Preview: Quoderat is in early access. This site shows the concept and direction — onboarding is manual for now.
Quoderat

Server Configuration

The server is the authority that seals Evidence Envelopes. This page covers configuration for producer identity, storage, and operational settings.

What this page can (and cannot) claim

Mechanical claims

  • Producer identity: The server embeds producer.* fields to identify who generated the envelope.
  • Storage configuration: Artifact URIs and location hints reflect the configured storage backend.
  • Policy application: The server applies the configured redaction policy during finalization.
  • Finalization: The server generates the integrity.hash_chain seal.

No-claims

  • No sandbox enforcement: The server records reported state; it does not enforce host security.
  • No network isolation: Unless evidenced by recorded artifacts.
  • No secret guarantees: Redactions are logged; leaks are not prevented.
  • No guaranteed recovery: If a run is interrupted, check envelope finalization status.

Mental model: authority vs execution

Server (Authority)

Receives signals from workers, applies policies, generates the integrity seal, exposes SSE to clients. The server is the “receipt authority.”

Worker (Execution)

Runs steps, produces artifacts, reports context. The worker does not seal the envelope; it feeds the server.

This separation allows workers to be ephemeral while the server maintains authoritative state.

Essential configuration areas

1) Base identity (producer metadata)

Identifies this server instance in all envelopes it produces.

  • producer.name — display name (e.g., “quoderat-prod-1”)
  • producer.version — server version (e.g., “1.2.3”)
  • producer.component — optional label (e.g., “server”, “api”)

2) Storage for artifacts

Where artifact bytes live and how they are referenced.

  • ARTIFACT_STORE_URI — base URI for artifact storage (e.g., #artifactStoreFromConfig)
  • • Artifacts recorded with sha256 + content_uri or location_hint
  • • Consider retention policies; location_hint may expire

3) Policies and public sharing defaults

Controls what appears in the public pack vs internal envelope.

  • DEFAULT_POLICY_ID — which policy applies when none is specified
  • public_allowlist_fields — fields allowed in public view
  • redaction_rules — patterns to mask in logs/artifacts

See Policies for detailed guidance.

4) Networking and trust boundaries

How clients and workers connect to the server.

  • SERVER_BASE_URL — API base (e.g., #serverBaseUrlFromConfig)
  • UI_ORIGIN — allowed CORS origin for dashboard (e.g., #uiOriginFromConfig)
  • • Worker authentication: tokens/service accounts (see Auth)

5) Runtime limits and durability

Timeouts, queue depth, and persistence.

  • JOB_TIMEOUT_SECONDS — max run duration before auto-fail
  • HEARTBEAT_INTERVAL_SECONDS — worker heartbeat frequency
  • DATABASE_URL — persistence backend for runs/envelopes

Restart/recovery: If the server restarts mid-run, check envelope finalization status. If integrity.hash_chain is missing, treat the run as non-finalized and re-check or re-run as appropriate.

Minimal golden path checklist

  • Set producer.name and producer.version for envelope identity.
  • Configure artifact storage (ARTIFACT_STORE_URI); verify write permissions.
  • Set a default policy (DEFAULT_POLICY_ID) with deny-by-default public fields.
  • Configure SERVER_BASE_URL and UI_ORIGIN for networking.
  • Set reasonable timeouts (JOB_TIMEOUT_SECONDS) and heartbeat intervals.
  • Test envelope finalization by running a job and verifying integrity.hash_chain is present.

Troubleshooting

Envelopes missing producer fields

Check that producer.* environment variables are set at server startup.

Artifacts not persisting

Verify ARTIFACT_STORE_URI is reachable and writable. Check for permission errors in logs.

SSE stream not connecting

Check UI_ORIGIN CORS settings. Ensure the client is connecting to the correct SERVER_BASE_URL.

Runs stuck in “running”

Worker may have lost connectivity. Check heartbeat logs; consider adjusting HEARTBEAT_INTERVAL_SECONDS or marking stale runs.

hash_chain missing after run

The run may not have finalized. Check server logs for finalization errors; verify database connectivity.

Policy not being applied

Ensure DEFAULT_POLICY_ID matches an existing policy, or that the job specifies a valid policy_id.

Illustrative config snippet

Illustrative only; adapt to your deployment. Placeholders indicate values from your environment.

# Identity
PRODUCER_NAME: "quoderat-prod-1"
PRODUCER_VERSION: "1.2.3"
PRODUCER_COMPONENT: "server"

# Storage
ARTIFACT_STORE_URI: "#artifactStoreFromConfig"
DATABASE_URL: "postgres://user:pass@host/db"

# Networking
SERVER_BASE_URL: "#serverBaseUrlFromConfig"
UI_ORIGIN: "#uiOriginFromConfig"

# Policies
DEFAULT_POLICY_ID: "enterprise-default-v2"

# Runtime
JOB_TIMEOUT_SECONDS: 600
HEARTBEAT_INTERVAL_SECONDS: 30

Next steps

  • Worker — execution surface, typed steps, artifact production
  • Policies — redaction rules, allowlists, public vs internal
  • Events (SSE) — real-time signals (transient, not authoritative)
  • Webhooks — external triggers and payload handling
  • API Reference — programmatic envelope fetch and validation
  • First Job — complete walkthrough from intent to sealed envelope