Databases
Lelu uses two data stores: PostgreSQL for durable state (policies, audit trails, users) and Redis as a high-speed queue for the Engine. This page covers configuration, connection strings, and performance tuning.
PostgreSQL (Platform)
The Platform service uses PostgreSQL to persist all long-lived data. The schema is managed by the Platform startup code — no separate migration tool is required.
DATABASE_URL=postgres://lelu:password@localhost:5432/lelu?sslmode=disable
Tables
| Table | Purpose |
|---|---|
| policies | OPA policy bundles per tenant |
| audit_trails | Immutable log of every Engine decision with HMAC signature |
| tokens | API key hashes and metadata |
| tenants | Tenant registry (multi-tenant mode) |
Redis (Engine Queue)
The Engine uses Redis as a queue and cache for in-flight authorization requests, confidence scores, and human-in-the-loop polling state.
REDIS_URL=redis://localhost:6379
Key patterns
| Pattern | TTL |
|---|---|
| lelu:queue:{requestId} | Fan-out queue for pending requests — TTL 24 h |
| lelu:decision:{requestId} | Cached allow/deny result — TTL 5 min |
| lelu:confidence:{agentId} | Rolling confidence score per agent — TTL 1 h |
Production Tips
Connection pooling
Set max_connections in PostgreSQL and use PgBouncer in transaction mode for the Platform service.
Redis persistence
Enable AOF persistence (appendonly yes) so pending approvals survive a Redis restart.
Read replicas
Point audit trail read API endpoints to a PostgreSQL read replica to avoid locking the primary.
TLS
Use sslmode=require in the DATABASE_URL and rediss:// (TLS) for the Redis URL in production.