johba/disinto
1
0
Fork 0
Code Issues 4 Pull requests Projects Releases Packages Wiki Activity Actions
disinto/.env.example
openhands 89628e50e2 fix: Per-agent Forgejo accounts — identity and permissions via authorship (#747) 
Each agent now gets its own Forgejo account (dev-bot, review-bot,
planner-bot, gardener-bot, vault-bot, supervisor-bot, predictor-bot,
action-bot) with a dedicated API token. This enables:

- Audit trail: every forge action attributable to a specific agent
- Permission boundaries: agents act under their own identity
- Vault authorization model: vault-bot comments = proof of approval

Changes:
- bin/disinto: setup_forge() creates all 8 bot accounts during init,
  stores per-agent tokens (FORGE_*_TOKEN) in .env, adds all bots as
  repo collaborators
- lib/env.sh: exports per-agent token vars with fallback to FORGE_TOKEN
  for backwards compat; sets FORGE_BOT_USERNAMES default to all 8 bots
- Agent scripts: each agent overrides FORGE_TOKEN with its per-agent
  token after sourcing env.sh (gardener, planner, supervisor, predictor,
  vault, action)
- .env.example: documents all per-agent token fields

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-26 16:16:13 +00:00

62 lines
4.5 KiB
Text
Raw Blame History

# Disinto — Environment Configuration
# Copy to .env and fill in your values.
# NEVER commit .env to the repo.
#
# With SOPS + age installed, `disinto init` encrypts secrets into .env.enc
# and removes plaintext .env. To migrate an existing .env: `disinto secrets migrate`
#
# Variables marked [SECRET] are credentials that grant access if leaked.
# Variables marked [CONFIG] are non-sensitive and safe in plaintext.
# ── Per-project config ────────────────────────────────────────────────────
# Project-specific settings (FORGE_REPO, PROJECT_REPO_ROOT, PRIMARY_BRANCH,
# WOODPECKER_REPO_ID) now live in projects/*.toml — see projects/harb.toml
# for an example. Do NOT set them here; they leak into every session.
# ── Forge (Forgejo) ─────────────────────────────────────────────────────
FORGE_URL=http://localhost:3000 # [CONFIG] local Forgejo instance
# ── Auth tokens ───────────────────────────────────────────────────────────
# Each agent has its own Forgejo account and API token (#747).
# Per-agent tokens fall back to FORGE_TOKEN if not set.
FORGE_TOKEN= # [SECRET] dev-bot API token (default for all agents)
FORGE_REVIEW_TOKEN= # [SECRET] review-bot API token
FORGE_PLANNER_TOKEN= # [SECRET] planner-bot API token
FORGE_GARDENER_TOKEN= # [SECRET] gardener-bot API token
FORGE_VAULT_TOKEN= # [SECRET] vault-bot API token
FORGE_SUPERVISOR_TOKEN= # [SECRET] supervisor-bot API token
FORGE_PREDICTOR_TOKEN= # [SECRET] predictor-bot API token
FORGE_ACTION_TOKEN= # [SECRET] action-bot API token
FORGE_BOT_USERNAMES=dev-bot,review-bot,planner-bot,gardener-bot,vault-bot,supervisor-bot,predictor-bot,action-bot
# ── Backwards compatibility ───────────────────────────────────────────────
# If CODEBERG_TOKEN is set but FORGE_TOKEN is not, env.sh falls back to
# CODEBERG_TOKEN automatically (same for REVIEW_BOT_TOKEN, CODEBERG_REPO,
# CODEBERG_BOT_USERNAMES). No action needed for existing deployments.
# Per-agent tokens default to FORGE_TOKEN when unset (single-token setups).
# ── Woodpecker CI ─────────────────────────────────────────────────────────
WOODPECKER_TOKEN= # [SECRET] Woodpecker API token
WOODPECKER_SERVER=http://localhost:8000 # [CONFIG] Woodpecker server URL
WOODPECKER_AGENT_SECRET= # [SECRET] shared secret for server↔agent auth (auto-generated)
# WOODPECKER_REPO_ID — now per-project, set in projects/*.toml [ci] section
# Woodpecker Postgres (for direct DB queries)
WOODPECKER_DB_PASSWORD= # [SECRET] Postgres password
WOODPECKER_DB_USER=woodpecker # [CONFIG] Postgres user
WOODPECKER_DB_HOST=127.0.0.1 # [CONFIG] Postgres host
WOODPECKER_DB_NAME=woodpecker # [CONFIG] Postgres database name
# ── Project-specific secrets ──────────────────────────────────────────────
# Store all project secrets here so formulas reference env vars, never hardcode.
BASE_RPC_URL= # [SECRET] on-chain RPC endpoint
# ── Tuning ────────────────────────────────────────────────────────────────
CLAUDE_TIMEOUT=7200 # [CONFIG] max seconds per Claude invocation
# ── Factory safety ────────────────────────────────────────────────────────
# Disables Claude Code auto-updater, telemetry, error reporting, and bug
# command. Factory sessions are production processes — they must never phone
# home or auto-update mid-session. Added after #725 (crash during red-team run).
CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC=1 # [CONFIG] suppress all non-essential traffic
Reference in a new issue View git blame Copy permalink