Public hosts
Replace
example.com with domains you control. The public demo uses https://console.demo.acornops.dev and https://api.demo.acornops.dev. The platform route and the management console route are separate, but both default deployment paths proxy /api to the control plane. The management console uses its own origin for browser session flows so cookies stay same-origin.
For Kubernetes, configure these with platform.publicUrl, platform.consoleUrl, exposure.ingress.apiHost, and exposure.ingress.consoleHost. For VM Compose, configure CONTROL_PLANE_BASE_URL, API_HOST, MANAGEMENT_CONSOLE_HOST, MANAGEMENT_CONSOLE_UPSTREAM, and CORS_ORIGIN. Keep TRUST_PROXY=1 when TLS and host headers are handled by the edge proxy.
Required secret keys
The Kubernetes chart defaults to an existing Secret namedacornops-platform-secrets. These keys are required for the central platform:
Optional provider and secret-backend keys include:
Generate unique values for every internal token and encryption key per environment.
Automation runtime
See Agents and workflows for rollout order and delivery guarantees.
EXTERNAL_INTEGRATION_CLIENTS_JSON stores descriptors such as client id, provider,
display name, enabled flag, and lowercase SHA-256 token hash. Generate raw
bearer tokens out of band and store only their hashes in this Secret value. Raw
external integration client tokens do not authorize general control-plane API
calls; they are accepted only by the external integration account-link, resolve,
revoke, and linked-user bot endpoints.
Internal transport TLS
Kubernetes platform installs default to plaintext HTTP between internal platform services. To enable internal HTTPS/mTLS, setinternalTransport.tls.enabled=true
and provide Kubernetes Secret names under internalTransport.tls.ca.secretName
and internalTransport.tls.certificates.*.secretName.
The chart accepts only Secret names and key names. It does not accept raw PEM
certificate or private key values. Public ingress stays on the control-plane HTTP
service port; the chart adds a separate internal mTLS listener for callbacks,
JWKS, and the built-in MCP bridge. Kubelet probes use dedicated health ports for
services that require mTLS for application traffic.
The built-in MCP bridge uses the same run-scoped JWT authorization as other
execution-time LLM gateway calls. There is no separate built-in MCP service
token to configure.
OIDC
The control plane owns OIDC login and callback handling:- Login entrypoint:
GET /api/v1/auth/oidc/login?return_to=<management-console-url> - Callback entrypoint:
GET /api/v1/auth/oidc/callback
/api proxy. If you override auth.oidc.redirectUri or OIDC_REDIRECT_URI, register the exact override value instead. Registering only https://api.example.com/api/v1/auth/oidc/callback will fail unless your deployment is configured to use that URL as the OIDC redirect URI.
Common OIDC settings:
Password auth
Password login is enabled by default alongside OIDC, password reset is enabled by default for password-backed accounts, and self-service signup is disabled in production deployment configs. The management console readsGET /api/v1/auth/config and shows only the enabled login methods.
Operators can:
- disable password login with
auth.password.enabled=falseorPASSWORD_AUTH_ENABLED=false, - disable password reset with
auth.password.resetEnabled=falseorPASSWORD_RESET_ENABLED=false, - enable self-service signup with
auth.password.signupEnabled=trueorPASSWORD_SIGNUP_ENABLED=true.
email.deliveryMode=smtp, email.from, email.publicBaseUrl, and email.smtp.* Helm values, backed by SMTP_USERNAME and SMTP_PASSWORD in the platform Secret.
Password reset defaults:
PASSWORD_RESET_TOKEN_TTL_SECONDS:3600PASSWORD_RESET_REQUEST_WINDOW_SECONDS:300
EMAIL_DELIVERY_MODE=log. Production rejects log delivery unless EMAIL_DELIVERY_ALLOW_LOG_IN_PRODUCTION=true is set explicitly.
When self-service signup is enabled, email verification is required by default. Only private deployments should disable verification with PASSWORD_SIGNUP_ALLOW_UNVERIFIED_EMAIL=true.
Development deployments may expose a dev-login endpoint. Do not enable dev-login in production.
Browser sessions
Browser sessions have both an absolute max age and a sliding idle timeout.SESSION_MAX_AGE_SECONDS defaults to 604800 and controls the absolute session lifetime. SESSION_IDLE_TIMEOUT_SECONDS defaults to 86400 and refreshes on active authenticated requests until the absolute max age is reached.
SESSION_TTL_SECONDS is still accepted as a legacy fallback for SESSION_MAX_AGE_SECONDS when the newer variable is unset. Keep SESSION_IDLE_TIMEOUT_SECONDS less than or equal to the effective max age.
LLM providers and run limits
The control plane sets default model policy and runtime budgets for runs:
The LLM gateway enforces the run-scoped JWT minted by the control plane. It should not infer provider, model, or tool permissions from request body fields alone.
Reasoning summaries are workspace opt-in and off by default for each workspace. When enabled in AI Settings, OpenAI, Anthropic, and Gemini may stream short provider-generated summaries while a response is being generated. AcornOps displays summaries only; it does not request or expose raw chain-of-thought, encrypted reasoning items, thinking signatures, or provider-internal reasoning state.
Operators can set the deployment policy ceiling with:
Summaries are saved in run event history when enabled, so users who reconnect or review a completed run see the same summary trail. Provider and model support varies, and summaries can increase provider latency or billable reasoning/output tokens.
Gateway auth readiness and limits
The LLM gateway validates run-scoped JWTs against the control plane’s JWKS endpoint. Keep JWKS readiness required in production so gateway pods do not accept runtime traffic before they have a fresh signing-key view.Write confirmations
Write-capable Kubernetes agent tools require confirmation by default. VM built-in tools are read-only. The deployment default is controlled by:
Clusters can inherit the deployment default or set a per-cluster override. Required confirmations are enforced by the backend runtime before tool execution. Browser chat cards and bot surfaces only submit explicit approve or reject decisions.
In the management console, per-cluster write confirmation policy is managed from Cluster Settings.
Audit logging lifecycle
Workspace audit logging is deployment-wide. There is no workspace-level or user-level override.
Supported modes are:
read_write: persist read and write audit events.write_only: persist only audit events classified asoperation: "write".disabled: persist no future workspace audit events.
disabled. Audit metadata remains sanitized before persistence, so raw tokens, secrets, message bodies, pod logs, auth headers, and full tool arguments are not stored.
MCP egress policy
Remote MCP servers are configured per target. The management console presents MCP server settings on Kubernetes cluster and VM target pages. In production, the gateway should require HTTPS and block private, local, and reserved network targets unless you intentionally allow specific hosts. Use allow-lists for trusted internal MCP endpoints instead of broad private-network access.
Remote MCP server
publicHeaders are for non-secret metadata only. Credentials belong in secret-backed auth fields, and platform scope headers are reserved.