johba/disinto
1
0
Fork 0
Code Issues 4 Pull requests Projects Releases Packages Wiki Activity Actions
disinto/.env.example
disinto-exec 5c1c91bae2 refactor: extract compass from CHARACTER.md into runtime-loaded secret 
The compass (identity, moral core) now lives outside the repo at a path
specified by EXEC_COMPASS in .env or .env.enc. The agent hard-fails if
the compass file is missing — it refuses to start without its soul.

This means the factory (dev agent, gardener, planner) can evolve the
exec's voice and relationships via PRs to CHARACTER.md, but cannot
touch the compass. Only the executive controls it directly.

- exec-session.sh: loads compass from $EXEC_COMPASS, merges with CHARACTER.md
- exec-briefing.sh: same compass loading, hard fail without it
- CHARACTER.md: compass sections replaced with runtime-load comments
- COMPASS.md.example: template for the compass file
- .env.example: added EXEC_COMPASS variable
- exec/AGENTS.md: documented compass separation and EXEC_COMPASS requirement
2026-03-25 15:34:55 +00:00

62 lines
4.5 KiB
Text
Raw Blame History

# Disinto — Environment Configuration
# Copy to .env and fill in your values.
# NEVER commit .env to the repo.
#
# With SOPS + age installed, `disinto init` encrypts secrets into .env.enc
# and removes plaintext .env. To migrate an existing .env: `disinto secrets migrate`
#
# Variables marked [SECRET] are credentials that grant access if leaked.
# Variables marked [CONFIG] are non-sensitive and safe in plaintext.
# ── Per-project config ────────────────────────────────────────────────────
# Project-specific settings (FORGE_REPO, PROJECT_REPO_ROOT, PRIMARY_BRANCH,
# WOODPECKER_REPO_ID) now live in projects/*.toml — see projects/harb.toml
# for an example. Do NOT set them here; they leak into every session.
# ── Forge (Forgejo) ─────────────────────────────────────────────────────
FORGE_URL=http://localhost:3000 # [CONFIG] local Forgejo instance
# ── Auth tokens ───────────────────────────────────────────────────────────
FORGE_TOKEN= # [SECRET] dev-bot API token
FORGE_REVIEW_TOKEN= # [SECRET] review-bot API token
FORGE_BOT_USERNAMES= # [CONFIG] comma-separated bot usernames
# ── Backwards compatibility ───────────────────────────────────────────────
# If CODEBERG_TOKEN is set but FORGE_TOKEN is not, env.sh falls back to
# CODEBERG_TOKEN automatically (same for REVIEW_BOT_TOKEN, CODEBERG_REPO,
# CODEBERG_BOT_USERNAMES). No action needed for existing deployments.
# ── Woodpecker CI ─────────────────────────────────────────────────────────
WOODPECKER_TOKEN= # [SECRET] Woodpecker API token
WOODPECKER_SERVER=http://localhost:8000 # [CONFIG] Woodpecker server URL
WOODPECKER_AGENT_SECRET= # [SECRET] shared secret for server↔agent auth (auto-generated)
# WOODPECKER_REPO_ID — now per-project, set in projects/*.toml [ci] section
# Woodpecker Postgres (for direct DB queries)
WOODPECKER_DB_PASSWORD= # [SECRET] Postgres password
WOODPECKER_DB_USER=woodpecker # [CONFIG] Postgres user
WOODPECKER_DB_HOST=127.0.0.1 # [CONFIG] Postgres host
WOODPECKER_DB_NAME=woodpecker # [CONFIG] Postgres database name
# ── Matrix (optional — real-time notifications & escalation replies) ──────
# In compose mode, Dendrite runs inside the Docker network. `disinto init`
# provisions the bot user, room, and token automatically.
# Compose: MATRIX_HOMESERVER defaults to http://dendrite:8008 (set by env.sh)
# Bare metal: MATRIX_HOMESERVER defaults to http://localhost:8008
MATRIX_HOMESERVER=http://dendrite:8008 # [CONFIG] Dendrite URL (compose default)
MATRIX_BOT_USER=@factory-bot:disinto.local # [CONFIG] bot's Matrix user ID
MATRIX_TOKEN= # [SECRET] bot's access token (auto-provisioned)
MATRIX_ROOM_ID= # [CONFIG] coordination room ID (auto-provisioned)
# ── Project-specific secrets ──────────────────────────────────────────────
# Store all project secrets here so formulas reference env vars, never hardcode.
BASE_RPC_URL= # [SECRET] on-chain RPC endpoint
# ── Tuning ────────────────────────────────────────────────────────────────
CLAUDE_TIMEOUT=7200 # [CONFIG] max seconds per Claude invocation
# ── Executive Assistant ──────────────────────────────────────────────────
# The compass is the exec agent's core identity — it lives outside the repo
# so the factory cannot modify it. The agent refuses to start without it.
# See exec/COMPASS.md.example for the template.
EXEC_COMPASS= # [CONFIG] path to compass file (e.g. /home/user/.disinto/compass.md)
Reference in a new issue View git blame Copy permalink