# Application Configuration NODE_ENV=development PORT=3002 # Trust Proxy Configuration # Set to 'true' when running behind reverse proxies (nginx, cloudflare, etc.) # This allows proper handling of X-Forwarded-For headers for rate limiting TRUST_PROXY=false # ============================ # SECRETS CONFIGURATION # ============================ # The application supports two methods for providing secrets: # # 1. Environment Variables (shown below) - Convenient for development # 2. Secret Files - More secure for production # # If both are provided, SECRET FILES TAKE PRIORITY over environment variables. # # For file-based secrets, the app looks for files at: # - /run/secrets/github_token (or path in GITHUB_TOKEN_FILE) # - /run/secrets/anthropic_api_key (or path in ANTHROPIC_API_KEY_FILE) # - /run/secrets/webhook_secret (or path in GITHUB_WEBHOOK_SECRET_FILE) # # To use file-based secrets in development: # 1. Create a secrets directory: mkdir secrets # 2. Add secret files: echo "your-secret" > secrets/github_token.txt # 3. Mount in docker-compose or use GITHUB_TOKEN_FILE=/path/to/secret # ============================ # GitHub Webhook Settings GITHUB_WEBHOOK_SECRET=your_webhook_secret_here GITHUB_TOKEN=ghp_your_github_token_here # Bot Configuration (REQUIRED) BOT_USERNAME=@ClaudeBot BOT_EMAIL=claude@example.com # Security Configuration AUTHORIZED_USERS=admin,username2,username3 DEFAULT_AUTHORIZED_USER=admin # Default GitHub Configuration for CLI DEFAULT_GITHUB_OWNER=your-org DEFAULT_GITHUB_USER=your-username DEFAULT_BRANCH=main # Claude API Settings ANTHROPIC_API_KEY=your_anthropic_api_key_here # Claude Hub Directory # Directory where Claude Hub stores configuration, authentication, and database files (default: ~/.claude-hub) CLAUDE_HUB_DIR=/home/user/.claude-hub # Container Settings CLAUDE_USE_CONTAINERS=1 CLAUDE_CONTAINER_IMAGE=claudecode:latest CLAUDE_CONTAINER_PRIVILEGED=false REPO_CACHE_DIR=/tmp/repo-cache REPO_CACHE_MAX_AGE_MS=3600000 CONTAINER_LIFETIME_MS=7200000 # Container execution timeout in milliseconds (default: 2 hours) # Claude Code Timeout Settings (for unattended mode) BASH_DEFAULT_TIMEOUT_MS=600000 # Default timeout for bash commands (10 minutes) BASH_MAX_TIMEOUT_MS=1200000 # Maximum timeout Claude can set (20 minutes) # Container Resource Limits CLAUDE_CONTAINER_CPU_SHARES=1024 CLAUDE_CONTAINER_MEMORY_LIMIT=2g CLAUDE_CONTAINER_PIDS_LIMIT=256 # AWS Bedrock Credentials for Claude (if using Bedrock) AWS_ACCESS_KEY_ID=your_aws_access_key_id AWS_SECRET_ACCESS_KEY=your_aws_secret_access_key AWS_REGION=us-east-1 CLAUDE_CODE_USE_BEDROCK=1 ANTHROPIC_MODEL=us.anthropic.claude-3-7-sonnet-20250219-v1:0 # AWS Profile (uncomment if using AWS profiles instead of direct credentials) # USE_AWS_PROFILE=true # AWS_PROFILE=claude-webhook # Container Capabilities (optional) CLAUDE_CONTAINER_CAP_NET_RAW=true CLAUDE_CONTAINER_CAP_SYS_TIME=false CLAUDE_CONTAINER_CAP_DAC_OVERRIDE=true CLAUDE_CONTAINER_CAP_AUDIT_WRITE=true CLAUDE_CONTAINER_CAP_SYS_ADMIN=false # PR Review Configuration PR_REVIEW_WAIT_FOR_ALL_CHECKS=true PR_REVIEW_TRIGGER_WORKFLOW=Pull Request CI PR_REVIEW_DEBOUNCE_MS=5000 PR_REVIEW_MAX_WAIT_MS=1800000 PR_REVIEW_CONDITIONAL_TIMEOUT_MS=300000 # Test Configuration TEST_REPO_FULL_NAME=owner/repo # Security Configuration (optional) # DISABLE_LOG_REDACTION=false # WARNING: Only enable for debugging, exposes sensitive data in logs # File-based Secrets (optional, takes priority over environment variables) # GITHUB_TOKEN_FILE=/run/secrets/github_token # ANTHROPIC_API_KEY_FILE=/run/secrets/anthropic_api_key # GITHUB_WEBHOOK_SECRET_FILE=/run/secrets/webhook_secret # Authentication Methods (optional) # CLAUDE_AUTH_HOST_DIR=/path/to/claude/auth # For setup container authentication # CLI Configuration (optional) # API_URL=http://localhost:3003 # Default API URL for CLI tool # WEBHOOK_URL=http://localhost:3002/api/webhooks/github # Webhook endpoint URL