docs: add environment variables documentation

[lalalune]

Reopened from #6377 (was merged then rolled back)

Made with Cursor

Greptile Overview

Greptile Summary

Added new documentation file explaining two server environment variables: ELIZA_SERVER_AUTH_TOKEN for API authentication and ELIZA_UI_ENABLE for web UI control. The documentation includes:

• Clear explanations of each variable's purpose and default behavior
• Security implications when variables are set or unset
• Usage examples for different deployment scenarios (production, development, headless)
• References to related configuration files

Issue found:

• Incorrect file path reference for authentication middleware (line 77)

Confidence Score: 4/5

• Safe to merge with minor correction needed
• Documentation is well-structured and accurate except for one incorrect file path reference. Content correctly describes the behavior of both environment variables based on the actual implementation.
• Fix the file path reference in docs/environment-variables.md line 77

Important Files Changed

Filename	Overview
docs/environment-variables.md	Added comprehensive documentation for ELIZA_SERVER_AUTH_TOKEN and ELIZA_UI_ENABLE with examples; one incorrect file path reference

Sequence Diagram

sequenceDiagram
    participant Dev as Developer
    participant Doc as environment-variables.md
    participant Env as .env.example
    participant Middleware as API Key Middleware
    participant Config as Config Utils
    
    Dev->>Doc: Reads documentation
    Note over Doc: Explains ELIZA_SERVER_AUTH_TOKEN<br/>and ELIZA_UI_ENABLE variables
    
    Doc->>Env: References template
    Dev->>Env: Sets configuration
    
    alt API Authentication Flow
        Env->>Middleware: AUTH_TOKEN configured
        Note over Middleware: Validates X-API-KEY header<br/>Returns 401 if invalid
    else No Auth Flow
        Env->>Middleware: AUTH_TOKEN not set
        Note over Middleware: Skips validation<br/>Allows all requests
    end
    
    alt UI Toggle Flow
        Env->>Config: UI_ENABLE set to true/false
        Config->>Dev: Force enable or disable UI
    else Automatic UI Flow
        Env->>Config: UI_ENABLE not set
        Config->>Dev: Enable in dev, disable in prod
    end

Loading

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

• 🔍 Trigger a full review

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch docs/add-env-vars-documentation

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[claude]

Claude finished @lalalune's task in 44s —— View job

---

Review Summary

• Gather context and read PR changes
• Review documentation content
• Check for issues and provide feedback

---

Overall: Good documentation for key security environment variables ✅

Check	Status
Security	✅ No issues
Breaking changes	✅ N/A (docs only)
Tests required	⚠️ N/A (docs only)
Accuracy	⚠️ One file path correction needed

Findings

⚠️ IMPORTANT: Incorrect file reference at line 77

• Documentation references packages/server/src/authMiddleware.ts
• Actual file is packages/server/src/middleware/api-key.ts
• Inline comment added with suggested fix

Positives

• Clear, well-structured documentation
• Accurate description of ELIZA_SERVER_AUTH_TOKEN behavior (verified against api-key.ts)
• Accurate description of ELIZA_UI_ENABLE behavior
• Consistent with .env.example documentation
• Helpful example configurations for different deployment scenarios

---

[claude]

⚠️ IMPORTANT: Incorrect file path

The authentication middleware is at packages/server/src/middleware/api-key.ts, not packages/server/src/authMiddleware.ts.

Suggested change

	- **Authentication**: `packages/server/src/authMiddleware.ts` - API key validation logic
	- **Authentication**: `packages/server/src/middleware/api-key.ts` - API key validation logic

[greptile-apps]

_{1 file reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

incorrect file path - should be packages/server/src/middleware/api-key.ts

Suggested change

	- **Authentication**: `packages/server/src/authMiddleware.ts` - API key validation logic
	- **Authentication**: `packages/server/src/middleware/api-key.ts` - API key validation logic