-
Notifications
You must be signed in to change notification settings - Fork 13
Expand file tree
/
Copy path.env.example
More file actions
190 lines (153 loc) · 6.72 KB
/
.env.example
File metadata and controls
190 lines (153 loc) · 6.72 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
# Trinity Agent Platform - Environment Configuration Template
# Copy this file to .env and fill in your actual values
# ===========================================
# REQUIRED SETTINGS (SECURITY-CRITICAL)
# ===========================================
# JWT Secret Key - REQUIRED for production
# Generate with: openssl rand -hex 32
# SECURITY: Never use default value in production!
SECRET_KEY=
# Credential Encryption Key - REQUIRED for production
# Used to encrypt sensitive data (OAuth tokens, subscription credentials)
# Generate with: openssl rand -hex 32
# SECURITY: If lost, all encrypted credentials become unrecoverable!
CREDENTIAL_ENCRYPTION_KEY=
# Internal API Secret - Used for scheduler-to-backend communication (C-003)
# Generate with: openssl rand -hex 32
# Falls back to SECRET_KEY if not set
INTERNAL_API_SECRET=
# Admin credentials
# SECURITY: Use a strong password, minimum 12 characters
ADMIN_USERNAME=admin
ADMIN_PASSWORD=
# Anthropic API Key - Required for agents to use Claude
# You can leave this empty and configure it in Settings after login
ANTHROPIC_API_KEY=
# ===========================================
# EMAIL AUTHENTICATION (Default)
# ===========================================
# Email-based login is enabled by default
# Users enter email → receive 6-digit code → login
# Whitelist emails in Settings → Email Whitelist
# Email service provider: console (dev), smtp, sendgrid, resend
EMAIL_PROVIDER=console
# Resend API (recommended for production)
# Get from: https://resend.com/api-keys
RESEND_API_KEY=
# From address for verification emails
SMTP_FROM=noreply@your-domain.com
# ===========================================
# CORS ORIGINS
# ===========================================
# Additional CORS origins (comma-separated)
# Add your production domains here
EXTRA_CORS_ORIGINS=https://your-domain.com,http://your-domain.com
# ===========================================
# OAUTH PROVIDERS (Optional)
# ===========================================
# Google OAuth (for Google Workspace MCP)
# Get from: https://console.cloud.google.com/apis/credentials
GOOGLE_CLIENT_ID=
GOOGLE_CLIENT_SECRET=
# Slack OAuth (for Slack MCP)
# Get from: https://api.slack.com/apps
SLACK_CLIENT_ID=
SLACK_CLIENT_SECRET=
# Slack Signing Secret (for verifying Slack webhook requests)
# Get from: https://api.slack.com/apps → Basic Information → Signing Secret
SLACK_SIGNING_SECRET=
# GitHub OAuth (for GitHub MCP)
# Get from: https://github.com/settings/developers
GITHUB_CLIENT_ID=
GITHUB_CLIENT_SECRET=
# GitHub Personal Access Token (for cloning private template repos)
# Get from: https://github.com/settings/tokens (classic token with 'repo' scope)
# This will be auto-uploaded to Redis on startup for local development
GITHUB_PAT=
# Self-hosted git support (#387)
# Optional overrides — default to github.com / api.github.com (standard GitHub).
# Set both when targeting GitHub Enterprise Server, Gitea, or a dev harness.
# TRINITY_GIT_BASE_URL=https://git.example.com
# TRINITY_GIT_API_BASE=https://git.example.com/api/v1
# Notion OAuth (for Notion MCP)
# Get from: https://www.notion.so/my-integrations
NOTION_CLIENT_ID=
NOTION_CLIENT_SECRET=
# ===========================================
# IMAGE GENERATION (Optional - IMG-001)
# ===========================================
# Google Gemini API Key (for platform image generation)
# Used by the image generation service for prompt refinement and image creation
# Get from: https://aistudio.google.com/apikey
GEMINI_API_KEY=
# ===========================================
# SERVICE URLS (Usually no need to change)
# ===========================================
REDIS_URL=redis://redis:6379
AUDIT_URL=http://audit-logger:8001
BACKEND_URL=http://localhost:8000
# ===========================================
# REDIS SECURITY (Optional but recommended for production)
# ===========================================
# Redis password - Set for production deployments
# Generate with: openssl rand -hex 16
# Leave empty for development (Redis will run without auth)
REDIS_PASSWORD=
# ===========================================
# PUBLIC ACCESS CONFIGURATION (Optional)
# ===========================================
# External URL for public chat links (PUB-002)
# Set this when you want to share public agent links with users outside VPN
# This is the public-facing domain (e.g., https://public.abilityai.dev)
# Used by: public chat links, Telegram webhooks, Slack OAuth, Nevermined payments
# When set, enables "Copy External Link" button in PublicLinksPanel
# Leave empty if all users have VPN access
PUBLIC_CHAT_URL=
# ===========================================
# CLOUDFLARE TUNNEL (Optional - public access)
# ===========================================
# Cloudflare Tunnel token for public endpoint access
# Enables external access to public chat, Telegram webhooks, Slack OAuth, etc.
# without exposing the instance directly or opening firewall ports
#
# Setup:
# 1. Go to Cloudflare Zero Trust → Networks → Tunnels → Create
# 2. Copy the tunnel token
# 3. Configure public hostname and ingress rules in Cloudflare dashboard
# 4. Add CNAME record in your DNS: public.your-domain.com → <tunnel-id>.cfargotunnel.com
# 5. Start with: docker compose --profile tunnel up -d
#
# Exposed paths (configure in Cloudflare dashboard):
# / → Frontend SPA root
# /chat/* → Public chat UI
# /api/public/* → Public API + Slack OAuth callback
# /api/telegram/webhook/* → Telegram bot webhooks
# /api/paid/*/chat → Nevermined paid chat
# /api/paid/*/info → Payment info
# /assets/* → Static assets
#
# Leave empty to disable tunnel (instance stays private via Tailscale only)
TUNNEL_TOKEN=
# ===========================================
# SSH ACCESS CONFIGURATION (Optional)
# ===========================================
# SSH host for agent SSH access (MCP tool get_agent_ssh_access)
# Auto-detected from FRONTEND_URL domain in production, or:
# - Set explicitly for custom setups (e.g., Tailscale IP, public IP)
# - Leave empty to use auto-detection
SSH_HOST=
# ===========================================
# OPENTELEMETRY CONFIGURATION (Optional)
# ===========================================
# Enable OpenTelemetry metrics export from Claude Code agents
# Set to 1 to enable, 0 to disable (default: enabled)
OTEL_ENABLED=1
# OTEL Collector endpoint (only used when OTEL_ENABLED=1)
# Default points to Docker service name for in-network access
OTEL_COLLECTOR_ENDPOINT=http://trinity-otel-collector:4317
# Exporter configuration (usually no need to change)
OTEL_METRICS_EXPORTER=otlp
OTEL_LOGS_EXPORTER=otlp
OTEL_EXPORTER_OTLP_PROTOCOL=grpc
# Metrics export interval in milliseconds (default: 60 seconds)
OTEL_METRIC_EXPORT_INTERVAL=60000