-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.security.example
More file actions
68 lines (56 loc) · 2.55 KB
/
.env.security.example
File metadata and controls
68 lines (56 loc) · 2.55 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
# =========================================
# Autoresearch Security-First .env Template
# =========================================
# 1) Copy this file to .env.local (do not commit .env.local)
# 2) Replace ALL values marked with <...>
# 3) Choose one access mode:
# - Scheme A: Tailscale Private Mesh
# - Scheme B: Cloudflare Tunnel + Telegram Mini App
# --- Core API ---
# Scheme A (Tailscale): set to your Tailscale IP (100.x.y.z) OR keep 127.0.0.1
# Scheme B (Cloudflare Tunnel): keep 127.0.0.1 only
AUTORESEARCH_API_HOST=127.0.0.1
AUTORESEARCH_API_PORT=8000
AUTORESEARCH_API_ALLOW_UNSAFE_BIND=false
AUTORESEARCH_API_DB_PATH=<ABSOLUTE_PATH_TO_REPO>/artifacts/api/evaluations.sqlite3
# --- Telegram Webhook Security ---
# Telegram webhook header x-telegram-bot-api-secret-token must match this value.
AUTORESEARCH_TELEGRAM_SECRET_TOKEN=<RANDOM_32_PLUS_CHARS_SECRET>
# Telegram bot token used for operational push notifications.
AUTORESEARCH_TELEGRAM_BOT_TOKEN=<TELEGRAM_BOT_TOKEN>
# Only these Telegram UIDs can receive/verify panel magic links.
# Multiple UIDs: comma separated, e.g. 9527,10086
AUTORESEARCH_TELEGRAM_ALLOWED_UIDS=<YOUR_TELEGRAM_UID>
# --- Panel Magic Link (JWT) ---
AUTORESEARCH_PANEL_JWT_SECRET=<RANDOM_64_PLUS_CHARS_SECRET>
AUTORESEARCH_PANEL_JWT_ISSUER=autoresearch.telegram
AUTORESEARCH_PANEL_JWT_AUDIENCE=autoresearch.panel
# Magic link lifetime in seconds.
AUTORESEARCH_PANEL_MAGIC_LINK_TTL_SECONDS=300
AUTORESEARCH_PANEL_MAGIC_LINK_MAX_TTL_SECONDS=3600
# IMPORTANT:
# Scheme A example: http://100.88.1.9:8000/api/v1/panel/view
# Scheme B example: https://panel-private.example.com/api/v1/panel/view
AUTORESEARCH_PANEL_BASE_URL=http://<PRIVATE_ENTRY_HOST>:8000/api/v1/panel/view
# Telegram Mini App initData validation (for Scheme B fallback, optional for Scheme A)
AUTORESEARCH_PANEL_TELEGRAM_INITDATA_MAX_AGE_SECONDS=900
# --- Telegram Notify ---
AUTORESEARCH_TELEGRAM_NOTIFY_TIMEOUT_SECONDS=10
# --- Agent Runtime ---
AUTORESEARCH_CLAUDE_COMMAND=claude
AUTORESEARCH_AGENT_MAX_CONCURRENCY=20
AUTORESEARCH_AGENT_MAX_DEPTH=3
# Telegram-triggered agent behavior
AUTORESEARCH_TELEGRAM_AGENT_NAME=
AUTORESEARCH_TELEGRAM_GENERATION_DEPTH=1
AUTORESEARCH_TELEGRAM_TIMEOUT_SECONDS=900
AUTORESEARCH_TELEGRAM_WORK_DIR=
AUTORESEARCH_TELEGRAM_CLAUDE_ARGS=
AUTORESEARCH_TELEGRAM_CLAUDE_COMMAND_OVERRIDE=
AUTORESEARCH_TELEGRAM_APPEND_PROMPT=true
# --- Optional Tool Sandbox ---
AUTORESEARCH_TOOL_SANDBOX_BACKEND=docker
AUTORESEARCH_TOOL_SANDBOX_IMAGE=python:3.12-alpine
AUTORESEARCH_TOOL_SANDBOX_CPUS=1.0
AUTORESEARCH_TOOL_SANDBOX_MEMORY=512m
AUTORESEARCH_TOOL_SANDBOX_PIDS_LIMIT=128