ORCH_ENGINE_IMAGE.
What the orchestrator gives an engine
When the orchestrator launches an engine container, it provides:Environment variables (always)
| Variable | Source | Purpose |
|---|---|---|
ENGINE_KEY_HASH | Generated by orchestrator | SHA-256 of the engine’s API key. The engine validates incoming X-Engine-Key against this. |
SQLITE_DB_PATH | Always /data/brain.sqlite | Where to write the per-user brain. |
CATALOG_DIR | Always /catalog | Where to read agents, skills, tools, soul template. |
Environment variables (passed through)
The orchestrator forwards any variable named inORCH_ENGINE_ENV_PASSTHROUGH. The standard set:
LLM_API_KEYOPENAI_API_KEYANTHROPIC_API_KEYGEMINI_API_KEY
src/config.py. The orchestrator doesn’t transform them.
Mounts
| Mount | Mode | Purpose |
|---|---|---|
engine-data-{engine_id} (named volume) → /data | rw | Per-user brain SQLite + any other persistent files. |
<host catalog dir> → /catalog | ro | Shared platform catalog (agents, skills, tools, core_soul.json). |
Network
- The container joins the Docker network specified in
ORCH_ENGINE_NETWORK(defaultengine_net). - The engine’s port (typically
8000inside the container) is mapped to a host port in[ORCH_PORT_MIN, ORCH_PORT_MAX], bound to127.0.0.1.
Lifecycle expectations
- The container is created with
restart: unless-stopped, so a crash inside the container restarts it. The orchestrator’s auto-restart is for the case where the container exits and stays exited, or fails health checks despite running. - The orchestrator can stop, start, and destroy at any time. Engines must support clean shutdown via SIGTERM.
What the engine gives back
The engine must implement these endpoints and behaviors. Stability guarantees are documented per endpoint.GET /health
Auth: none.
Stability: strict — schema and semantics never change.
Behavior: returns {"status": "ok", "uptime_seconds": float, "subsystems": {...}} when the engine is fully ready to serve
/execute. Returns non-200 or status != "ok" when not.
The orchestrator polls this during provisioning to confirm boot
completion (up to ORCH_BOOT_TIMEOUT_S, default 60s) and during the
background health loop.
POST /execute
Auth: X-Engine-Key header.
Stability: breaking changes to the request body or the SSE event
shapes require a major version bump. New optional request fields and
new event types are minor additions.
Body:
text/event-stream. See
Streaming events.
POST /rpc
Auth: X-Engine-Key header.
Stability: the dispatcher shape is stable; individual operations
are versioned per op name.
Body:
set_config— atomic swap of the gateway config.get_config— read the active config.reload— re-read/config/gateway.yamlfrom disk.quota_state— current quota usage.cache_state— prompt-cache efficiency.
Versioning
Both sides follow semver:| Engine version | Orchestrator behavior |
|---|---|
MAJOR bump (e.g. 2.x → 3.x) | Update ORCH_ENGINE_IMAGE + run regression evals before rolling. |
MINOR bump (e.g. 2.3 → 2.4) | Compatible. New optional features available; orchestrator unchanged. |
PATCH bump (e.g. 2.3.0 → 2.3.1) | Compatible. Bug fixes only. |
ORCH_ENGINE_IMAGE. Don’t run latest — version drift is the most
common source of subtle bugs.
Auth flow
The orchestrator generates the engine API key, sends only the hash to the engine, and returns the plaintext to the product. The engine never sees the raw orchestrator credentials; the product never sees the engine’s hash.What the contract does not cover
- The engine’s internal APIs — agent loop, memory, sandbox. Those evolve without coordination with the orchestrator.
- Per-product config beyond what’s in
gateway.yaml. If you need per-product behavior in the engine, do it in the product layer (BAP) or via a richer config file. - Streaming HTTP/2. The contract is HTTP/1.1 + chunked encoding for SSE.
See also
- Architecture — how the orchestrator is built.
- Lifecycle — the engine state machine.
- Auth — the orchestrator’s own auth.
- Engine API reference — the engine’s own surface.