Reference
Environment variables, limits, browser support, CLI selftests.
Environment variables
Section titled “Environment variables”| Variable | Required | Default | Notes |
|---|---|---|---|
DATABASE_URL | yes | compose default | Postgres connection string |
REDIS_URL | yes | compose default | Redis connection string |
SESSION_SECRET | yes | — | 32+ bytes |
CSRF_SECRET | yes | — | 32+ bytes |
PUBLIC_BASE_URL | yes | — | e.g. https://pulse.example.com |
API_CORS_ORIGINS | yes | — | Comma-separated origins |
API_HOST | no | 0.0.0.0 | |
API_PORT | no | 8080 | |
API_LOG_LEVEL | no | info | debug / info / warn / error |
WORKER_ENROLLMENT_TOKEN | yes | — | First-worker fallback |
WORKER_REGION | yes (worker) | — | Per-worker region label |
WORKER_LOG_LEVEL | no | info | |
API_URL | yes (worker) | — | How worker reaches the API |
SMTP_HOST | no | — | Leave blank for dev-log mode |
SMTP_PORT | no | 587 | |
SMTP_USER | no | — | |
SMTP_PASS | no | — | |
SMTP_FROM | no | pulse@localhost | |
SMTP_STARTTLS | no | true | |
SMTP_TLS | no | false | Set true for port 465 |
GOOGLE_OAUTH_CLIENT_ID | no | — | Set both to enable Google sign-in |
GOOGLE_OAUTH_CLIENT_SECRET | no | — | |
GOOGLE_OAUTH_REDIRECT_URL | no | derived | ${PUBLIC_BASE_URL}/api/v1/auth/google/callback |
ENABLE_MULTI_ORG | no | false | true to expose org switcher |
VITE_API_URL | build-time | /api/v1 | SPA build |
VITE_WS_URL | build-time | /ws | SPA build |
Limits
Section titled “Limits”| Thing | Limit | Notes |
|---|---|---|
| Monitors per org | 5,000 | Soft, scheduler verified at this scale |
| Alert rules per org | 500 | |
| Channels per org | 50 | |
| Status pages per org | 20 | |
| Components per status page | 50 | |
| Custom domains per status page | 10 | |
| Min monitor interval | 60s | |
| Max HTTP request timeout | 30s | |
| Max monitor regions | All enabled | |
| Idempotency key TTL | 24h | |
| Refresh token rotation TTL | 30d | |
| Audit log retention | 90d |
Browser support
Section titled “Browser support”The SPA targets evergreen Chromium, Firefox, and Safari. Specific features that limit older browsers:
scrollbar-gutter: stable— Chrome 94+, Firefox 97+, Safari 18.2+. There’s anoverflow-y: scrollfallback that works in any browser.Intl.supportedValuesOf("timeZone")— Chrome 99+, Firefox 93+, Safari 15.4+. There’s a hand-curated fallback list of common zones.backdrop-filter— used in the top bar for the frosted-glass effect. Old browsers fall back to an opaque background.
The no-JS status page (/status/<slug>) works on anything that parses HTML, including text browsers and feed readers.
CLI selftests
Section titled “CLI selftests”docker compose exec api /pulse/api selftest mail --to you@example.comdocker compose exec api /pulse/api selftest webhook --url https://example.com/hookdocker compose exec api /pulse/api selftest ssrf --url http://10.0.0.1/Each exits 0 on success, non-zero on failure with a clear message.