY_TIMEOUT_MS1800000 (30 min)Max wait for workspace-ready callback
PROVISIONING_TIMEOUT_MS1800000 (30 min)Cron marks stuck workspaces as error

Platform Limits

Section titled “Platform Limits”
VariableDefaultDescription
MAX_NODES_PER_USER10Max nodes per user
MAX_AGENT_SESSIONS_PER_WORKSPACE10Max concurrent agent sessions
MAX_PROJECTS_PER_USER100Max projects per user
MAX_TASKS_PER_PROJECT500Max ideas per project
MAX_TASK_MESSAGE_LENGTH16000Max idea description length

Durable Object Limits

Section titled “Durable Object Limits”
VariableDefaultDescription
MAX_SESSIONS_PER_PROJECT1000Max chat sessions per project
MAX_MESSAGES_PER_SESSION10000Max messages per chat session
MESSAGE_SIZE_THRESHOLD102400Max message size in bytes
ACTIVITY_RETENTION_DAYS90Days to retain activity events
SESSION_IDLE_TIMEOUT_MINUTES60Idle session timeout
DO_SUMMARY_SYNC_DEBOUNCE_MS5000Debounce for DO-to-D1 summary sync

Runtime Config Limits

Section titled “Runtime Config Limits”
VariableDefaultDescription
MAX_PROJECT_RUNTIME_ENV_VARS_PER_PROJECT150Max env vars per project
MAX_PROJECT_RUNTIME_FILES_PER_PROJECT50Max files per project
MAX_PROJECT_RUNTIME_ENV_VALUE_BYTES8192Max bytes per env var value
MAX_PROJECT_RUNTIME_FILE_CONTENT_BYTES131072Max bytes per file content
MAX_PROJECT_RUNTIME_FILE_PATH_LENGTH256Max file path length

External API Timeouts

Section titled “External API Timeouts”
VariableDefaultDescription
HETZNER_API_TIMEOUT_MS30000Hetzner API request timeout
CF_API_TIMEOUT_MS30000Cloudflare API request timeout
NODE_AGENT_REQUEST_TIMEOUT_MS30000VM Agent request timeout

Admin Observability

Section titled “Admin Observability”
VariableDefaultDescription
OBSERVABILITY_ERROR_RETENTION_DAYS30Error log retention
OBSERVABILITY_ERROR_MAX_ROWS100000Max stored error rows
OBSERVABILITY_ERROR_BATCH_SIZE25Error ingestion batch size
OBSERVABILITY_LOG_QUERY_RATE_LIMIT30Log queries per minute per admin

VM TLS

Section titled “VM TLS”
VariableDefaultDescription
VM_AGENT_PROTOCOLhttpsProtocol for VM agent communication
VM_AGENT_PORT8443VM agent listening port
ORIGIN_CA_CERT(auto)TLS certificate (auto-generated by Pulumi)
ORIGIN_CA_KEY(auto)TLS private key (auto-generated by Pulumi)

Journald Configuration (VM)

Section titled “Journald Configuration (VM)”

Applied via cloud-init on each node:

SettingDefaultDescription
SystemMaxUse500MMax disk space for journal
SystemKeepFree1GMinimum free disk to maintain
MaxRetentionSec7dayMax log retention period
StoragepersistentPersist logs across reboots
CompressyesCompress stored entries

File Upload & Download

Section titled “File Upload & Download”
VariableDefaultDescription
FILE_UPLOAD_MAX_BYTES52428800 (50 MB)Max size per uploaded file
FILE_UPLOAD_BATCH_MAX_BYTES262144000 (250 MB)Max total size per upload batch
FILE_UPLOAD_TIMEOUT120sUpload timeout (VM agent)
FILE_UPLOAD_TIMEOUT_MS120000 (120s)Upload proxy timeout (Worker)
FILE_DOWNLOAD_TIMEOUT_MS60000 (60s)Download proxy timeout
FILE_DOWNLOAD_MAX_BYTES52428800 (50 MB)Max download file size

File Browsing & Raw Proxy

Section titled “File Browsing & Raw Proxy”
VariableDefaultDescription
FILE_PROXY_TIMEOUT_MS15000File proxy request timeout
FILE_PROXY_MAX_RESPONSE_BYTES2097152 (2 MB)Max file proxy response size
FILE_RAW_MAX_SIZE52428800 (50 MB)Max raw binary file size (VM agent)
FILE_RAW_TIMEOUT60sRaw file streaming timeout (VM agent)
FILE_RAW_PROXY_MAX_BYTES52428800 (50 MB)Max raw file proxy size (Worker)

MCP Idea Tools

Section titled “MCP Idea Tools”
VariableDefaultDescription
MCP_IDEA_CONTEXT_MAX_LENGTH500Max characters of idea context shown to agents
MCP_IDEA_LIST_LIMIT20Default page size for list_ideas
MCP_IDEA_LIST_MAX100Max page size for list_ideas
MCP_IDEA_SEARCH_MAX20Max results from search_ideas
MCP_MESSAGE_SEARCH_MAX20Max results from search_messages
MCP_MESSAGE_LIST_LIMIT50Default page size for get_session_messages
MCP_MESSAGE_LIST_MAX200Max messages per get_session_messages request

Web UI (Build-Time)

Section titled “Web UI (Build-Time)”
VariableDefaultDescription
VITE_FILE_PREVIEW_INLINE_MAX_BYTES10485760 (10 MB)Images below this size render inline automatically
VITE_FILE_PREVIEW_LOAD_MAX_BYTES52428800 (50 MB)Images below this size show click-to-load; above shows download link

Admin Analytics

Section titled “Admin Analytics”
VariableDefaultDescription
ANALYTICS_GEO_LIMIT50Max countries in geographic distribution view
ANALYTICS_RETENTION_WEEKS12Number of weeks for retention cohort analysis

Analytics Forwarding

Section titled “Analytics Forwarding”
VariableDefaultDescription
ANALYTICS_FORWARD_ENABLEDfalseEnable external analytics event forwarding
ANALYTICS_FORWARD_EVENTS(all)Comma-separated list of events to forward
ANALYTICS_FORWARD_LOOKBACK_HOURS25Hours to look back for events
SEGMENT_WRITE_KEY(unset)Segment Write Key for event forwarding
SEGMENT_API_URLhttps://api.segment.io/v1/batchSegment API endpoint
SEGMENT_MAX_BATCH_SIZE100Max events per Segment batch request
GA4_MEASUREMENT_ID(unset)Google Analytics 4 Measurement ID
GA4_API_SECRET(unset)Google Analytics 4 API secret
GA4_API_URLhttps://www.google-analytics.com/mp/collectGA4 Measurement Protocol endpoint
GA4_MAX_BATCH_SIZE25Max events per GA4 batch request