claude-hub/.env.example

# Application Configuration
NODE_ENV=development
PORT=3002

# Trust Proxy Configuration
# Set to 'true' when running behind reverse proxies (nginx, cloudflare, etc.)
# This allows proper handling of X-Forwarded-For headers for rate limiting
TRUST_PROXY=false

# ============================
# SECRETS CONFIGURATION
# ============================
# The application supports two methods for providing secrets:
#
# 1. Environment Variables (shown below) - Convenient for development
# 2. Secret Files - More secure for production
#
# If both are provided, SECRET FILES TAKE PRIORITY over environment variables.
#
# For file-based secrets, the app looks for files at:
# - /run/secrets/gitea_token (or path in GITEA_TOKEN_FILE)
# - /run/secrets/anthropic_api_key (or path in ANTHROPIC_API_KEY_FILE)
# - /run/secrets/gitea_webhook_secret (or path in GITEA_WEBHOOK_SECRET_FILE)
#
# To use file-based secrets in development:
# 1. Create a secrets directory: mkdir secrets
# 2. Add secret files: echo "your-secret" > secrets/gitea_token.txt
# 3. Mount in docker-compose or use GITEA_TOKEN_FILE=/path/to/secret
# ============================

# Gitea Webhook Settings
GITEA_API_URL=https://your-gitea-instance.com/api/v1
GITEA_WEBHOOK_SECRET=your_webhook_secret_here
GITEA_TOKEN=your_gitea_token_here

# Bot Configuration (REQUIRED)
BOT_USERNAME=@ClaudeBot
BOT_EMAIL=claude@example.com

# Security Configuration
AUTHORIZED_USERS=admin,username2,username3
DEFAULT_AUTHORIZED_USER=admin

# Default Gitea Configuration for CLI
DEFAULT_GITEA_OWNER=your-org
DEFAULT_GITEA_USER=your-username
DEFAULT_BRANCH=main

# Claude API Settings
ANTHROPIC_API_KEY=your_anthropic_api_key_here

# Claude Hub Directory
# Directory where Claude Hub stores configuration, authentication, and database files (default: ~/.claude-hub)
CLAUDE_HUB_DIR=/home/user/.claude-hub

# Container Settings
CLAUDE_USE_CONTAINERS=1
CLAUDE_CONTAINER_IMAGE=claudecode:latest
CLAUDE_CONTAINER_PRIVILEGED=false
REPO_CACHE_DIR=/tmp/repo-cache
REPO_CACHE_MAX_AGE_MS=3600000
CONTAINER_LIFETIME_MS=7200000  # Container execution timeout in milliseconds (default: 2 hours)

# Claude Code Timeout Settings (for unattended mode)
BASH_DEFAULT_TIMEOUT_MS=600000  # Default timeout for bash commands (10 minutes)
BASH_MAX_TIMEOUT_MS=1200000     # Maximum timeout Claude can set (20 minutes)

# Container Resource Limits
CLAUDE_CONTAINER_CPU_SHARES=1024
CLAUDE_CONTAINER_MEMORY_LIMIT=2g
CLAUDE_CONTAINER_PIDS_LIMIT=256

# AWS Bedrock Credentials for Claude (if using Bedrock)
AWS_ACCESS_KEY_ID=your_aws_access_key_id
AWS_SECRET_ACCESS_KEY=your_aws_secret_access_key
AWS_REGION=us-east-1
CLAUDE_CODE_USE_BEDROCK=1
ANTHROPIC_MODEL=us.anthropic.claude-3-7-sonnet-20250219-v1:0

# AWS Profile (uncomment if using AWS profiles instead of direct credentials)
# USE_AWS_PROFILE=true
# AWS_PROFILE=claude-webhook


# Container Capabilities (optional)
CLAUDE_CONTAINER_CAP_NET_RAW=true
CLAUDE_CONTAINER_CAP_SYS_TIME=false
CLAUDE_CONTAINER_CAP_DAC_OVERRIDE=true
CLAUDE_CONTAINER_CAP_AUDIT_WRITE=true
CLAUDE_CONTAINER_CAP_SYS_ADMIN=false

# PR Review Configuration
PR_REVIEW_WAIT_FOR_ALL_CHECKS=true
PR_REVIEW_TRIGGER_WORKFLOW=Pull Request CI
PR_REVIEW_DEBOUNCE_MS=5000
PR_REVIEW_MAX_WAIT_MS=1800000
PR_REVIEW_CONDITIONAL_TIMEOUT_MS=300000

# Test Configuration
TEST_REPO_FULL_NAME=owner/repo

# Security Configuration (optional)
# DISABLE_LOG_REDACTION=false  # WARNING: Only enable for debugging, exposes sensitive data in logs

# File-based Secrets (optional, takes priority over environment variables)
# GITEA_TOKEN_FILE=/run/secrets/gitea_token
# ANTHROPIC_API_KEY_FILE=/run/secrets/anthropic_api_key
# GITEA_WEBHOOK_SECRET_FILE=/run/secrets/gitea_webhook_secret

# Authentication Methods (optional)
# CLAUDE_AUTH_HOST_DIR=/path/to/claude/auth  # For setup container authentication

# CLI Configuration (optional)
# API_URL=http://localhost:3003  # Default API URL for CLI tool
# WEBHOOK_URL=http://localhost:3002/api/webhooks/gitea  # Webhook endpoint URL