Status: partial
Version: latest
Review: source-backed
Last scanned: 2026-06-25T00:00:00Z
Review required: false
Environment variables
Safe environment variable names and configuration boundaries.
Configuration boundary
Environment variable documentation lists names and purpose only. Secret values are never rendered.
Platform bootstrap secrets remain env-level configuration; account owners configure provider status and runtime readiness from UI where implemented. Gmail is split deliberately: Google OAuth client credentials are deployment-level settings, account mailbox tokens live behind credential-vault refs, and projects select aliases through Project Gmail settings.
| Config family | Examples | Public disclosure |
|---|---|---|
| Phoenix/runtime |
SECRET_KEY_BASE, endpoint host, release flags
| Name/purpose only |
| Stripe | Stripe key, webhook secret, price/product IDs | Safe mode/status and public price metadata only |
| Gmail/Google | Platform OAuth client settings, callback URLs, account mailbox status, project alias binding | Client setup status, mailbox/alias readiness, and project setting refs only |
| NVIDIA/Hermes | Provider key slots and runtime endpoint | Provider configured/missing status only |
| Live action gates |
LIVE_OUTREACH, LIVE_SPEND
| Enabled/disabled posture, not secret values |
| Storage | S3/Tigris endpoint and bucket names | Bucket/prefix posture only when safe |
Official references
| System | Use in Trinity | Official docs |
|---|---|---|
| Hermes | Hosted agent runtime and skills context | Hermes Agent docs |
| Jido | Narrow policy/firewall action seam | Jido Actions and Workflows |
| NVIDIA | Nemotron scoring, safety, and QA decisions | NIM LLM API reference |
| Stripe | Checkout, webhooks, revenue proof, guarded spend | Checkout Sessions API |
| Gmail | Drafts, sends, aliases, scopes, inbound replies | Gmail API scopes |
| Phoenix/Oban/Postgres | Control plane, durable jobs, source-of-truth data | Phoenix LiveView |
Environment variables
| Name | Disclosure |
|---|---|
STRIPE_WEBHOOK_SECRET | name only, value never rendered |
LIVE_OUTREACH_ENABLED | gated live action flag |
Source paths
config/runtime.exsops/hermes.env.example