@treeseed/agent 0.8.5

package/dist/env.yaml

@@ -0,0 +1,957 @@
+entries:
+  RAILWAY_API_TOKEN:
+    label: Railway API token
+    group: auth
+    description: Primary Railway token for user or workspace scoped access, including project creation and most Treeseed-managed Railway flows.
+    howToGet: In Railway, create a user or workspace API token that can create and manage the target project, then paste it here.
+    sensitivity: secret
+    targets:
+      - local-runtime
+      - github-secret
+      - railway-secret
+    scopes:
+      - staging
+      - prod
+    storage: shared
+    requirement: conditional
+    purposes:
+      - deploy
+      - destroy
+      - config
+    validation:
+      kind: nonempty
+      minLength: 8
+    sourcePriority:
+      - machine-config
+      - process-env
+    relevanceRef: railwayManagedEnabled
+    requiredWhenRef: railwayManagedEnabled
+  RAILWAY_TOKEN:
+    label: Railway project token
+    group: auth
+    description: Project-scoped Railway token used by the Railway CLI for CI deploy uploads. Treeseed can mint a scoped token from RAILWAY_API_TOKEN during processing deploys when this is not configured.
+    howToGet: In Railway, open the target project environment settings, create a project token, and store it as RAILWAY_TOKEN. Leave unset when Treeseed should mint an ephemeral CI deploy token from RAILWAY_API_TOKEN.
+    sensitivity: secret
+    targets:
+      - github-secret
+    scopes:
+      - staging
+      - prod
+    storage: scoped
+    requirement: optional
+    purposes:
+      - deploy
+    validation:
+      kind: nonempty
+      minLength: 8
+    sourcePriority:
+      - machine-config
+      - process-env
+    relevanceRef: railwayManagedEnabled
+  TREESEED_RAILWAY_WORKSPACE:
+    label: Railway workspace
+    group: railway
+    description: Railway workspace Treeseed should use when listing or creating projects during bootstrap and config reconciliation.
+    howToGet: In Railway, use the workspace slug or name shown in the workspace switcher. Treeseed defaults this repository to knowledge-coop unless you override it here.
+    sensitivity: plain
+    targets:
+      - railway-var
+    scopes:
+      - staging
+      - prod
+    storage: shared
+    requirement: conditional
+    purposes:
+      - deploy
+      - destroy
+      - config
+    validation:
+      kind: nonempty
+    sourcePriority:
+      - machine-config
+      - process-env
+    defaultValueRef: railwayWorkspaceDefault
+    relevanceRef: railwayManagedEnabled
+    requiredWhenRef: railwayManagedEnabled
+  TREESEED_PROJECT_RUNNER_TOKEN:
+    label: Project runner registration token
+    group: hosting
+    description: Shared bearer token used by manager, worker, and agents services to authenticate against the market control plane for remote jobs and agent-pool registration.
+    howToGet: Generate or rotate this token from the market control plane after connecting a project environment.
+    sensitivity: secret
+    targets:
+      - github-secret
+      - railway-secret
+    scopes:
+      - staging
+      - prod
+    storage: scoped
+    requirement: conditional
+    purposes:
+      - deploy
+      - config
+    validation:
+      kind: nonempty
+    sourcePriority:
+      - machine-config
+      - process-env
+    relevanceRef: projectRegistrationEnabled
+  TREESEED_AGENT_POOL_MIN_WORKERS:
+    label: Agent pool minimum workers
+    group: hosting
+    description: Lower autoscaling bound for the Railway worker service for one project environment.
+    howToGet: Set this to 0 for scale-to-zero by default unless the project requires warm workers.
+    sensitivity: plain
+    targets:
+      - github-variable
+      - railway-var
+    scopes:
+      - staging
+      - prod
+    storage: scoped
+    requirement: conditional
+    purposes:
+      - deploy
+      - config
+    validation:
+      kind: number
+    sourcePriority:
+      - machine-config
+      - process-env
+    relevanceRef: railwayManagedEnabled
+    defaultValueRef: agentPoolMinWorkersDefault
+  TREESEED_AGENT_POOL_MAX_WORKERS:
+    label: Agent pool maximum workers
+    group: hosting
+    description: Upper autoscaling bound for the Railway worker service for one project environment.
+    howToGet: Choose a value that reflects your budget and expected concurrency ceiling.
+    sensitivity: plain
+    targets:
+      - github-variable
+      - railway-var
+    scopes:
+      - staging
+      - prod
+    storage: scoped
+    requirement: conditional
+    purposes:
+      - deploy
+      - config
+    validation:
+      kind: number
+    sourcePriority:
+      - machine-config
+      - process-env
+    relevanceRef: railwayManagedEnabled
+    defaultValueRef: agentPoolMaxWorkersDefault
+  TREESEED_AGENT_POOL_TARGET_QUEUE_DEPTH:
+    label: Agent pool target queue depth
+    group: hosting
+    description: Desired queue depth per worker instance that the manager uses when computing worker scale.
+    howToGet: Start with 1 for conservative scaling, then raise it only after observing stable worker latency.
+    sensitivity: plain
+    targets:
+      - github-variable
+      - railway-var
+    scopes:
+      - staging
+      - prod
+    storage: scoped
+    requirement: conditional
+    purposes:
+      - deploy
+      - config
+    validation:
+      kind: number
+    sourcePriority:
+      - machine-config
+      - process-env
+    relevanceRef: railwayManagedEnabled
+    defaultValueRef: agentPoolTargetQueueDepthDefault
+  TREESEED_AGENT_POOL_COOLDOWN_SECONDS:
+    label: Agent pool cooldown seconds
+    group: hosting
+    description: Cooldown window the manager uses before scaling the worker pool down after queue activity drops.
+    howToGet: Start with 60 seconds to prevent worker thrash in lightly bursty environments.
+    sensitivity: plain
+    targets:
+      - github-variable
+      - railway-var
+    scopes:
+      - staging
+      - prod
+    storage: scoped
+    requirement: conditional
+    purposes:
+      - deploy
+      - config
+    validation:
+      kind: number
+    sourcePriority:
+      - machine-config
+      - process-env
+    relevanceRef: railwayManagedEnabled
+    defaultValueRef: agentPoolCooldownSecondsDefault
+  TREESEED_WORKDAY_TIMEZONE:
+    label: Workday timezone
+    group: hosting
+    description: IANA timezone used when evaluating active work windows for the manager.
+    howToGet: Use the project team's operating timezone, such as America/New_York.
+    sensitivity: plain
+    targets:
+      - github-variable
+      - railway-var
+    scopes:
+      - staging
+      - prod
+    storage: scoped
+    requirement: optional
+    purposes:
+      - deploy
+      - config
+    validation:
+      kind: nonempty
+    sourcePriority:
+      - machine-config
+      - process-env
+    defaultValueRef: workdayTimezoneDefault
+  TREESEED_WORKDAY_WINDOWS_JSON:
+    label: Workday schedule JSON
+    group: hosting
+    description: JSON array of recurring work windows used by the manager to decide when to open or close a workday.
+    howToGet: Provide a JSON value like [{"days":[1,2,3,4,5],"startTime":"09:00","endTime":"17:00"}].
+    sensitivity: plain
+    targets:
+      - github-variable
+      - railway-var
+    scopes:
+      - staging
+      - prod
+    storage: scoped
+    requirement: optional
+    purposes:
+      - deploy
+      - config
+    validation:
+      kind: nonempty
+    sourcePriority:
+      - machine-config
+      - process-env
+    defaultValueRef: workdayWindowsDefault
+  TREESEED_WORKDAY_TASK_CREDIT_BUDGET:
+    label: Daily task-credit budget
+    group: hosting
+    description: Maximum task credits the manager may allocate during one workday before it stops seeding new work.
+    howToGet: Choose the daily throughput ceiling that matches the team's Copilot and infrastructure budget.
+    sensitivity: plain
+    targets:
+      - github-variable
+      - railway-var
+    scopes:
+      - staging
+      - prod
+    storage: scoped
+    requirement: optional
+    purposes:
+      - deploy
+      - config
+    validation:
+      kind: number
+    sourcePriority:
+      - machine-config
+      - process-env
+    defaultValueRef: workdayTaskCreditBudgetDefault
+  TREESEED_MANAGER_MAX_QUEUED_TASKS:
+    label: Manager max queued tasks
+    group: hosting
+    description: Upper bound on how many runnable tasks the manager will keep queued at one time.
+    howToGet: Start small so queue top-ups stay budget-aware and incremental.
+    sensitivity: plain
+    targets:
+      - github-variable
+      - railway-var
+    scopes:
+      - staging
+      - prod
+    storage: scoped
+    requirement: optional
+    purposes:
+      - deploy
+      - config
+    validation:
+      kind: number
+    sourcePriority:
+      - machine-config
+      - process-env
+    defaultValueRef: managerMaxQueuedTasksDefault
+  TREESEED_MANAGER_MAX_QUEUED_CREDITS:
+    label: Manager max queued credits
+    group: hosting
+    description: Credit ceiling for runnable queued work so the manager never seeds the entire day’s budget at once.
+    howToGet: Set this lower than or equal to the daily task-credit budget.
+    sensitivity: plain
+    targets:
+      - github-variable
+      - railway-var
+    scopes:
+      - staging
+      - prod
+    storage: scoped
+    requirement: optional
+    purposes:
+      - deploy
+      - config
+    validation:
+      kind: number
+    sourcePriority:
+      - machine-config
+      - process-env
+    defaultValueRef: managerMaxQueuedCreditsDefault
+  TREESEED_MANAGER_PRIORITY_MODELS:
+    label: Manager priority models
+    group: hosting
+    description: Comma-separated content models the manager should evaluate when building priority snapshots.
+    howToGet: Leave unset to use the default objective/question/note/page/book/knowledge set.
+    sensitivity: plain
+    targets:
+      - github-variable
+      - railway-var
+    scopes:
+      - staging
+      - prod
+    storage: scoped
+    requirement: optional
+    purposes:
+      - deploy
+      - config
+    validation:
+      kind: nonempty
+    sourcePriority:
+      - machine-config
+      - process-env
+    defaultValueRef: managerPriorityModelsDefault
+  TREESEED_TASK_CREDIT_WEIGHTS_JSON:
+    label: Task credit weights JSON
+    group: hosting
+    description: JSON array of task-type or model-specific credit weights used when estimating daily budget consumption.
+    howToGet: Provide a JSON value such as [{"type":"question","credits":3}].
+    sensitivity: plain
+    targets:
+      - github-variable
+      - railway-var
+    scopes:
+      - staging
+      - prod
+    storage: scoped
+    requirement: optional
+    purposes:
+      - deploy
+      - config
+    validation:
+      kind: nonempty
+    sourcePriority:
+      - machine-config
+      - process-env
+    defaultValueRef: taskCreditWeightsDefault
+  TREESEED_WORKER_POOL_SCALER:
+    label: Worker pool scaler kind
+    group: hosting
+    description: Selects the runtime worker scaler adapter. Hosted Railway projects should normally use railway.
+    howToGet: Set this to railway for hosted projects or noop/manual for self-hosted environments without automatic scale control.
+    sensitivity: plain
+    targets:
+      - github-variable
+      - railway-var
+    scopes:
+      - staging
+      - prod
+    storage: scoped
+    requirement: optional
+    purposes:
+      - deploy
+      - config
+    validation:
+      kind: enum
+      values:
+        - railway
+        - noop
+        - manual
+    sourcePriority:
+      - machine-config
+      - process-env
+    defaultValueRef: workerPoolScalerDefault
+  TREESEED_RAILWAY_PROJECT_ID:
+    label: Railway project ID
+    group: hosting
+    visibility: system
+    description: Railway project identifier used by runtime scaling and reconciliation helpers for the active environment.
+    howToGet: Copy the project ID from Railway when automatic worker scaling is enabled.
+    sensitivity: plain
+    targets:
+      - github-variable
+      - railway-var
+    scopes:
+      - staging
+      - prod
+    storage: scoped
+    requirement: optional
+    purposes:
+      - deploy
+      - config
+    validation:
+      kind: nonempty
+    sourcePriority:
+      - machine-config
+      - process-env
+  TREESEED_RAILWAY_ENVIRONMENT_ID:
+    label: Railway environment ID
+    group: hosting
+    visibility: system
+    description: Railway environment identifier used by the runtime scaler when adjusting worker replicas.
+    howToGet: Copy the environment ID from Railway for the matching staging or production environment.
+    sensitivity: plain
+    targets:
+      - github-variable
+      - railway-var
+    scopes:
+      - staging
+      - prod
+    storage: scoped
+    requirement: optional
+    purposes:
+      - deploy
+      - config
+    validation:
+      kind: nonempty
+    sourcePriority:
+      - machine-config
+      - process-env
+  TREESEED_RAILWAY_WORKER_SERVICE_ID:
+    label: Railway worker service ID
+    group: hosting
+    visibility: system
+    description: Railway service identifier for the scalable worker pool that the manager adjusts at runtime.
+    howToGet: Copy the worker service ID from Railway after the hosted project environment is provisioned.
+    sensitivity: plain
+    targets:
+      - github-variable
+      - railway-var
+    scopes:
+      - staging
+      - prod
+    storage: scoped
+    requirement: optional
+    purposes:
+      - deploy
+      - config
+    validation:
+      kind: nonempty
+    sourcePriority:
+      - machine-config
+      - process-env
+  TREESEED_API_BASE_URL:
+    label: Treeseed API base URL
+    group: auth
+    description: Base URL for the API used by the site BFF, CLI, and remote auth flows. Local defaults should resolve automatically from the integrated runtime, while hosted environments prefer configured service URLs and project domains.
+    howToGet: Override this only when the generated local or hosted API URL is wrong for the selected environment.
+    sensitivity: plain
+    targets:
+      - local-runtime
+      - local-cloudflare
+      - github-variable
+      - railway-var
+      - cloudflare-var
+    scopes:
+      - local
+      - staging
+      - prod
+    storage: scoped
+    requirement: required
+    purposes:
+      - dev
+      - deploy
+      - config
+    validation:
+      kind: nonempty
+    sourcePriority:
+      - machine-config
+      - process-env
+    defaultValueRef: apiBaseUrlDefault
+    relevanceRef: apiSurfaceEnabled
+  TREESEED_API_D1_DATABASE_ID:
+    label: API D1 database ID
+    group: auth
+    description: Cloudflare D1 database identifier used by the Railway API for remote auth and session persistence.
+    howToGet: In Cloudflare D1, copy the database ID for SITE_DATA_DB and paste it here.
+    sensitivity: plain
+    targets:
+      - railway-var
+    scopes:
+      - staging
+      - prod
+    requirement: optional
+    purposes:
+      - deploy
+      - config
+    validation:
+      kind: nonempty
+    sourcePriority:
+      - machine-config
+      - process-env
+    relevanceRef: apiSurfaceEnabled
+  TREESEED_API_D1_DATABASE_NAME:
+    label: API D1 database name
+    group: auth
+    description: D1 binding or database name used by the Railway API for local Wrangler-backed auth access.
+    howToGet: Use the D1 binding name, typically SITE_DATA_DB.
+    sensitivity: plain
+    targets:
+      - local-runtime
+    scopes:
+      - local
+    requirement: optional
+    purposes:
+      - dev
+      - config
+    validation:
+      kind: nonempty
+    sourcePriority:
+      - machine-config
+      - process-env
+    relevanceRef: apiSurfaceEnabled
+  TREESEED_API_D1_LOCAL_PERSIST_TO:
+    label: API local D1 persist path
+    group: auth
+    description: Optional Wrangler D1 persistence directory used when the Railway API runs locally against SITE_DATA_DB.
+    howToGet: Use the local Wrangler D1 persist directory, such as .wrangler/state/v3/d1.
+    sensitivity: plain
+    targets:
+      - local-runtime
+    scopes:
+      - local
+    requirement: optional
+    purposes:
+      - dev
+      - config
+    validation:
+      kind: nonempty
+    sourcePriority:
+      - machine-config
+      - process-env
+    relevanceRef: apiSurfaceEnabled
+  TREESEED_API_WEB_SERVICE_ID:
+    label: API trusted web service ID
+    group: auth
+    description: Trusted web service identity expected by the agent Treeseed API runtime in @treeseed/agent for Astro BFF calls.
+    howToGet: Match this to the web service ID configured on the Astro side, typically web.
+    sensitivity: plain
+    targets:
+      - local-runtime
+      - railway-var
+    scopes:
+      - local
+      - staging
+      - prod
+    requirement: required
+    purposes:
+      - dev
+      - deploy
+      - config
+    validation:
+      kind: nonempty
+    sourcePriority:
+      - machine-config
+      - process-env
+    defaultValueRef: apiWebServiceIdDefault
+    localDefaultValueRef: apiWebServiceIdDefault
+    relevanceRef: apiSurfaceEnabled
+  TREESEED_API_WEB_SERVICE_SECRET:
+    label: API trusted web service secret
+    group: auth
+    description: Shared secret expected by the agent Treeseed API runtime in @treeseed/agent for Astro BFF calls.
+    howToGet: Match this to the web service secret configured on the Astro side.
+    sensitivity: secret
+    targets:
+      - local-runtime
+      - github-secret
+      - railway-secret
+    scopes:
+      - local
+      - staging
+      - prod
+    requirement: required
+    purposes:
+      - dev
+      - deploy
+      - config
+    validation:
+      kind: nonempty
+    sourcePriority:
+      - machine-config
+      - process-env
+    defaultValueRef: generatedSecret
+    localDefaultValueRef: generatedSecret
+    relevanceRef: apiSurfaceEnabled
+  TREESEED_API_WEB_ASSERTION_SECRET:
+    label: API web assertion secret
+    group: auth
+    description: Secret used by the agent Treeseed API runtime in @treeseed/agent to verify trusted web user-context assertions.
+    howToGet: Match this to the web assertion secret configured on the Astro side.
+    sensitivity: secret
+    targets:
+      - local-runtime
+      - github-secret
+      - railway-secret
+    scopes:
+      - local
+      - staging
+      - prod
+    requirement: required
+    purposes:
+      - dev
+      - deploy
+      - config
+    validation:
+      kind: nonempty
+    sourcePriority:
+      - machine-config
+      - process-env
+    defaultValueRef: generatedSecret
+    localDefaultValueRef: generatedSecret
+    relevanceRef: apiSurfaceEnabled
+  TREESEED_API_AUTH_SECRET:
+    label: API auth secret
+    group: auth
+    description: Secret used by the agent API auth provider to sign access, refresh, service, and trusted exchange tokens.
+    howToGet: Generate a strong random secret and keep it stable per API environment.
+    sensitivity: secret
+    targets:
+      - local-runtime
+      - github-secret
+      - railway-secret
+    scopes:
+      - local
+      - staging
+      - prod
+    requirement: required
+    purposes:
+      - dev
+      - deploy
+      - config
+    validation:
+      kind: nonempty
+    sourcePriority:
+      - machine-config
+      - process-env
+    defaultValueRef: generatedSecret
+    localDefaultValueRef: generatedSecret
+    relevanceRef: apiSurfaceEnabled
+  TREESEED_API_ISSUER:
+    label: API token issuer
+    group: auth
+    description: Issuer claim used in agent API auth tokens. Defaults to TREESEED_API_BASE_URL when unset.
+    howToGet: Use the public API base URL for the environment.
+    sensitivity: plain
+    targets:
+      - local-runtime
+      - railway-var
+    scopes:
+      - local
+      - staging
+      - prod
+    requirement: optional
+    purposes:
+      - dev
+      - deploy
+      - config
+    validation:
+      kind: url
+    sourcePriority:
+      - machine-config
+      - process-env
+    relevanceRef: apiSurfaceEnabled
+  TREESEED_API_PROVIDER_AUTH:
+    label: API auth provider
+    group: auth
+    description: Core API auth provider implementation. Use d1 for durable users, identities, API tokens, and sessions.
+    howToGet: Use d1 for market environments.
+    sensitivity: plain
+    targets:
+      - local-runtime
+      - railway-var
+    scopes:
+      - local
+      - staging
+      - prod
+    requirement: optional
+    purposes:
+      - dev
+      - deploy
+      - config
+    validation:
+      kind: enum
+      values:
+        - d1
+        - memory
+    sourcePriority:
+      - machine-config
+      - process-env
+    relevanceRef: apiSurfaceEnabled
+  TREESEED_API_ACCESS_TOKEN_TTL:
+    label: API access token TTL
+    group: auth
+    description: Access token lifetime in seconds for agent API user and service exchanges.
+    howToGet: Use 900 for a 15 minute access token unless a stricter policy is required.
+    sensitivity: plain
+    targets:
+      - local-runtime
+      - railway-var
+    scopes:
+      - local
+      - staging
+      - prod
+    requirement: optional
+    purposes:
+      - dev
+      - deploy
+      - config
+    validation:
+      kind: number
+    sourcePriority:
+      - machine-config
+      - process-env
+    relevanceRef: apiSurfaceEnabled
+  TREESEED_API_REFRESH_TOKEN_TTL:
+    label: API refresh token TTL
+    group: auth
+    description: Refresh token lifetime in seconds for agent API user sessions.
+    howToGet: Use 604800 for seven days, or a shorter value for stricter environments.
+    sensitivity: plain
+    targets:
+      - local-runtime
+      - railway-var
+    scopes:
+      - local
+      - staging
+      - prod
+    requirement: optional
+    purposes:
+      - dev
+      - deploy
+      - config
+    validation:
+      kind: number
+    sourcePriority:
+      - machine-config
+      - process-env
+    relevanceRef: apiSurfaceEnabled
+  TREESEED_API_WEB_EXCHANGE_TTL:
+    label: API web exchange TTL
+    group: auth
+    description: Lifetime in seconds for trusted web-to-API exchanged access tokens.
+    howToGet: Use 300 for short-lived browser BFF exchanges.
+    sensitivity: plain
+    targets:
+      - local-runtime
+      - railway-var
+    scopes:
+      - local
+      - staging
+      - prod
+    requirement: optional
+    purposes:
+      - dev
+      - deploy
+      - config
+    validation:
+      kind: number
+    sourcePriority:
+      - machine-config
+      - process-env
+    relevanceRef: apiSurfaceEnabled
+  TREESEED_API_DEVICE_CODE_TTL:
+    label: API device code TTL
+    group: auth
+    description: Device authorization code lifetime in seconds.
+    howToGet: Use 600 for a ten minute device authorization window.
+    sensitivity: plain
+    targets:
+      - local-runtime
+      - railway-var
+    scopes:
+      - local
+      - staging
+      - prod
+    requirement: optional
+    purposes:
+      - dev
+      - deploy
+      - config
+    validation:
+      kind: number
+    sourcePriority:
+      - machine-config
+      - process-env
+    relevanceRef: apiSurfaceEnabled
+  TREESEED_API_DEVICE_CODE_POLL_INTERVAL:
+    label: API device code poll interval
+    group: auth
+    description: Minimum polling interval in seconds for device authorization clients.
+    howToGet: Use 5 unless clients need a slower polling cadence.
+    sensitivity: plain
+    targets:
+      - local-runtime
+      - railway-var
+    scopes:
+      - local
+      - staging
+      - prod
+    requirement: optional
+    purposes:
+      - dev
+      - deploy
+      - config
+    validation:
+      kind: number
+    sourcePriority:
+      - machine-config
+      - process-env
+    relevanceRef: apiSurfaceEnabled
+  TREESEED_API_BOOTSTRAP_ADMIN_ALLOWLIST:
+    label: API bootstrap admin allowlist
+    group: auth
+    description: Comma-separated list of trusted emails or provider subjects that receive the platform_admin root role on first identity sync. The platform_admin role grants every global permission.
+    howToGet: |
+      Recipe:
+      1. Decide who the root market operator is before the first sign-in for an environment.
+      2. For internal email/password registration, add the normalized email address, for example founder@example.com.
+      3. For OAuth-only bootstrapping, add provider:subject entries after you know the provider subject, for example github:1234567 or google:109876543210987654321.
+      4. Separate multiple trusted identities with commas.
+      5. Start narrowly. Remove bootstrap entries after the intended root users have signed in and received platform_admin.
+      6. In the UI, the signed-in root user is shown on /app/account as "Root user" with the platform_admin badge.
+      Notes:
+      - platform_admin is defined in core RBAC and maps to *:*:*.
+      - Agent owns reusable global roles and permissions; market team ownership remains in the market tables.
+    sensitivity: plain
+    targets:
+      - local-runtime
+      - cloudflare-var
+      - railway-var
+    scopes:
+      - local
+      - staging
+      - prod
+    requirement: optional
+    purposes:
+      - dev
+      - deploy
+      - config
+    validation:
+      kind: nonempty
+    sourcePriority:
+      - machine-config
+      - process-env
+    relevanceRef: apiSurfaceEnabled
+  TREESEED_CAPACITY_PROVIDER_ID:
+    label: Capacity provider ID
+    group: processing
+    description: Stable identifier registered by a Processing host with the market control plane.
+    howToGet: Use the provider id assigned by the market control plane, or a stable slug for local Processing hosts.
+    sensitivity: plain
+    targets:
+      - local-runtime
+      - railway-var
+    scopes:
+      - local
+      - staging
+      - prod
+    storage: scoped
+    requirement: optional
+    purposes:
+      - dev
+      - deploy
+      - config
+    validation:
+      kind: nonempty
+    sourcePriority:
+      - machine-config
+      - process-env
+    relevanceRef: processingPlaneEnabled
+  TREESEED_CAPACITY_PROVIDER_TEAM_ID:
+    label: Capacity provider team ID
+    group: processing
+    description: Team id that owns or is assigned the Processing host capacity provider.
+    howToGet: Use the team id from the market control plane capacity provider record.
+    sensitivity: plain
+    targets:
+      - local-runtime
+      - railway-var
+    scopes:
+      - local
+      - staging
+      - prod
+    storage: scoped
+    requirement: optional
+    purposes:
+      - dev
+      - deploy
+      - config
+    validation:
+      kind: nonempty
+    sourcePriority:
+      - machine-config
+      - process-env
+    relevanceRef: processingPlaneEnabled
+  TREESEED_CAPACITY_PROVIDER_SERVICE_BASE_URL:
+    label: Capacity provider service URL
+    group: processing
+    description: Public base URL where the Processing host API exposes health, heartbeat, and task endpoints.
+    howToGet: Use the API service URL from the Processing host deployment.
+    sensitivity: plain
+    targets:
+      - local-runtime
+      - railway-var
+    scopes:
+      - local
+      - staging
+      - prod
+    storage: scoped
+    requirement: optional
+    purposes:
+      - dev
+      - deploy
+      - config
+    validation:
+      kind: url
+    sourcePriority:
+      - machine-config
+      - process-env
+    relevanceRef: processingPlaneEnabled
+  TREESEED_PROCESSING_DRAIN:
+    label: Processing drain mode
+    group: processing
+    description: Set to 1 to report the Processing host as draining and stop accepting new work.
+    howToGet: Set temporarily during maintenance or decommissioning.
+    sensitivity: plain
+    targets:
+      - local-runtime
+      - railway-var
+    scopes:
+      - local
+      - staging
+      - prod
+    storage: scoped
+    requirement: optional
+    purposes:
+      - dev
+      - deploy
+      - config
+    validation:
+      kind: enum
+      values:
+        - "0"
+        - "1"
+    sourcePriority:
+      - machine-config
+      - process-env
+    relevanceRef: processingPlaneEnabled