All Settings¶
This chapter explains, area by area, the system environment variables managed on the Admin Center → Environment → All Settings screen. This screen is an advanced view that lets you review and edit every environment variable the solution uses from a single page.
Use the dedicated menus first
For day-to-day configuration, the dedicated menus — LLM, Search / Embedding, Guardrail — are easier to use. The All Settings screen is for when you need to review or edit the same values precisely at the key-value level.
Screen Layout¶
Select Admin Center → Environment → All Settings in the left menu to open the screen. A search box at the top ("Search by variable name, path, value...") lets you filter instantly by key name, dotted path, or value.
Each setting is listed as a card showing the following.
| Element | Meaning |
|---|---|
| Variable name | Upper-case key (e.g., EMBEDDING_PROVIDER) |
| Path | Dotted configuration path (e.g., embedding.provider) |
| Type badge | Value format — Str / Num / Bool / Json / Enum (fixed choices) / Array |
| Set / Default badge | Set means it has been changed from the factory default, Default means it is unchanged |
| Current value / Default | The currently applied value alongside the factory default |
Some items also show a description of what the setting does and the available choices. Sensitive values such as passwords and API keys are masked as ********.
Confirm the blast radius before changing
All Settings exposes keys that directly affect how the solution behaves — LLM, embedding, guardrail, workflow, and more. A wrong value can immediately affect in-progress chats, agent runs, and knowledge search. Review changes with your operations team beforehand, and since the same key can also be edited from a dedicated menu, record which screen you changed it on.
Areas at a Glance¶
The category tabs may vary by environment, but they generally cover the following areas. Most are easier to configure from a dedicated menu, noted alongside.
| Area | What it configures | Dedicated menu / chapter |
|---|---|---|
| Embedding / Search | The embedding model and reranker that turn documents and queries into vectors | Embedding & Vector Search |
| Vector DB | Connection to the vector database that stores and searches embedding vectors | Embedding & Vector Search |
| LLM providers | The language models used for chat and inference (OpenAI / Anthropic / Gemini / vLLM, etc.) | LLM Settings |
| Guardrail | Harmful-content, forbidden-word, and personal-information (PII) filters | Guardrail Model, PII Policy |
| Vision-language | Models that understand images and documents (OCR) | — |
| Document processing | Extracting text from images inside uploaded documents | — |
| Audio (STT / TTS) | Speech-to-text and text-to-speech | — |
| Application | Operating policies: deployment approval, sharing, sessions, security | (see Application below) |
| Approval integration | Integration with an external e-approval system | — |
| Knowledge retention (TTL) | Automatic expiry period for knowledge | — |
| Notification | Slack, email, and system alerts | — |
| GPU infrastructure | On-demand GPU rental and model serving | — |
| Training / experiments | Training server and experiment tracking | — |
Each area's key settings are explained below. Typing a variable name into the search box jumps straight to that item.
Embedding / Search¶
This area turns documents and queries into vectors for knowledge search (RAG). For registration steps, see Embedding & Vector Search.
| Variable | Meaning |
|---|---|
EMBEDDING_PROVIDER |
Embedding provider — an external API (e.g., OpenAI) or a self-hosted server (custom). |
CUSTOM_EMBEDDING_URL / CUSTOM_EMBEDDING_MODEL_NAME |
Address and model identifier of a self-hosted embedding server. |
OPENAI_EMBEDDING_MODEL_NAME, VOYAGE_* |
Model, key, and URL when using an external provider such as OpenAI or Voyage. |
AUTO_DETECT_EMBEDDING_DIM |
Whether to auto-detect the vector dimension the model outputs. |
EMBEDDING_RERANKER_PROVIDER / EMBEDDING_RERANKER_MODEL |
Method and model of the reranker that reorders first-pass search results. |
Embedding dimension must match the vector DB dimension
If the vector dimension produced by the embedding model differs from the vector DB's vector_dimension, ingestion and search fail. When changing the embedding model, check the dimension too, and re-embed existing collections if needed.
Vector DB¶
Connection details for the vector database that stores vectors and performs similarity search.
| Variable | Meaning |
|---|---|
QDRANT_HOST / QDRANT_PORT |
Vector database host and port. |
QDRANT_VECTOR_DIMENSION |
Dimension of stored vectors. Must match the embedding model's output dimension. |
QDRANT_USE_GRPC / QDRANT_GRPC_PORT |
Whether to use gRPC, and its port. |
QDRANT_API_KEY |
Access key when authentication is enabled. |
LLM Providers¶
Settings for the language models used in chat and inference. Each provider repeats the same set of items — API key / default model / base URL / temperature / max tokens / request timeout. For registration, see LLM Settings.
| Variable | Meaning |
|---|---|
DEFAULT_LLM_PROVIDER |
The LLM provider used by default (OpenAI / Anthropic / Gemini / vLLM, etc.). |
LLM_AUTO_FALLBACK |
Whether to switch automatically to another provider if the default call fails. |
LLM_CONNECTION_TIMEOUT / LLM_MAX_RETRIES |
Connection wait time (seconds) and retry count. |
OPENAI_* / ANTHROPIC_* / GEMINI_* / VLLM_* |
Each provider's API key, default model, base URL, temperature, max tokens, and timeout. |
temperature controls how varied responses are (closer to 0 = more consistent, closer to 1 = more diverse); max_tokens caps the length of a single generated response.
Guardrail / Safety¶
This area inspects the risk of LLM inputs and outputs. For details, see Guardrail Model and PII Policy.
| Variable | Meaning |
|---|---|
GUARDER_PROVIDER |
Guard model method (none / external / self-hosted, etc.). |
GUARDER_API_BASE_URL / GUARDER_MODEL_NAME |
Guard model server address and model name. |
IS_AVAILABLE_GUARDER |
Whether harmful-content guarding is enabled. |
IS_AVAILABLE_PIIS |
Whether personal-information (PII) detection/masking is enabled. |
IS_AVAILABLE_FORBIDDEN_WORDS |
Whether the forbidden-word filter is enabled. |
GUARDER_FAIL_OPEN |
Behavior when the guard model fails. true keeps serving despite a failure; false blocks. |
GUARDER_RIGOROUS |
Strict mode — judges more conservatively. |
Guard connection and enablement are separate
Even when a guard model server (GUARDER_*) is configured, no checks run if IS_AVAILABLE_GUARDER, IS_AVAILABLE_PIIS, and IS_AVAILABLE_FORBIDDEN_WORDS are all off. To enforce control policies, enable both the model connection and each toggle.
Vision-Language Models¶
Settings for models that understand images and scanned documents, or extract text via OCR.
| Variable | Meaning |
|---|---|
VISION_LANGUAGE_MODEL_PROVIDER |
The vision provider to use (none / OpenAI / Anthropic / Gemini / vLLM / AWS, etc.). |
VISION_LANGUAGE_<provider>_* |
Each provider's API key, base URL, model name, temperature, image quality, and batch size. |
VISION_LANGUAGE_VLLM_MODEL_TYPE |
The type of self-served (vLLM) model; the type auto-applies sampling defaults and OCR prompts. |
VISION_LANGUAGE_VLLM_OCR_INSTRUCTION |
The OCR instruction prompt sent to the vision model (uses the default when blank). |
Document Processing¶
Settings for extracting text from images inside uploaded documents. Choose the model provider with DOCUMENT_PROCESSOR_IMAGE_TEXT_MODEL_PROVIDER, then set the provider's base URL, key, and model name. Leave it as no_model if unused.
Audio (STT / TTS)¶
| Variable | Meaning |
|---|---|
IS_AVAILABLE_STT / STT_PROVIDER |
Whether speech-to-text (STT) is enabled, and its provider. |
IS_AVAILABLE_TTS / TTS_PROVIDER |
Whether text-to-speech (TTS) is enabled, and its provider. |
Each provider also offers model-name and device (cpu/gpu) items. Turn the toggles off in environments that do not use audio.
Application¶
This area sets operating policies — deployment approval, sharing, sessions, security — and directly affects governance and security. Take particular care when changing it.
| Variable | Meaning |
|---|---|
DEPLOYMENT_MODE |
Approval procedure for external agent deployment: immediate / admin one-step / admin + governance two-step. The two-step flow is covered in Agent Operations and AI Governance. |
REQUIRE_RE_DEPLOY_ACCEPT |
Whether editing/saving a workflow invalidates the existing deployment approval and requires re-approval. |
SHARE_POLICY |
How sharing relates to deployment: independent, or sharing takes effect only once deployed. |
SHARE_PERMISSION_MODE |
Scope of share permissions: read/run only, or read-write allowed per role. |
SHARE_ON_UNDEPLOY |
How existing shares are handled when deployment is removed: suspend / revoke / retain. |
AGENT_DEV_PLAN_REQUIRED |
Whether selecting an Agent development plan is mandatory at deployment (request) time. |
ADMIN_IP_ACL |
IP whitelist allowed for super-admin login and requests. No IP check is performed when empty. |
ACCESS_TOKEN_EXPIRE_MIN |
Maximum session lifetime (minutes) after which the session auto-expires. |
INACTIVITY_TIMEOUT_MIN |
Inactivity timeout (minutes) that force-expires a session after no activity. 0 disables it. |
REFRESH_TOKEN_EXPIRE_DAYS |
Period (days) during which auto re-login is possible; once expired, the user must log in again. |
WORKFLOW_MAX_WORKERS |
Cap on concurrent workflow executions. |
SIDEBAR_CONFIG |
Sidebar menu composition (JSON), usually managed via Environment → Sidebar. |
PATHFINDER_DOWNLOAD_URL |
Download link opened from the Pathfinder banner on the Agent design start screen. |
Approval Integration¶
Settings to integrate agent deployment approval with an external e-approval system.
| Variable | Meaning |
|---|---|
APPROVAL_ENABLED |
Whether external approval integration is used. When off, only the solution's internal approval works. |
APPROVAL_HOST |
Approval API base URL. |
APPROVAL_CLIENT_ID / APPROVAL_CLIENT_SECRET |
Pre-issued integration credentials (the secret is sensitive). |
APPROVAL_CALLBACK_BASE_URL |
Base URL that receives approval results. |
APPROVAL_ADMIN_APPROVERS |
Candidate email list for first-step approvers (platform admins). |
APPROVAL_GOVERNANCE_APPROVERS |
Candidate email list for second-step approvers (governance), used in two-step mode. |
Knowledge Retention (TTL)¶
Automatic-expiry policy for uploaded knowledge.
| Variable | Meaning |
|---|---|
KNOWLEDGE_TTL_MAX_DAYS |
Maximum number of days that can be set as a retention period. |
KNOWLEDGE_TTL_DEFAULT_DAYS |
Default retention days for new knowledge. |
KNOWLEDGE_TTL_GRACE_PERIOD_DAYS |
Grace period (days) between expiry and actual deletion. |
Notification¶
Settings to notify external channels of system events and alerts.
| Variable | Meaning |
|---|---|
NOTIFICATION_ENABLED |
Master switch for sending notifications. |
SLACK_WEBHOOK_URL |
Slack notification destination. |
EMAIL_SMTP_HOST / EMAIL_SMTP_PORT / EMAIL_USERNAME |
SMTP server details for email sending. |
CPU_ALERT_THRESHOLD / MEMORY_ALERT_THRESHOLD |
Resource-usage alert thresholds (%). |
NOTIFICATION_* (unified messaging) |
Integration details for an in-house unified messaging system (host, client, interface identifiers, etc.). |
GPU Infrastructure · Model Serving¶
Automation for renting external GPUs to serve models, plus connections to additional inference servers. These are configured by infrastructure staff during installation and operations.
| Variable | Meaning |
|---|---|
VAST_* |
On-demand GPU rental (VAST) settings — container image to use, instance selection criteria such as price cap, disk, and GPU RAM, plus auto-destroy and timeout. |
VLLM_* (vast) |
Options for the vLLM server launched on the rented GPU — served model, max context length, GPU memory utilization, parallelism. |
SGL_* |
SGLang inference server connection. |
SESSION_STATION_* |
Connection and retention time for the session/conversation-state store. |
WORKFLOW_EXECUTION_TIMEOUT |
Time limit (seconds) for a single workflow execution. |
Training · Experiments · External Integrations¶
| Variable | Meaning |
|---|---|
TRAINER_HOST / TRAINER_PORT |
Connection details for the model training service. |
MLFLOW_* |
Experiment/model tracking (MLflow) connection — tracking URL, default experiment, cache location. |
HF_TOKEN / IS_AVAILABLE_HUGGINGFACE / HUGGINGFACE_* |
HuggingFace model hub integration — token, enablement, API, cache, offline mode. |
AWS_* |
Credentials, region, and endpoint for calling AWS Bedrock. |
Operating Recommendations¶
- Prefer the dedicated menus — LLM, embedding, guardrail, and others provide input validation and connection tests. Use All Settings for precise review and exceptional edits.
- Back up and record before changing — note the current value before changing it, and record the reason and the screen used. All changes are written to the audit log.
- Handle sensitive values carefully — deliver API keys, secrets, and tokens only through a secure channel, and avoid exposing them during screen sharing or captures.
- Check the enable toggles — guardrail, audio, notification, and others only work once their enablement flags (
IS_AVAILABLE_*,*_ENABLED) are turned on, even if the model/connection is set.
Contact¶
For questions about All Settings, please contact the Xgen Solution Administrator.