-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
100 lines (91 loc) · 5.88 KB
/
Copy path.env.example
File metadata and controls
100 lines (91 loc) · 5.88 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
# ════════════════════════════════════════════════════════════════════════════════
# Copy this file to `.env` and edit. Everything has a sensible default — you only
# NEED to set a few keys depending on how you deploy:
#
# • Local / intranet (docker-compose.yml): nothing required. Optionally set a
# strong POSTGRES_PASSWORD, or switch to SQLite (see DATABASE_URL below).
#
# • HTTPS / public (docker-compose.traefik.yml): just these two —
# DOMAIN=agentflow.example.com
# SSL_EMAIL=you@example.com
# Traefik derives PUBLIC_BASE_URL / COOKIE_SECURE / CORS from DOMAIN for you.
# For production also set SECRET_KEY (stable logins) + POSTGRES_PASSWORD.
#
# • Behind your OWN reverse proxy (Nginx/Caddy, not Traefik): set
# PUBLIC_BASE_URL=https://your.domain and COOKIE_SECURE=true
# ════════════════════════════════════════════════════════════════════════════════
# ── App ────────────────────────────────────────────────────────────────────────
APP_ENV=production
APP_PORT=8000
# Comma-separated list, or "*" to allow any origin (handy for dev / internal
# tools accessed from multiple hosts). For production with cookie auth,
# list the exact origins instead.
# examples:
# CORS_ORIGINS=*
# CORS_ORIGINS=http://localhost:3000,http://192.168.1.5:8000,https://app.example.com
CORS_ORIGINS=*
# ── HTTPS / public URL ─────────────────────────────────────────────────────────
# Used by docker-compose.traefik.yml for the Let's Encrypt cert + routing.
DOMAIN=agentflow.example.com
SSL_EMAIL=you@example.com
#
# Public base URL of the deployment. REQUIRED behind a reverse proxy / for HTTPS —
# it builds absolute callback URLs (notably the MCP OAuth redirect_uri). Without
# it, OAuth providers reject the http/internal URL during client registration.
# (docker-compose.traefik.yml sets this automatically from DOMAIN.)
# example: PUBLIC_BASE_URL=https://agentflow.example.com
PUBLIC_BASE_URL=
# ── Auth ───────────────────────────────────────────────────────────────────────
# The whole management UI/API sits behind an admin login (create the account on
# first visit). External callers of POST /api/executions/run use issued API keys.
#
# SECRET_KEY signs admin session cookies. If unset, a random key is generated and
# persisted to data/.secret_key (survives restart via the data volume). Set it
# explicitly when running multiple replicas so they share one signing key.
SECRET_KEY=
# How long a login stays valid (hours).
SESSION_TTL_HOURS=168
# Set true when serving over HTTPS so the session cookie is marked Secure.
# (docker-compose.traefik.yml sets this to true automatically.)
COOKIE_SECURE=false
# ── Database ───────────────────────────────────────────────────────────────────
# Postgres (default in docker-compose):
DATABASE_URL=postgresql+psycopg2://agentflow:agentflow@postgres:5432/agentflow
# Or run with the bundled sqlite file (no postgres container needed):
# DATABASE_URL=sqlite:////app/backend/data/agentflow.db
# ── Postgres container (only used when DATABASE_URL points at it) ─────────────
POSTGRES_USER=agentflow
POSTGRES_PASSWORD=agentflow
POSTGRES_DB=agentflow
POSTGRES_PORT=5432
# ── Execution resource limits (POSIX only; no-op on Windows) ───────────────────
# Defensive rlimits applied to every user-script subprocess so a runaway script
# can't take down the host. Sensible defaults — you rarely need to touch these.
#
# Address-space (memory) cap per run, in MiB. 0 disables. Default 4096. Raise it
# if a script legitimately needs more RAM (e.g. loading a local model); lower it
# to pack more concurrent runs onto a small box.
AGENTFLOW_RUN_MEM_MB=4096
# Max size (MiB) of any single file a script may write. 0 = unlimited (default),
# since data-processing scripts can legitimately emit large outputs. Set e.g.
# 1024 to guard against a runaway write filling the disk.
AGENTFLOW_RUN_FSIZE_MB=0
# Max number of processes — 0 = unlimited (default). NOTE: RLIMIT_NPROC is
# per-UID (it counts the whole backend's processes, not just this child), so
# only enable it if you understand that; a too-low value can break unrelated
# processes on a busy instance.
AGENTFLOW_RUN_NPROC=0
# Filesystem jail (bubblewrap). "auto" (default) runs each user script in a
# mount+pid namespace that can see ONLY system dirs (read-only), the agentflow
# SDK, and the script's own folder — so it can't read data/.secret_key, the DB,
# or another script's files. Network + the script's own secrets keep working.
# The Docker image ships bwrap; auto no-ops where bwrap is absent or the kernel
# blocks unprivileged namespaces (a run is never failed just because bwrap can't
# start). Set to "off" to disable (rlimits above still apply).
AGENTFLOW_SANDBOX=auto
# Optional: comma-separated absolute paths a jailed script may additionally read
# (RO) or read-write (RW) — e.g. a shared data mount outside its own dir.
# AGENTFLOW_SANDBOX_RO_BINDS=/mnt/shared,/opt/models
# AGENTFLOW_SANDBOX_RW_BINDS=/mnt/output
AGENTFLOW_SANDBOX_RO_BINDS=
AGENTFLOW_SANDBOX_RW_BINDS=