199 lines
9.2 KiB
Bash
199 lines
9.2 KiB
Bash
# =============================================================================
|
|
# roboomp environment
|
|
# =============================================================================
|
|
#
|
|
# This file is read in two distinct ways and you MUST keep that in mind when
|
|
# filling it in:
|
|
#
|
|
# 1. `docker compose` interpolates `${VAR}` references in docker-compose.yml.
|
|
# The compose file uses per-service explicit `environment:` allowlists
|
|
# (NO `env_file:`), so only the keys listed in each service's block flow
|
|
# into the corresponding container — never the whole .env.
|
|
#
|
|
# 2. The Python `Settings` loader (`src/config.py`) also reads `.env`
|
|
# for any local CLI invocation (e.g. `python -m robomp.cli triage …`
|
|
# running on the host outside docker). `_validate_proxy_or_pat` fails
|
|
# fast if BOTH a PAT and `ROBOMP_GH_PROXY_URL` are configured, so the
|
|
# two modes below are mutually exclusive.
|
|
#
|
|
# Pick ONE of the two mode blocks below; leave the other fully commented out.
|
|
# Variables under "### shared ###" apply in either mode.
|
|
|
|
|
|
# =============================================================================
|
|
# ### shared ### — required regardless of mode
|
|
# =============================================================================
|
|
|
|
# Shared HMAC secret used to verify webhook signatures. Must match the secret
|
|
# configured in the GitHub webhook UI / settings.
|
|
GITHUB_WEBHOOK_SECRET=
|
|
|
|
# GitHub login handle for the bot account whose PAT is in GITHUB_TOKEN (or
|
|
# whichever account the gh-proxy authenticates as). Prefer the lowercase bare
|
|
# mention handle (`roboomp`, not `@roboomp` or `roboomp[bot]`); startup
|
|
# normalizes common forms, including uppercase and surrounding whitespace.
|
|
ROBOMP_BOT_LOGIN=
|
|
|
|
# Commit identity for branches the bot pushes. The email is what reviewers and
|
|
# GitHub will display next to the commit; pick one that matches how you want
|
|
# bot-authored commits to appear (a no-reply alias, a real address, etc.).
|
|
# `gh_push_branch` refuses to push unless every commit on the workspace branch
|
|
# carries this exact name + email.
|
|
ROBOMP_GIT_AUTHOR_NAME=
|
|
ROBOMP_GIT_AUTHOR_EMAIL=
|
|
|
|
# Comma-separated owner/repo entries the bot is allowed to act on.
|
|
ROBOMP_REPO_ALLOWLIST=
|
|
|
|
# Optional comma-separated GitHub logins whose @ROBOMP_BOT_LOGIN comments may
|
|
# authorize implementation work in addition to repo OWNER. Prefer lowercase
|
|
# bare logins; startup ignores leading `@`, case, whitespace, and `[bot]`.
|
|
ROBOMP_MAINTAINER_LOGINS=
|
|
|
|
|
|
# =============================================================================
|
|
# ### gh-proxy mode (RECOMMENDED, default in docker compose) ###
|
|
#
|
|
# The orchestrator NEVER holds the PAT; it talks to the sibling gh-proxy
|
|
# container over an internal-only docker network, authenticated with a
|
|
# shared HMAC key. Fill in BOTH variables below and leave the PAT mode
|
|
# block fully commented out.
|
|
# =============================================================================
|
|
|
|
# Shared HMAC secret the orchestrator uses to authenticate every request to
|
|
# gh-proxy. The two containers MUST agree on this value. The proxy refuses
|
|
# any unsigned request; the orchestrator refuses to start without it.
|
|
# Generate with: openssl rand -hex 32
|
|
ROBOMP_GH_PROXY_HMAC_KEY=
|
|
|
|
# URL the orchestrator uses to reach gh-proxy. The default below matches the
|
|
# service name + port in docker-compose.yml; override only for local
|
|
# development outside compose (e.g. `http://127.0.0.1:8081`).
|
|
ROBOMP_GH_PROXY_URL=http://gh-proxy:8081
|
|
|
|
# PAT with `repo` (push, comment, PR) scope. A fine-grained token scoped to
|
|
# the allowlisted repos is recommended; a classic PAT also works.
|
|
#
|
|
# In gh-proxy mode this value lives ONLY in the gh-proxy container's
|
|
# environment (compose interpolates it into gh-proxy's allowlist only).
|
|
# Settings refuses to construct an orchestrator config that sees both
|
|
# GITHUB_TOKEN and ROBOMP_GH_PROXY_URL, so when running orchestrator code
|
|
# directly on the host (CLI, tests) you MUST keep GITHUB_TOKEN unset.
|
|
GITHUB_TOKEN=
|
|
|
|
|
|
# =============================================================================
|
|
# ### PAT mode (single-process, no sidecar) ###
|
|
#
|
|
# Drop the gh-proxy entirely and let the orchestrator hold the PAT directly.
|
|
# To use this mode: uncomment GITHUB_TOKEN below, leave ROBOMP_GH_PROXY_URL
|
|
# and ROBOMP_GH_PROXY_HMAC_KEY UNSET (above), and run the orchestrator
|
|
# outside of the bundled docker-compose (which is wired for proxy mode).
|
|
# =============================================================================
|
|
|
|
# GITHUB_TOKEN=ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
|
|
|
|
|
# =============================================================================
|
|
# --- Model selection ---
|
|
# =============================================================================
|
|
# Either a single model id or a comma-separated pool — roboomp picks one
|
|
# uniformly at random per task. Use the `<provider>/<model>` form that matches
|
|
# your ~/.omp/agent/models.container.yml (which is mounted into the container as models.yml).
|
|
ROBOMP_MODEL=anthropic/claude-sonnet-4-6
|
|
# off|low|medium|high
|
|
ROBOMP_THINKING=high
|
|
# Optional provider override (passed to `omp --provider`).
|
|
# ROBOMP_PROVIDER=
|
|
|
|
|
|
# =============================================================================
|
|
# --- Runtime ---
|
|
# =============================================================================
|
|
ROBOMP_MAX_CONCURRENCY=8
|
|
ROBOMP_TASK_TIMEOUT_SECONDS=2400
|
|
ROBOMP_TASK_TIMEOUT_HARD_GRACE_SECONDS=60
|
|
ROBOMP_REQUEST_TIMEOUT_SECONDS=120
|
|
|
|
|
|
# =============================================================================
|
|
# --- PR review / vouch gate ---
|
|
# =============================================================================
|
|
# robomp reviews incoming contributor PRs. When PRs are gated by the vouch
|
|
# GitHub Action (.github/workflows/vouch-pr.yml), set the trigger to
|
|
# `vouched_label` so robomp reviews ONLY the PRs the gate let through (the
|
|
# workflow labels survivors with ROBOMP_VOUCH_REVIEW_LABEL) instead of racing
|
|
# the gate on PR open. Set ROBOMP_PR_REVIEW_ENABLED=false to disable robomp PR
|
|
# review entirely.
|
|
ROBOMP_PR_REVIEW_ENABLED=true
|
|
# open | vouched_label
|
|
ROBOMP_PR_REVIEW_TRIGGER=open
|
|
ROBOMP_VOUCH_REVIEW_LABEL=vouched
|
|
# In vouched_label mode only `labeled` events from this actor trigger review,
|
|
# so a manual triage/maintainer label cannot bypass the gate. Default matches
|
|
# the stock GITHUB_TOKEN actor; set to your App's bot login if the vouch
|
|
# workflow labels via a GitHub App token.
|
|
ROBOMP_VOUCH_REVIEW_LABELER=github-actions[bot]
|
|
|
|
|
|
# =============================================================================
|
|
# --- Per-submitter rate limiting ---
|
|
# =============================================================================
|
|
# Rolling window plus per-tier caps on queue-worthy submissions per
|
|
# GitHub login. Accounts whose webhook payload reports author_association
|
|
# OWNER/MEMBER/COLLABORATOR bypass the limiter automatically. Use the
|
|
# unlimited list (comma-separated logins, `@` optional) to whitelist
|
|
# additional users — e.g. yourself when developing outside the repo.
|
|
ROBOMP_RATE_LIMIT_WINDOW_SECONDS=3600
|
|
ROBOMP_RATE_LIMIT_DEFAULT=3
|
|
ROBOMP_RATE_LIMIT_CONTRIBUTOR=10
|
|
ROBOMP_RATE_LIMIT_UNLIMITED=
|
|
|
|
|
|
# =============================================================================
|
|
# --- Question auto-close ---
|
|
# =============================================================================
|
|
# When the bot answers an issue classified as `question` it appends a
|
|
# 👎-to-keep-open prompt and schedules the issue to close as
|
|
# `state_reason=completed` after `HOURS`. Set `ENABLED=false` (or `HOURS=0`)
|
|
# to disable. Cancellation is automatic on a follow-up comment, an external
|
|
# close, or the issue author downvoting the bot's comment.
|
|
ROBOMP_QUESTION_AUTOCLOSE_ENABLED=true
|
|
ROBOMP_QUESTION_AUTOCLOSE_HOURS=4
|
|
# How often the scheduler scans for due rows. 60s is plenty given the
|
|
# multi-hour close window.
|
|
ROBOMP_QUESTION_AUTOCLOSE_SCAN_SECONDS=60
|
|
|
|
# Path or command name for the omp binary inside the container. The shipped
|
|
# image installs a shim that invokes Bun against the mounted pi checkout.
|
|
ROBOMP_OMP_COMMAND=omp
|
|
|
|
|
|
# =============================================================================
|
|
# --- Paths (inside the container) ---
|
|
# =============================================================================
|
|
ROBOMP_WORKSPACE_ROOT=/data/workspaces
|
|
ROBOMP_SQLITE_PATH=/data/robomp.sqlite
|
|
ROBOMP_LOG_DIR=/data/logs
|
|
|
|
|
|
# =============================================================================
|
|
# --- Dev only ---
|
|
# =============================================================================
|
|
# Bind address for the webhook receiver.
|
|
ROBOMP_BIND_HOST=0.0.0.0
|
|
ROBOMP_BIND_PORT=8080
|
|
|
|
# Optional token enabling the POST /replay endpoint; leave blank to disable.
|
|
# ROBOMP_REPLAY_TOKEN=
|
|
|
|
# =============================================================================
|
|
# --- oh-my-pi source location (host side) ---
|
|
# =============================================================================
|
|
# robomp lives inside the oh-my-pi monorepo at `python/robomp/`. The default
|
|
# `bun run robomp:pi-artifacts` builds the parent monorepo (`../..`) as its docker
|
|
# build context, and `docker-compose.yml` mounts that same path read-only at
|
|
# `/work/pi` inside the container. Override `PI_ROOT` only if you want to point
|
|
# the build/mount at a different oh-my-pi checkout.
|
|
# PI_ROOT=../..
|