Add observability for LLM topic context inclusion (#1038)
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: thomasnordquist <7721625+thomasnordquist@users.noreply.github.com> Co-authored-by: Thomas Nordquist <thomasnordquist@users.noreply.github.com>
This commit is contained in:
Copilot
33
DOCKER.md
33
DOCKER.md
@@ -71,6 +71,39 @@ docker-compose up -d
|
||||
| `UPGRADE_INSECURE_REQUESTS` | No | `false` | Set to `true` to enable CSP upgrade-insecure-requests directive. **Only use when deployed behind an HTTPS reverse proxy (nginx, Traefik, etc.) with valid SSL certificates.** This upgrades all HTTP requests to HTTPS and will break direct HTTP access. |
|
||||
| `X_FRAME_OPTIONS` | No | `false` | Set to `true` to enable X-Frame-Options: SAMEORIGIN header to prevent clickjacking. **Disables iframe embedding when enabled.** |
|
||||
|
||||
### AI Assistant / LLM Configuration
|
||||
|
||||
| Variable | Required | Default | Description |
|
||||
|----------|----------|---------|-------------|
|
||||
| `LLM_PROVIDER` | No | `openai` | AI provider to use (`openai` or `gemini`) |
|
||||
| `OPENAI_API_KEY` | No | - | OpenAI API key for AI Assistant (provider-specific) |
|
||||
| `GEMINI_API_KEY` | No | - | Google Gemini API key for AI Assistant (provider-specific) |
|
||||
| `LLM_API_KEY` | No | - | Generic API key for AI Assistant (works with either provider) |
|
||||
| `LLM_NEIGHBORING_TOPICS_TOKEN_LIMIT` | No | `500` | Token limit for neighboring topics context in AI queries (increased for better device relationship detection) |
|
||||
|
||||
**Architecture**: The backend proxies all LLM API requests via WebSocket RPC. API keys are **never** sent to the frontend - only an availability flag is transmitted. The frontend calls the backend via WebSocket RPC (`llm/chat` event), and the backend makes requests to OpenAI/Gemini on behalf of the client.
|
||||
|
||||
**Security**:
|
||||
- ✅ API keys remain server-side only
|
||||
- ✅ Keys never embedded in client bundles
|
||||
- ✅ Keys never transmitted to frontend
|
||||
- ✅ Backend controls all LLM access
|
||||
- ✅ Communication via secure WebSocket RPC
|
||||
|
||||
**Note**: If no LLM environment variables are set, the AI Assistant feature will be completely hidden from users.
|
||||
|
||||
**Example with AI Assistant**:
|
||||
```bash
|
||||
docker run -d \
|
||||
-p 3000:3000 \
|
||||
-e MQTT_EXPLORER_USERNAME=admin \
|
||||
-e MQTT_EXPLORER_PASSWORD=secret \
|
||||
-e LLM_PROVIDER=openai \
|
||||
-e OPENAI_API_KEY=sk-proj-xxxxxxxxxxxxxxxxxxxx \
|
||||
-e LLM_NEIGHBORING_TOPICS_TOKEN_LIMIT=500 \
|
||||
ghcr.io/thomasnordquist/mqtt-explorer:latest
|
||||
```
|
||||
|
||||
### Authentication Modes
|
||||
|
||||
**Standard Mode (Default):**
|
||||
|
||||
Reference in New Issue
Block a user