Your Office AI is self-hostable. This section is the operator's checklist of every external service you wire up to run the platform — what each one is for, whether it is required, and where its configuration lives. Work through it in bring-up order and each dependency is satisfied before the next one needs it.
Almost all server secrets live in the tenant server's config files plus a gitignored command_center_tenant_server/config/passwords.yaml. The Auth server has its own command_center_server/config/passwords.yaml for the auth database and email. Non-secret host/port settings live in the matching config/development.yaml / staging.yaml / production.yaml. Never commit passwords.yaml.
Each service depends on the ones before it. Stand them up left to right: datastores first, then real-time and AI, then the optional integration and email layers.
Every external service an operator touches, with the page that documents it in detail. Required services are needed for the core product to run; per-feature services unlock a specific capability; optional ones are recommended but not load-bearing.
| Service | What it's for | Need | Configured in |
|---|---|---|---|
| PostgreSQL (Supabase or managed) | Two databases — one for the Auth server, one per-tenant for the Tenant server. | Required | config + passwords.yaml |
| Redis | Pub/sub for real-time streams; mandatory once you run more than one tenant-server replica. | Required | config + passwords.yaml |
| Object storage (Supabase Storage / MinIO) | File uploads, knowledge documents, avatars. S3-compatible — MinIO for self-hosted, Supabase Storage for managed. | Required | Flutter app + storage bucket policies |
| LiveKit | Real-time video, audio, screen share, and the voice-assistant transport. | Required | Tenant server passwords.yaml or admin UI |
| LLM + embedding provider keys | Six LLM providers plus an embedding model for Knowledge (pgvector) semantic search. | Required | Tenant server passwords.yaml |
| Voice providers (Deepgram / Google Cloud) | STT + TTS for the unified voice bridge. Provider-agnostic — you choose which to configure. | Per feature | Org Settings → Voice & AI + agent env |
| OAuth / integrations (Nango) | OAuth connection broker for the integration catalog (Google, Slack, Microsoft, …). | Per feature | Nango instance + tenant server passwords.yaml |
| Transactional email (Resend) | Sends sign-up verification, password reset, and organisation invitation emails. | Required | Auth server passwords.yaml |
| Observability (OpenTelemetry + ClickHouse) | Logs, traces, and metrics from the app and both servers, queryable for debugging. | Optional | config/development.yaml → otel + Docker |
| Multi-instance scaling | Run multiple tenant-server replicas behind a load balancer with shared Redis. | Optional | Load balancer + Redis + env |
Your Office AI runs a dual-server backend: an Auth server for identity and organisations, and a Tenant server per organisation for chat, knowledge, integrations, and LiveKit tokens. Each connects to its own Postgres database. AI agents and workflows execute on a Python LangGraph engine behind a Dart AI server, and AI answers are grounded in your Knowledge through pgvector semantic search.
| Component | Talks to |
|---|---|
| Auth server | Auth Postgres, Resend (email) |
| Tenant server | Tenant Postgres, Redis, LiveKit, LLM/embedding providers, Nango, object storage, OTel collector |
| LangGraph AI engine | Tenant server (callbacks), LLM providers |
| Voice bridge worker | LiveKit, tenant server, STT/TTS providers |
Only PostgreSQL, Redis, object storage, LiveKit, an LLM provider, an embedding model, and email are needed to run the product. Voice providers, integrations via Nango, and the observability stack are added when you turn those features on.
Once an admin configures a provider, its spend is governed centrally: every numeric cap in Your Office AI has a hard positive minimum, and a value of 0 disables the feature rather than removing the limit. There is no such thing as an unlimited budget.
Head to Core services & environment to set up the databases, Redis, object storage, and provider keys that everything else depends on.