-
Notifications
You must be signed in to change notification settings - Fork 560
Expand file tree
/
Copy path.env.example
More file actions
149 lines (128 loc) · 9.37 KB
/
.env.example
File metadata and controls
149 lines (128 loc) · 9.37 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
# ═══════════════════════════════════════════════════════════════════════════════
# Mission Control — Environment Variables
# ═══════════════════════════════════════════════════════════════════════════════
# Copy to .env and adjust for your deployment mode.
# === Server Port ===
# PORT=3000
# ═══════════════════════════════════════════════════════════════════════════════
# Authentication
# ═══════════════════════════════════════════════════════════════════════════════
# On first run, visit http://localhost:3000/setup to create your admin account.
# Alternatively, set AUTH_USER/AUTH_PASS to seed an admin from env (useful for CI/automation).
# AUTH_USER=admin
# AUTH_PASS=your-strong-password-here
# If your password includes "#", use base64: AUTH_PASS_B64=<base64-encoded-password>
# API key for headless/external access (x-api-key header)
# Auto-generated on first run if not set. Persisted to .data/.auto-generated.
# API_KEY=
# Auto-generated on first run if not set. Persisted to .data/.auto-generated.
# AUTH_SECRET=
MC_COOKIE_SECURE=
MC_COOKIE_SAMESITE=strict
# Network access control (production: blocked unless host is explicitly allowed)
# Patterns: exact "app.example.com", subdomain "*.example.com", prefix "100.*"
MC_ALLOW_ANY_HOST=
MC_ALLOWED_HOSTS=localhost,127.0.0.1
# Trusted reverse proxy / header authentication
# MC_PROXY_AUTH_HEADER=X-User-Email
# MC_PROXY_AUTH_DEFAULT_ROLE=viewer
# Google OAuth (optional)
GOOGLE_CLIENT_ID=
NEXT_PUBLIC_GOOGLE_CLIENT_ID=
# ═══════════════════════════════════════════════════════════════════════════════
# OpenClaw Gateway — Deployment Modes
# ═══════════════════════════════════════════════════════════════════════════════
#
# There are TWO sets of gateway variables:
#
# 1. OPENCLAW_GATEWAY_* — Server-side. MC backend uses these to reach the gateway.
# 2. NEXT_PUBLIC_GATEWAY_* — Browser-side. The user's browser uses these for WebSocket.
#
# For local development, both point to the same machine (127.0.0.1).
# For Docker or remote servers, they will differ.
# ─── Local Development ────────────────────────────────────────────────────────
# Both MC and gateway run on the same machine. No special config needed.
OPENCLAW_GATEWAY_HOST=127.0.0.1
OPENCLAW_GATEWAY_PORT=18789
# OPENCLAW_GATEWAY_TOKEN=
NEXT_PUBLIC_GATEWAY_HOST=
NEXT_PUBLIC_GATEWAY_PORT=18789
# ─── Docker ───────────────────────────────────────────────────────────────────
# MC runs in a container; gateway runs on the Docker host.
#
# Server-side: use host.docker.internal (auto-mapped to the host IP).
# OPENCLAW_GATEWAY_HOST=host.docker.internal
# OPENCLAW_GATEWAY_PORT=18789
#
# Browser-side: leave NEXT_PUBLIC_GATEWAY_HOST empty — MC auto-detects the
# browser's hostname (the IP/domain you use to access the dashboard).
# Only set this if the gateway is on a different host than the dashboard.
# NEXT_PUBLIC_GATEWAY_HOST=
# NEXT_PUBLIC_GATEWAY_PORT=18789
#
# If your gateway runs in another container on the same Docker network:
# OPENCLAW_GATEWAY_HOST=<gateway-container-name>
# ─── Server / VPS ─────────────────────────────────────────────────────────────
# MC and gateway run on a remote server.
#
# Server-side: gateway is on localhost (same machine) or a private IP.
# OPENCLAW_GATEWAY_HOST=127.0.0.1
#
# Browser-side: must be the public hostname your browser can reach.
# If behind a reverse proxy (nginx/caddy) that proxies WebSocket on /gw:
# NEXT_PUBLIC_GATEWAY_URL=wss://yourdomain.com/gw
# If gateway port is directly exposed:
# NEXT_PUBLIC_GATEWAY_HOST=yourdomain.com
# NEXT_PUBLIC_GATEWAY_PORT=18789
# ─── Standalone (no gateway) ──────────────────────────────────────────────────
# Run Mission Control without an OpenClaw gateway.
# Core CRUD features work; live gateway events do not.
# NEXT_PUBLIC_GATEWAY_OPTIONAL=true
# ═══════════════════════════════════════════════════════════════════════════════
# OpenClaw Integration
# ═══════════════════════════════════════════════════════════════════════════════
OPENCLAW_HOME=
# OPENCLAW_CONFIG_PATH=
OPENCLAW_TOOLS_PROFILE=coding
NEXT_PUBLIC_GATEWAY_PROTOCOL=
NEXT_PUBLIC_GATEWAY_URL=
# Do not expose gateway tokens via NEXT_PUBLIC_* variables.
NEXT_PUBLIC_GATEWAY_CLIENT_ID=openclaw-control-ui
MC_DEFAULT_GATEWAY_NAME=primary
MC_COORDINATOR_AGENT=coordinator
NEXT_PUBLIC_COORDINATOR_AGENT=coordinator
# ═══════════════════════════════════════════════════════════════════════════════
# Data Paths (all optional, defaults to .data/ in project root)
# ═══════════════════════════════════════════════════════════════════════════════
# MISSION_CONTROL_DATA_DIR=.data
# MISSION_CONTROL_DB_PATH=.data/mission-control.db
# MISSION_CONTROL_TOKENS_PATH=.data/mission-control-tokens.json
# ═══════════════════════════════════════════════════════════════════════════════
# OpenClaw Paths (derived from OPENCLAW_HOME if not set)
# ═══════════════════════════════════════════════════════════════════════════════
# OPENCLAW_LOG_DIR=/path/to/.openclaw/logs
# OPENCLAW_MEMORY_DIR=/path/to/.openclaw/memory
# NOTE: Agent memory lives in each agent's workspace (e.g. ~/clawd-agents/{agent}/memory/).
# OPENCLAW_MEMORY_DIR=/home/you/clawd-agents
# OPENCLAW_SOUL_TEMPLATES_DIR=/path/to/.openclaw/templates/souls
# OPENCLAW_BIN=openclaw
# ═══════════════════════════════════════════════════════════════════════════════
# 1Password Integration (optional)
# ═══════════════════════════════════════════════════════════════════════════════
OP_VAULT_NAME=default
# ═══════════════════════════════════════════════════════════════════════════════
# Super Admin / Provisioning (optional)
# ═══════════════════════════════════════════════════════════════════════════════
# MISSION_CONTROL_REPO_ROOT=/path/to/mission-control
# MC_SUPER_TEMPLATE_OPENCLAW_JSON=/path/to/openclaw.json
# MC_TENANT_HOME_ROOT=/home
# MC_TENANT_WORKSPACE_DIRNAME=workspace
# ═══════════════════════════════════════════════════════════════════════════════
# Data Retention (days, 0 = keep forever)
# ═══════════════════════════════════════════════════════════════════════════════
# MC_RETAIN_ACTIVITIES_DAYS=90
# MC_RETAIN_AUDIT_DAYS=365
# MC_RETAIN_LOGS_DAYS=30
# MC_RETAIN_NOTIFICATIONS_DAYS=60
# MC_RETAIN_PIPELINE_RUNS_DAYS=90
# MC_RETAIN_TOKEN_USAGE_DAYS=90