-
Notifications
You must be signed in to change notification settings - Fork 8
Expand file tree
/
Copy path.env.example
More file actions
33 lines (29 loc) · 1.34 KB
/
.env.example
File metadata and controls
33 lines (29 loc) · 1.34 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
# Auth.js v5 (multi-tenant GitHub App OAuth)
AUTH_SECRET= # openssl rand -base64 32
AUTH_GITHUB_ID= # GitHub App client id
AUTH_GITHUB_SECRET= # GitHub App client secret
AUTH_TRUST_HOST=true # required when ACA is behind a proxy
# Per-user abuse controls (P9)
# AUDIT_SALT used to hash user IDs in audit logs. Required in every
# environment — `openssl rand -hex 32`.
AUDIT_SALT=
# Sliding-window per-user rate limits (requests per minute) and concurrent-session caps.
# Defaults match the in-code values; override to tighten without a redeploy.
# RATE_LIMIT_FOCUS_PER_MIN=10
# RATE_LIMIT_FOCUS_CAP=3
# RATE_LIMIT_CHAT_PER_MIN=30
# RATE_LIMIT_CHAT_CAP=3
# RATE_LIMIT_EVAL_PER_MIN=20
# RATE_LIMIT_EVAL_CAP=2
# RATE_LIMIT_SUGGESTIONS_PER_MIN=20
# RATE_LIMIT_SUGGESTIONS_CAP=2
# Copilot worker boundary (required for AI chat routes).
# Public /api/copilot fails fast when COPILOT_WORKER_URL is unset.
# COPILOT_WORKER_URL=http://localhost:3001
# COPILOT_WORKER_SECRET=local-dev-worker-secret
# COPILOT_WORKER_TIMEOUT_MS=120000
# Copilot entitlement gating (P5)
# AI routes always return 402 `copilot_required` for users whose GitHub
# token has no Copilot subscription. The UI surfaces a "Get Copilot"
# banner. The Copilot SDK is the only AI route — the legacy GitHub
# Models REST fallback has been removed (H2).