Configuration
Every configurable option in Olympus, grouped by what it controls. There are two layers:
- Runtime — environment variables read by the dashboard / orchestrator process (set on the pod, via the Helm chart values or Ansible extra-vars).
- Deploy-time — Terraform / Ansible variables for the sandbox AWS deploy (set in the gitignored
inf/env.sh).
Almost everything is optional with a safe default — a bare process runs with an in-memory bus, no auth, manual routing, and the intelligence-layer stores disabled.
Routing & models
| Variable | Layer | Values / default | What |
|---|---|---|---|
OLYMPUS_ROUTER | both | manual (default) · llm | manual = deterministic keyword routing, no LLM key needed. llm = an LLM picks the agent / drives the coordinator (needs a provider key). |
OPENAI_API_KEY | runtime | — | OpenAI provider key. Required for llm routing + embeddings unless you use Anthropic. |
ANTHROPIC_API_KEY | runtime | — | Anthropic provider key (alternative to OpenAI). |
Models are chosen per-agent in code (libs/agentlib/models.py); the default is the current GPT-5-class model, with one-liners for Claude, local ollama, and vllm backends.
Memory & feedback
| Variable | Values / default | What |
|---|---|---|
OLYMPUS_MEMORY | jsonl (default) · embeddings · disabled | Memory backend. jsonl = lexical Jaccard over append-only JSONL (dep-free). embeddings = OpenAI text-embedding-3-small + cosine (needs OPENAI_API_KEY; falls back to lexical if unreachable). disabled = no retrieval. |
OLYMPUS_MEMORY_PATH | a writable path | Where the memory store persists. |
Feedback (👍/👎/correction) is applied through the dashboard (POST /memory/{task_id}/feedback) — no env needed.
Rollback
| Variable | Values / default | What |
|---|---|---|
OLYMPUS_ROLLBACK | off by default · a store selector (jsonl) + path | Enables capturing the inverse of a destructive op before it fires, so it can be undone (re-prompting approval). Off (Null store) unless wired. |
MCP servers
| Variable | What |
|---|---|
OLYMPUS_MCP_SERVERS | A JSON array of MCP servers to wire at startup. Each entry grafts a server's tools onto a named agent. |
Each descriptor:
json
[
{"name": "netdb", "target_agent": "sysadmin", "transport": "http",
"url": "http://<host>:8080/mcp",
"destructive": ["create_host", "delete_host", "create_zone", "delete_dns_record"]},
{"name": "demo", "target_agent": "programmer", "transport": "stdio",
"command": "python3", "args": ["infra/demo-mcp-server/server.py"]}
]transport:stdio(command/args/env) orhttp(url/headers— the latter commonly carriesAuthorization: Bearer …).destructive: integrator-supplied verb allowlist (the server can't declare its own). These route through the approval queue; everything else is ungated read-only.- Servers can also be added at runtime via
POST /mcp/servers. MCP tools are still subject to self-protection.
Self-protection
Hard-denies any tool call (native or MCP) that targets the cluster / hosts Olympus runs on — before approval, so no one can escalate by managing the system that gates them.
| Variable | What |
|---|---|
OLYMPUS_SELF_NAMESPACE | The Kubernetes namespace Olympus runs in (usually injected via the downward API). Operations against it are denied. |
OLYMPUS_SELF_NODES | Comma-separated node names / hosts Olympus runs on (Helm: hardening.selfNodes). Keep in sync with the fleet — a node not listed isn't protected. |
Authentication & sessions
Login is enforced on the dashboard when configured (Google OAuth and/or email OTP). The Helm chart maps these onto the pod env.
| Variable | Default | What |
|---|---|---|
OLYMPUS_AUTH_BYPASS | false | true = no login (local dev only). |
OLYMPUS_AUTH_ALLOWED_DOMAINS | — | Comma-separated email domains allowed to log in, or * for any authenticated email. Empty = nobody passes. |
OLYMPUS_AUTH_ADMIN_EMAILS | — | Emails (or domains) granted the admin role (the Admin accounting page). |
OLYMPUS_AUTH_DEV_EMAIL | — | Identity assumed when AUTH_BYPASS=true. |
OLYMPUS_AUTH_SESSION_SECRET | ephemeral | 32+ random bytes signing the session cookie. Set it in prod (else sessions reset on restart). |
OLYMPUS_AUTH_SESSION_TTL_SECONDS | 604800 (7d) | Session lifetime. |
OLYMPUS_AUTH_COOKIE_SECURE | true | Secure-flag the session cookie (requires HTTPS). |
OLYMPUS_AUTH_REDIRECT_BASE_URL | — | Public base URL OAuth redirects back to (e.g. https://your.host). |
OLYMPUS_AUTH_GOOGLE_CLIENT_ID / _SECRET | — | Google OAuth web client. Empty disables Google login. |
OLYMPUS_AUTH_OTP_TTL_SECONDS | 600 | Email-OTP code lifetime. |
OLYMPUS_AUTH_OTP_RATE_LIMIT_SECONDS | 60 | Min seconds between OTP requests per address. |
OLYMPUS_AUTH_SMTP_HOST | — | SMTP server for email-OTP. Empty disables email login. |
OLYMPUS_AUTH_SMTP_PORT | 587 | SMTP port. |
OLYMPUS_AUTH_SMTP_USERNAME / _PASSWORD | — | SMTP auth. |
OLYMPUS_AUTH_SMTP_FROM | — | From address for OTP mail (e.g. noreply@your.host). |
OLYMPUS_AUTH_SMTP_STARTTLS | true | Use STARTTLS. |
Cost caps & demo mode
| Variable | Default | What |
|---|---|---|
OLYMPUS_DEMO_MODE | false | When true, the approval gate auto-rejects every destructive verb (a read-only public demo). The inline approval card still shows. |
OLYMPUS_DAILY_COST_CAP_USD | 5.0 | Daily LLM-spend cap. |
OLYMPUS_DEFAULT_USER_DAILY_LIMIT_USD | — | Default per-user daily spend limit (the Admin page can override per user). |
Inventory & HPC
| Variable | What |
|---|---|
OLYMPUS_INVENTORY_PATH | Path to the user-managed inventory (hosts + SSH keys) the ansible/sysadmin ssh_run tools resolve against. |
OLYMPUS_PROXY_SLURM_URL | Upstream URL of the Slurm sub-dashboard the HPC page proxies. |
OLYMPUS_PROXY_GPU_URL | Upstream URL of the GPU sub-dashboard. |
OLYMPUS_DASHBOARD_URL | The dashboard's own public URL (used for self-referential links / redirects). |
Deploy-time (sandbox AWS)
Set in the gitignored inf/env.sh; deploy.sh threads them into Terraform and Ansible. The committed defaults are example.com placeholders.
| Variable | Required? | What |
|---|---|---|
TF_VAR_dns_hostname | ✅ | Hostname to serve at (DNS A-record + TLS CN), e.g. olympus.example.com. |
DEPLOY_CERTBOT_EMAIL | ✅ | Let's Encrypt registration email. |
TF_VAR_cloudflare_api_token | for managed DNS | Cloudflare token, Zone:DNS:Edit. Empty = point DNS by hand. |
TF_VAR_cloudflare_zone_id | for managed DNS | Zone id of your domain. |
TF_VAR_aws_region | — | default us-west-2. |
TF_VAR_customer_name | — | resource name/tag slug (default sandbox). |
TF_VAR_ssh_ingress_cidr | — | lock SSH to your IP. |
OLYMPUS_ROUTER | — | manual (default) or llm. |
OPENAI_API_KEY / ANTHROPIC_API_KEY | for llm | provider key. |
DEPLOY_AUTH_ALLOWED_DOMAINS | for login | who may log in (or *). |
OLYMPUS_SESSION_SECRET, OLYMPUS_GOOGLE_CLIENT_ID/_SECRET, OLYMPUS_SMTP_* | for login | auth secrets, passed as a sealed k8s Secret. |
DNS_SERVER_ADMIN_PASSWORD, NETDB_CLOUDFLARE_TOKEN | for netdb-up | NetDB/Technitium server creds. |
Ansible group_vars (deploy knobs)
Defaults live in inf/ansible/group_vars/all.yml; override at deploy time.
| Var | Default | What |
|---|---|---|
k8s_version | 1.30 | kubeadm version. |
dashboard_node_port | 30093 | NodePort the TLS front proxies. |
olympus_repo_ref | main | Olympus git ref the image is built from. |
image_tag | llm | dashboard image tag. |
certbot_staging | 0 | 1 for Let's Encrypt staging while iterating. |
netdb_mcp_host | empty | EIP of the NetDB server; empty = NetDB not wired. |
demo_mode | false | see OLYMPUS_DEMO_MODE. |
daily_cost_cap_usd | 5.0 | see OLYMPUS_DAILY_COST_CAP_USD. |
Test / dev flags
Opt-in flags used only by the test suites (not for production): OLYMPUS_LIVE_E2E, OLYMPUS_LIVE_LLM, OLYMPUS_LIVE_KUBECTL, OLYMPUS_LIVE_TF, OLYMPUS_LIVE_ANSIBLE (+ _TASK), OLYMPUS_E2E_NAMESPACE. Each gates a suite of tests that hit real backends so CI stays hermetic by default.