-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathenv.example
More file actions
76 lines (67 loc) · 3.45 KB
/
env.example
File metadata and controls
76 lines (67 loc) · 3.45 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
# ============================================================
# ClawHive — Environment Variables
# ============================================================
# Copy to .env and fill in values. All secrets must be set;
# optional vars have defaults noted in comments.
# --- Database (PostgreSQL) ---
# If you use the bundled Docker Compose Postgres service from this repo,
# it is exposed on localhost:5433.
DATABASE_URL=postgres://clawhive:changeme@localhost:5433/clawhive
# --- OpenClaw Gateway ---
# URL of the OpenClaw gateway (default: http://localhost:18789)
OPENCLAW_GATEWAY_URL=http://localhost:18789
# Optional explicit WS URL for OpenClaw control-plane RPC (default derived from OPENCLAW_GATEWAY_URL)
# OPENCLAW_WS_URL=ws://localhost:18789
# Shared gateway auth token (must match OpenClaw's gateway.auth.token)
OPENCLAW_GATEWAY_TOKEN=
# Internal OpenClaw Telegram webhook listener used by Router proxy mode.
# In Docker this is typically http://openclaw:8788/telegram-webhook (the proxy port).
# OPENCLAW_TELEGRAM_INTERNAL_WEBHOOK_URL=http://openclaw:8788/telegram-webhook
# Optional: override OpenClaw state dir. For Dockerized OpenClaw + sandboxing on macOS,
# use a host-shared absolute path (for example under /Users/...).
# OPENCLAW_STATE_DIR=/Users/<you>/.../ClawHive/.openclaw-state
# Sandbox defaults for OpenClaw tool execution
# OPENCLAW_SANDBOX_MODE=all
# OPENCLAW_SANDBOX_SCOPE=agent
# OPENCLAW_SANDBOX_WORKSPACE_ACCESS=rw
# Sandbox network mode: "none" (isolated) or "bridge" (outbound internet via Docker NAT).
# OPENCLAW_SANDBOX_NETWORK=bridge
# Use a project-owned image name so missing image fails closed (no default fallback retag).
# OPENCLAW_SANDBOX_IMAGE=clawhive-sandbox:bookworm-slim
# --- LLM Provider Keys (passed through to OpenClaw) ---
# Set at least one:
# ANTHROPIC_API_KEY=
# OPENAI_API_KEY=
# Optional: authoritative OpenClaw primary model override.
# When set, ClawHive writes this into persisted OpenClaw config on startup.
# OPENCLAW_PRIMARY_MODEL=anthropic/claude-sonnet-4-20250514
# Optional: also rewrite existing agent-specific model overrides on startup.
# OPENCLAW_FORCE_AGENT_MODEL_OVERRIDES=false
# --- Router Auth ---
# Secret used to sign JWTs for admin/operator access
JWT_SECRET=change-me-to-a-random-64-char-string
# Bootstrap admin API key (used for first tenant creation)
ADMIN_API_KEY=change-me-to-a-random-api-key
# --- Webhook Secrets (per channel) ---
# SLACK_BOT_TOKEN= # required by Router to send pending/onboarding replies on Slack
# SLACK_SIGNING_SECRET=
# TWILIO_AUTH_TOKEN=
# TELEGRAM_SECRET_TOKEN= # required for Router-governed Telegram ingress; requests are rejected if unset
# Public Telegram webhook URL that points to the Router endpoint:
# https://<public-router-url>/webhooks/telegram
# Required if you want Router-governed Telegram ingress while preserving native OpenClaw Telegram delivery.
# TELEGRAM_WEBHOOK_URL=
# Optional internal path OpenClaw uses for local Telegram webhook listener.
# TELEGRAM_WEBHOOK_PATH=/telegram-webhook
# --- Credential Encryption ---
# 32-byte hex key for AES-256-GCM credential encryption at rest
# Generate with: node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
CREDENTIAL_ENCRYPTION_KEY=
# --- Server ---
# PORT=3000
# LOG_LEVEL=info
# --- Security ---
# Set to "true" to allow public user self-registration with token issuance
# ALLOW_PUBLIC_REGISTER=false
# Injection policy: "block" (default) rejects detected injections; "warn" logs but forwards
# INJECTION_POLICY=block