-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy path.env.example
More file actions
137 lines (125 loc) · 5.88 KB
/
.env.example
File metadata and controls
137 lines (125 loc) · 5.88 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
# ==============================================================================
# OpenCode Dashboard — Environment Configuration
# ==============================================================================
# Copy this file to .env.local and fill in values before running.
# NEVER commit .env.local — it is gitignored by default.
# ==============================================================================
# ------------------------------------------------------------------------------
# HOST BINDING
# ------------------------------------------------------------------------------
# Bind to 127.0.0.1 (loopback only) so the dashboard is never exposed on LAN
# or public interfaces. Access remotely via SSH tunnel or Tailscale only.
#
# ssh -N -L 3000:127.0.0.1:3000 user@mac-mini
#
HOST=127.0.0.1
PORT=3000
# ------------------------------------------------------------------------------
# API AUTHENTICATION
# ------------------------------------------------------------------------------
# Shared secret used by the opencode-hook and any client hitting /api/*.
# Generate one with: openssl rand -hex 32
# The hook sends this as: Authorization: Bearer <token>
# All POST endpoints MUST reject requests without a valid token.
#
DASHBOARD_API_KEY=CHANGE_ME_openssl_rand_hex_32
# ------------------------------------------------------------------------------
# CORS — ALLOWED ORIGINS
# ------------------------------------------------------------------------------
# Comma-separated list of origins permitted to call the API.
# Keep this tight. Examples:
# http://127.0.0.1:3000 — local web dashboard
# http://localhost:3000 — local alias
# exp://192.168.1.x:8081 — Expo dev client on LAN
#
# Do NOT use "*" in production.
#
ALLOWED_ORIGINS=http://127.0.0.1:3000,http://localhost:3000
# ------------------------------------------------------------------------------
# RATE LIMITING
# ------------------------------------------------------------------------------
# Max requests per window per IP. Protects write endpoints from abuse.
#
RATE_LIMIT_WINDOW_MS=60000
RATE_LIMIT_MAX_REQUESTS=60
# ------------------------------------------------------------------------------
# DASHBOARD URL (used by opencode-hook on the agent side)
# ------------------------------------------------------------------------------
# Where the hook POSTs events. Should match HOST:PORT above.
# If accessing over SSH tunnel from agent machine, keep as localhost.
#
DASHBOARD_URL=http://127.0.0.1:3000
# ------------------------------------------------------------------------------
# PROJECT IDENTIFICATION (used by opencode-hook)
# ------------------------------------------------------------------------------
# The project/venture ID that this agent is working on.
# Maps to the project selector in the dashboard.
# Example: cookbook, crypto-attestation, opencode-dashboard
#
# PROJECT_ID=
# ------------------------------------------------------------------------------
# DATA DIRECTORY (optional override)
# ------------------------------------------------------------------------------
# Default: ~/.opencode-dashboard
# Contains: data.db (SQLite) and key (NaCl encryption key, chmod 600)
#
# DATA_DIR=~/.opencode-dashboard
# ------------------------------------------------------------------------------
# BASE PATH (optional — for serving under a subpath)
# ------------------------------------------------------------------------------
# Set this when hosting the dashboard behind a reverse proxy at a subpath.
# Next.js will serve all pages and assets under this prefix.
# Example: Tailscale Serve at /opencode → BASE_PATH=/opencode
#
# BASE_PATH=/opencode
# ASSET_PREFIX=/opencode
# ------------------------------------------------------------------------------
# BROWSER AUTHENTICATION
# ------------------------------------------------------------------------------
# The dashboard uses GitHub OAuth to authenticate browser sessions.
# API key auth (DASHBOARD_API_KEY above) is separate and always active for
# machine-to-machine calls regardless of this setting.
#
# If you're running behind Tailscale or another private network and don't need
# per-user login, set DISABLE_AUTH=true to skip the GitHub sign-in flow.
# The dashboard will be open to anyone who can reach it on the network.
#
# DISABLE_AUTH=true
#
# To enable GitHub login:
#
# 1. Create a GitHub OAuth App at https://github.com/settings/developers
# - Homepage URL: http://127.0.0.1:3000 (or your Tailscale URL)
# - Authorization callback URL: http://127.0.0.1:3000/api/auth/callback
# (if using BASE_PATH, include it: https://yourhost/opencode/api/auth/callback)
#
# 2. Copy the Client ID and generate a Client Secret:
#
GITHUB_CLIENT_ID=
GITHUB_CLIENT_SECRET=
#
# 3. Start the dashboard and sign in. The first user to authenticate becomes
# the owner. Subsequent users need an invite from the Settings page.
# ------------------------------------------------------------------------------
# LINEAR INTEGRATION (Phase 4)
# ------------------------------------------------------------------------------
# Personal API key: https://linear.app/settings/api
# Or use OAuth (future enhancement)
#
LINEAR_API_KEY=
#
# Webhook secret for signature verification.
# Set this when registering webhooks at https://linear.app/settings/api/webhooks
#
LINEAR_WEBHOOK_SECRET=
# ------------------------------------------------------------------------------
# TEMPORAL (Phase 5)
# ------------------------------------------------------------------------------
TEMPORAL_ADDRESS=localhost:7233
TEMPORAL_NAMESPACE=default
TEMPORAL_TASK_QUEUE=opencode-agent-tasks
# ------------------------------------------------------------------------------
# Alert Rules (Phase 6)
# ------------------------------------------------------------------------------
# Alert rules are stored in the database (alert_rules table)
# Default rules are seeded on first run - customize via /api/settings/alerts