env.example

# ── Authentication ────────────────────────────────────────────────────────────
#
# Two auth modes are supported. Set GITHUB_TOKEN for PAT mode, or set the
# OAuth credentials below for OAuth mode. PAT mode takes precedence when both
# are present.

# ── PAT mode (shared token — all users share one GitHub access token) ─────────
# Classic PAT (ghp_…). Required scope: repo
# Add read:org when GITHUB_ORG is set. read:user is NOT required.
# When set, GITHUB_CLIENT_ID/SECRET are ignored.
GITHUB_TOKEN=

# Optional: protect the UI with an app-level password.
# When set, users must enter this password before accessing the dashboard.
# When not set, the dashboard is open to anyone who can reach the server.
# Requires SESSION_SECRET when set.
APP_PASSWORD=

# ── OAuth mode (per-user GitHub accounts) ─────────────────────────────────────
# GitHub OAuth App credentials (create at github.com/settings/developers)
GITHUB_CLIENT_ID=your_oauth_app_client_id
GITHUB_CLIENT_SECRET=your_oauth_app_client_secret

# Session signing secret — minimum 32 characters, random (openssl rand -base64 32)
# Required in OAuth mode and in PAT+password mode.
SESSION_SECRET=your-minimum-32-character-random-secret-here

PORT=8080
NODE_ENV=production

# debug | info | warn | error
LOG_LEVEL=info
VITE_LOG_LEVEL=warn

# Set to "true" when serving over HTTPS — enables the Secure flag on session cookies.
# Leave false for HTTP (local Docker, plain HTTP deployments).
COOKIE_SECURE=false

# URL of the web frontend — used for CORS and the post-login redirect.
# Must match where the React app is served. The OAuth callback redirects here
# so the session cookie is set as first-party for the frontend origin.
FRONTEND_URL=http://localhost:5174

# ----

# Limit which repositories are shown. If neither is set, all user repos appear.

# Show only repositories in this organization (e.g. my-company)
GITHUB_ORG=

# Show only these specific repos, comma-separated owner/repo pairs.
# Takes precedence over GITHUB_ORG when both are set.
# e.g. my-company/api,my-company/web,my-company/infra
GITHUB_REPOS=

# ----

# Workflows to highlight in the "Workflow Health" section at the top of the dashboard.
# Comma-separated workflow names (case-insensitive). When set, the section shows the
# latest run for each matching workflow across all displayed repositories.
# When not set, or when no matching runs exist in any repo, the section is hidden.
# e.g. publish,security-scan,deploy
WATCH_WORKFLOWS=

# ----

# In-memory LRU cache max size in MB
CACHE_MAX_SIZE_MB=128

# Max password attempts per IP within a 15-minute window before the endpoint locks (HTTP 429).
# Combined with a 500ms artificial delay per wrong attempt. Default: 10.
# Lower values (e.g. 5) are stricter; raise only if users frequently fat-finger their password.
PAT_LOGIN_MAX_ATTEMPTS=10

# ---- Corporate HTTP Proxy (optional)
# If outbound HTTPS to api.github.com requires an HTTP proxy.
# The server uses these at runtime for all outbound GitHub API calls
# (via EnvHttpProxyAgent — see packages/server/src/lib/certs.ts).

# e.g. http://proxy.corp.example.com:8080
HTTPS_PROXY=
HTTP_PROXY=
NO_PROXY=localhost,127.0.0.1

# ----

# Set to "true" only when the server runs behind a trusted reverse proxy
# (e.g. nginx, Traefik, Caddy) that strips and re-sets X-Forwarded-For.
# When unset (default), the direct TCP connection address is used for rate limiting
# so clients cannot spoof their IP via the X-Forwarded-For header.
TRUST_PROXY=

# GitHub OAuth scopes to request. Leave blank to use the built-in default
# (read:user,user:email,read:org,repo), which covers private repos.
# Only set this to override — e.g. for public-repo-only installations:
#   GITHUB_SCOPE=read:user,user:email,read:org,public_repo
GITHUB_SCOPE=