2026-03-15 17:57:12 +01:00
|
|
|
# Disinto — Environment Configuration
|
2026-03-12 12:44:15 +00:00
|
|
|
# Copy to .env and fill in your values.
|
|
|
|
|
# NEVER commit .env to the repo.
|
2026-03-23 18:58:33 +00:00
|
|
|
#
|
|
|
|
|
# With SOPS + age installed, `disinto init` encrypts secrets into .env.enc
|
|
|
|
|
# and removes plaintext .env. To migrate an existing .env: `disinto secrets migrate`
|
|
|
|
|
#
|
|
|
|
|
# Variables marked [SECRET] are credentials that grant access if leaked.
|
|
|
|
|
# Variables marked [CONFIG] are non-sensitive and safe in plaintext.
|
2026-03-12 12:44:15 +00:00
|
|
|
|
2026-03-20 15:01:28 +00:00
|
|
|
# ── Per-project config ────────────────────────────────────────────────────
|
fix: Replace Codeberg dependency with local Forgejo instance (#611)
- Add setup_forge() to bin/disinto: provisions Forgejo via Docker,
creates admin + bot users (dev-bot, review-bot), generates API
tokens, creates repo, and pushes code — all automated
- Rename env vars: CODEBERG_TOKEN→FORGE_TOKEN, REVIEW_BOT_TOKEN→
FORGE_REVIEW_TOKEN, CODEBERG_REPO→FORGE_REPO, CODEBERG_API→
FORGE_API, CODEBERG_WEB→FORGE_WEB, CODEBERG_BOT_USERNAMES→
FORGE_BOT_USERNAMES (with backwards-compat fallbacks)
- Rename API helpers: codeberg_api()→forge_api(), codeberg_api_all()
→forge_api_all() (with compat aliases)
- Add forge_url field to project TOML; load-project.sh derives
FORGE_API/FORGE_WEB from forge_url + repo
- Update parse_repo_slug() to accept any host URL, not just codeberg
- Forgejo data stored under ~/.disinto/forgejo/ (not in factory repo)
- Update all 58 files: agent scripts, formulas, docs, site HTML
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-23 16:57:12 +00:00
|
|
|
# Project-specific settings (FORGE_REPO, PROJECT_REPO_ROOT, PRIMARY_BRANCH,
|
2026-03-20 15:01:28 +00:00
|
|
|
# WOODPECKER_REPO_ID) now live in projects/*.toml — see projects/harb.toml
|
|
|
|
|
# for an example. Do NOT set them here; they leak into every session.
|
2026-03-14 13:49:09 +01:00
|
|
|
|
fix: Replace Codeberg dependency with local Forgejo instance (#611)
- Add setup_forge() to bin/disinto: provisions Forgejo via Docker,
creates admin + bot users (dev-bot, review-bot), generates API
tokens, creates repo, and pushes code — all automated
- Rename env vars: CODEBERG_TOKEN→FORGE_TOKEN, REVIEW_BOT_TOKEN→
FORGE_REVIEW_TOKEN, CODEBERG_REPO→FORGE_REPO, CODEBERG_API→
FORGE_API, CODEBERG_WEB→FORGE_WEB, CODEBERG_BOT_USERNAMES→
FORGE_BOT_USERNAMES (with backwards-compat fallbacks)
- Rename API helpers: codeberg_api()→forge_api(), codeberg_api_all()
→forge_api_all() (with compat aliases)
- Add forge_url field to project TOML; load-project.sh derives
FORGE_API/FORGE_WEB from forge_url + repo
- Update parse_repo_slug() to accept any host URL, not just codeberg
- Forgejo data stored under ~/.disinto/forgejo/ (not in factory repo)
- Update all 58 files: agent scripts, formulas, docs, site HTML
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-23 16:57:12 +00:00
|
|
|
# ── Forge (Forgejo) ─────────────────────────────────────────────────────
|
2026-03-23 18:58:33 +00:00
|
|
|
FORGE_URL=http://localhost:3000 # [CONFIG] local Forgejo instance
|
fix: Replace Codeberg dependency with local Forgejo instance (#611)
- Add setup_forge() to bin/disinto: provisions Forgejo via Docker,
creates admin + bot users (dev-bot, review-bot), generates API
tokens, creates repo, and pushes code — all automated
- Rename env vars: CODEBERG_TOKEN→FORGE_TOKEN, REVIEW_BOT_TOKEN→
FORGE_REVIEW_TOKEN, CODEBERG_REPO→FORGE_REPO, CODEBERG_API→
FORGE_API, CODEBERG_WEB→FORGE_WEB, CODEBERG_BOT_USERNAMES→
FORGE_BOT_USERNAMES (with backwards-compat fallbacks)
- Rename API helpers: codeberg_api()→forge_api(), codeberg_api_all()
→forge_api_all() (with compat aliases)
- Add forge_url field to project TOML; load-project.sh derives
FORGE_API/FORGE_WEB from forge_url + repo
- Update parse_repo_slug() to accept any host URL, not just codeberg
- Forgejo data stored under ~/.disinto/forgejo/ (not in factory repo)
- Update all 58 files: agent scripts, formulas, docs, site HTML
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-23 16:57:12 +00:00
|
|
|
|
2026-03-14 13:49:09 +01:00
|
|
|
# ── Auth tokens ───────────────────────────────────────────────────────────
|
fix: Per-agent Forgejo accounts — identity and permissions via authorship (#747)
Each agent now gets its own Forgejo account (dev-bot, review-bot,
planner-bot, gardener-bot, vault-bot, supervisor-bot, predictor-bot,
action-bot) with a dedicated API token. This enables:
- Audit trail: every forge action attributable to a specific agent
- Permission boundaries: agents act under their own identity
- Vault authorization model: vault-bot comments = proof of approval
Changes:
- bin/disinto: setup_forge() creates all 8 bot accounts during init,
stores per-agent tokens (FORGE_*_TOKEN) in .env, adds all bots as
repo collaborators
- lib/env.sh: exports per-agent token vars with fallback to FORGE_TOKEN
for backwards compat; sets FORGE_BOT_USERNAMES default to all 8 bots
- Agent scripts: each agent overrides FORGE_TOKEN with its per-agent
token after sourcing env.sh (gardener, planner, supervisor, predictor,
vault, action)
- .env.example: documents all per-agent token fields
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-26 16:16:13 +00:00
|
|
|
# Each agent has its own Forgejo account and API token (#747).
|
|
|
|
|
# Per-agent tokens fall back to FORGE_TOKEN if not set.
|
|
|
|
|
FORGE_TOKEN= # [SECRET] dev-bot API token (default for all agents)
|
2026-03-23 18:58:33 +00:00
|
|
|
FORGE_REVIEW_TOKEN= # [SECRET] review-bot API token
|
fix: Per-agent Forgejo accounts — identity and permissions via authorship (#747)
Each agent now gets its own Forgejo account (dev-bot, review-bot,
planner-bot, gardener-bot, vault-bot, supervisor-bot, predictor-bot,
action-bot) with a dedicated API token. This enables:
- Audit trail: every forge action attributable to a specific agent
- Permission boundaries: agents act under their own identity
- Vault authorization model: vault-bot comments = proof of approval
Changes:
- bin/disinto: setup_forge() creates all 8 bot accounts during init,
stores per-agent tokens (FORGE_*_TOKEN) in .env, adds all bots as
repo collaborators
- lib/env.sh: exports per-agent token vars with fallback to FORGE_TOKEN
for backwards compat; sets FORGE_BOT_USERNAMES default to all 8 bots
- Agent scripts: each agent overrides FORGE_TOKEN with its per-agent
token after sourcing env.sh (gardener, planner, supervisor, predictor,
vault, action)
- .env.example: documents all per-agent token fields
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-26 16:16:13 +00:00
|
|
|
FORGE_PLANNER_TOKEN= # [SECRET] planner-bot API token
|
|
|
|
|
FORGE_GARDENER_TOKEN= # [SECRET] gardener-bot API token
|
|
|
|
|
FORGE_VAULT_TOKEN= # [SECRET] vault-bot API token
|
|
|
|
|
FORGE_SUPERVISOR_TOKEN= # [SECRET] supervisor-bot API token
|
|
|
|
|
FORGE_PREDICTOR_TOKEN= # [SECRET] predictor-bot API token
|
2026-04-01 09:53:47 +00:00
|
|
|
FORGE_ARCHITECT_TOKEN= # [SECRET] architect-bot API token
|
|
|
|
|
FORGE_BOT_USERNAMES=dev-bot,review-bot,planner-bot,gardener-bot,vault-bot,supervisor-bot,predictor-bot,architect-bot
|
fix: Replace Codeberg dependency with local Forgejo instance (#611)
- Add setup_forge() to bin/disinto: provisions Forgejo via Docker,
creates admin + bot users (dev-bot, review-bot), generates API
tokens, creates repo, and pushes code — all automated
- Rename env vars: CODEBERG_TOKEN→FORGE_TOKEN, REVIEW_BOT_TOKEN→
FORGE_REVIEW_TOKEN, CODEBERG_REPO→FORGE_REPO, CODEBERG_API→
FORGE_API, CODEBERG_WEB→FORGE_WEB, CODEBERG_BOT_USERNAMES→
FORGE_BOT_USERNAMES (with backwards-compat fallbacks)
- Rename API helpers: codeberg_api()→forge_api(), codeberg_api_all()
→forge_api_all() (with compat aliases)
- Add forge_url field to project TOML; load-project.sh derives
FORGE_API/FORGE_WEB from forge_url + repo
- Update parse_repo_slug() to accept any host URL, not just codeberg
- Forgejo data stored under ~/.disinto/forgejo/ (not in factory repo)
- Update all 58 files: agent scripts, formulas, docs, site HTML
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-23 16:57:12 +00:00
|
|
|
|
|
|
|
|
# ── Backwards compatibility ───────────────────────────────────────────────
|
|
|
|
|
# If CODEBERG_TOKEN is set but FORGE_TOKEN is not, env.sh falls back to
|
|
|
|
|
# CODEBERG_TOKEN automatically (same for REVIEW_BOT_TOKEN, CODEBERG_REPO,
|
|
|
|
|
# CODEBERG_BOT_USERNAMES). No action needed for existing deployments.
|
fix: Per-agent Forgejo accounts — identity and permissions via authorship (#747)
Each agent now gets its own Forgejo account (dev-bot, review-bot,
planner-bot, gardener-bot, vault-bot, supervisor-bot, predictor-bot,
action-bot) with a dedicated API token. This enables:
- Audit trail: every forge action attributable to a specific agent
- Permission boundaries: agents act under their own identity
- Vault authorization model: vault-bot comments = proof of approval
Changes:
- bin/disinto: setup_forge() creates all 8 bot accounts during init,
stores per-agent tokens (FORGE_*_TOKEN) in .env, adds all bots as
repo collaborators
- lib/env.sh: exports per-agent token vars with fallback to FORGE_TOKEN
for backwards compat; sets FORGE_BOT_USERNAMES default to all 8 bots
- Agent scripts: each agent overrides FORGE_TOKEN with its per-agent
token after sourcing env.sh (gardener, planner, supervisor, predictor,
vault, action)
- .env.example: documents all per-agent token fields
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-26 16:16:13 +00:00
|
|
|
# Per-agent tokens default to FORGE_TOKEN when unset (single-token setups).
|
2026-03-20 19:01:56 +00:00
|
|
|
|
2026-03-14 13:49:09 +01:00
|
|
|
# ── Woodpecker CI ─────────────────────────────────────────────────────────
|
2026-03-23 18:58:33 +00:00
|
|
|
WOODPECKER_TOKEN= # [SECRET] Woodpecker API token
|
|
|
|
|
WOODPECKER_SERVER=http://localhost:8000 # [CONFIG] Woodpecker server URL
|
2026-03-25 14:07:27 +00:00
|
|
|
WOODPECKER_AGENT_SECRET= # [SECRET] shared secret for server↔agent auth (auto-generated)
|
2026-03-20 15:01:28 +00:00
|
|
|
# WOODPECKER_REPO_ID — now per-project, set in projects/*.toml [ci] section
|
2026-03-12 12:44:15 +00:00
|
|
|
|
|
|
|
|
# Woodpecker Postgres (for direct DB queries)
|
2026-03-23 18:58:33 +00:00
|
|
|
WOODPECKER_DB_PASSWORD= # [SECRET] Postgres password
|
|
|
|
|
WOODPECKER_DB_USER=woodpecker # [CONFIG] Postgres user
|
|
|
|
|
WOODPECKER_DB_HOST=127.0.0.1 # [CONFIG] Postgres host
|
|
|
|
|
WOODPECKER_DB_NAME=woodpecker # [CONFIG] Postgres database name
|
2026-03-12 12:44:15 +00:00
|
|
|
|
2026-03-26 16:59:57 +00:00
|
|
|
# ── Vault-only secrets (DO NOT put these in .env) ────────────────────────
|
|
|
|
|
# These tokens grant access to external systems (GitHub, ClawHub, deploy targets).
|
2026-03-29 12:43:18 +00:00
|
|
|
# They live ONLY in .env.vault.enc and are injected into the ephemeral runner
|
2026-03-26 16:59:57 +00:00
|
|
|
# container at fire time (#745). lib/env.sh explicitly unsets them so agents
|
|
|
|
|
# can never hold them directly — all external actions go through vault dispatch.
|
|
|
|
|
#
|
|
|
|
|
# GITHUB_TOKEN — GitHub API access (publish, deploy, post)
|
|
|
|
|
# CLAWHUB_TOKEN — ClawHub registry credentials (publish)
|
|
|
|
|
# (deploy keys) — SSH keys for deployment targets
|
|
|
|
|
#
|
|
|
|
|
# To manage vault secrets: disinto secrets edit-vault
|
2026-03-31 20:38:05 +00:00
|
|
|
# (vault redesign in progress: PR-based approval, see #73-#77)
|
2026-03-26 16:59:57 +00:00
|
|
|
|
2026-03-21 09:54:21 +00:00
|
|
|
# ── Project-specific secrets ──────────────────────────────────────────────
|
|
|
|
|
# Store all project secrets here so formulas reference env vars, never hardcode.
|
2026-03-23 18:58:33 +00:00
|
|
|
BASE_RPC_URL= # [SECRET] on-chain RPC endpoint
|
2026-03-21 09:54:21 +00:00
|
|
|
|
2026-03-14 13:49:09 +01:00
|
|
|
# ── Tuning ────────────────────────────────────────────────────────────────
|
2026-03-23 18:58:33 +00:00
|
|
|
CLAUDE_TIMEOUT=7200 # [CONFIG] max seconds per Claude invocation
|
2026-03-25 15:34:55 +00:00
|
|
|
|
2026-03-26 13:21:22 +00:00
|
|
|
# ── Factory safety ────────────────────────────────────────────────────────
|
|
|
|
|
# Disables Claude Code auto-updater, telemetry, error reporting, and bug
|
|
|
|
|
# command. Factory sessions are production processes — they must never phone
|
|
|
|
|
# home or auto-update mid-session. Added after #725 (crash during red-team run).
|
|
|
|
|
CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC=1 # [CONFIG] suppress all non-essential traffic
|
|
|
|
|
|