Files
wehub-resource-sync 426e9eeabd
Benchmark Bridge Tests / benchmark (bunx @biomejs/biome check packages/lifeops-bench/src, benchmark-lint) (push) Waiting to run
Benchmark Bridge Tests / benchmark (bunx vitest run --config packages/lifeops-bench/vitest.config.ts --root packages/lifeops-bench --passWithNoTests, benchmark-tests) (push) Waiting to run
Build Agent Image / build-and-push (push) Waiting to run
Chat shell gestures / Chat shell gesture + parity e2e (push) Waiting to run
ci / test (push) Waiting to run
ci / lint-and-format (push) Waiting to run
ci / build (push) Waiting to run
ci / dev-startup (push) Waiting to run
Cloud Gateway Discord / Test (push) Waiting to run
Cloud Gateway Webhook / Test (push) Waiting to run
Cloud Tests / lint-and-types (push) Waiting to run
Cloud Tests / unit-tests (push) Waiting to run
Cloud Tests / integration-tests (push) Waiting to run
Cloud Tests / e2e-tests (push) Blocked by required conditions
CodeQL Advanced / Analyze (javascript-typescript) (push) Waiting to run
Deploy Apps Worker (Product 2) / Determine environment (push) Waiting to run
Deploy Apps Worker (Product 2) / Deploy apps worker to apps-control host (${{ needs.determine-env.outputs.environment }}) (push) Blocked by required conditions
Deploy Eliza Provisioning Worker / Determine environment (push) Waiting to run
Deploy Eliza Provisioning Worker / Deploy worker to Hetzner host (${{ needs.determine-env.outputs.environment }} @ ${{ needs.determine-env.outputs.deployment_sha }}) (push) Blocked by required conditions
Dev Smoke / Classify changed paths (push) Waiting to run
Dev Smoke / bun run dev onboarding chat (push) Blocked by required conditions
Dev Smoke / Vite HMR dependency-level smoke (push) Blocked by required conditions
Electrobun Submodule Guard / electrobun gitlink is fetchable (push) Waiting to run
gitleaks / gitleaks (push) Waiting to run
Markdown Links / Relative Markdown Links (push) Waiting to run
Publish @elizaos/example-code / check_npm (push) Waiting to run
Publish @elizaos/example-code / publish_npm (push) Blocked by required conditions
Publish @elizaos/plugin-elizacloud / verify_version (push) Waiting to run
Publish @elizaos/plugin-elizacloud / publish_npm (push) Blocked by required conditions
Quality (Extended) / Homepage Build (PR smoke) (push) Waiting to run
Quality (Extended) / Comment-only diff guard (push) Waiting to run
Quality (Extended) / Format + Type Safety Ratchet (push) Waiting to run
Quality (Extended) / Develop Gate (secret scan + UI determinism) (push) Waiting to run
Quality (Extended) / Develop Gate (lint) (push) Waiting to run
Sandbox Live Smoke / Sandbox live smoke (push) Waiting to run
Snap Build & Test / Build Snap (amd64) (push) Waiting to run
Snap Build & Test / Build Snap (arm64) (push) Waiting to run
supply-chain / sbom (push) Waiting to run
supply-chain / vulnerability-scan (push) Waiting to run
Build, Push & Deploy to Phala Cloud / build-and-push (push) Waiting to run
Test Packaging / Validate Packaging Configs (push) Waiting to run
Test Packaging / PyPI on Python ${{ matrix.python }} (push) Waiting to run
Test Packaging / Pack & Test JS Tarballs (push) Waiting to run
Test Packaging / elizaos CLI global-install smoke (node + bun) (push) Waiting to run
UI Fixture E2E / ui-fixture-e2e (push) Waiting to run
UI Fixture E2E / fixture-e2e (push) Waiting to run
UI Story Gate / story-gate (push) Waiting to run
vault-ci / test (macos-latest) (push) Waiting to run
vault-ci / test (ubuntu-latest) (push) Waiting to run
vault-ci / test (windows-latest) (push) Waiting to run
vault-ci / app-core wiring tests (push) Waiting to run
verify-patches / verify patches/CHECKSUMS.sha256 (push) Waiting to run
Voice Benchmark Smoke / voice-emotion fixture smoke (push) Waiting to run
Voice Benchmark Smoke / voiceagentbench fixture smoke (push) Waiting to run
Voice Benchmark Smoke / voicebench-quality unit smoke (push) Waiting to run
Voice Benchmark Smoke / voicebench TypeScript unit (no audio) (push) Waiting to run
Voice Benchmark Smoke / voice bench smoke summary (push) Blocked by required conditions
Windows CI / windows ([bun run --cwd packages/app-core test bun run --cwd packages/elizaos test bun run --cwd packages/cloud/shared test], app-and-cli) (push) Waiting to run
Windows CI / windows ([bun run --cwd packages/scenario-runner test bun run --cwd packages/vault test bun run --cwd packages/security test bun run --cwd plugins/plugin-coding-tools test], framework-packages) (push) Waiting to run
Windows CI / windows ([bun run --cwd plugins/plugin-elizacloud test bun run --cwd plugins/plugin-discord test bun run --cwd plugins/plugin-anthropic test bun run --cwd plugins/plugin-openai test bun run --cwd plugins/plugin-app-control test bun run --cwd plugins/pl… (push) Waiting to run
Windows CI / windows ([node packages/scripts/run-turbo.mjs run build --filter=@elizaos/core --filter=@elizaos/shared --filter=@elizaos/agent --concurrency=4 node packages/scripts/run-bash-linux-only.mjs scripts/verify-riscv64-buildpaths.sh node packages/scripts/run… (push) Waiting to run
Windows CI / windows ([node packages/scripts/run-turbo.mjs run typecheck --filter=@elizaos/core --filter=@elizaos/shared --filter=@elizaos/cloud-shared --concurrency=4 bun run --cwd packages/core test bun run --cwd packages/shared test], core-runtime, 75) (push) Waiting to run
Test Packaging / Build & Test PyPI Package (push) Waiting to run
Voice Workbench / headless workbench (mocked backends) (push) Has been cancelled
Voice Workbench / real acoustic lane (nightly, provisioned only) (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 12:43:05 +08:00

924 lines
37 KiB
Bash
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# ============================================================================
# Feed Game - Environment Variables Configuration
# ============================================================================
# Copy this file to .env and fill in your actual values
# NEVER commit the .env file to version control!
# ============================================================================
# Quickstart Validation (Required vs Optional)
# ============================================================================
# Required in all environments (local/staging/production):
# - DATABASE_URL
# - NEXT_PUBLIC_STEWARD_API_URL
# - STEWARD_JWT_SECRET
# - CRON_SECRET
# - one LLM key: ELIZACLOUD_API_KEY (recommended) OR GROQ_API_KEY or OPENAI_API_KEY or ANTHROPIC_API_KEY
#
# Required only when feature flags are enabled:
# - SENDGRID_API_KEY => NOTIFICATION_EMAIL_FROM (or EMAIL_FROM)
# - NFT_CHAT_GATING_ENABLED=true => NFT_CONTRACT_ADDRESS and NFT_INDEXER_GRAPHQL_URL
# Optional by default:
# - Everything else in this file is optional unless one of the feature flags
# above is enabled.
#
# Validate your local env files:
# bun run env:validate
#
# ============================================================================
# Application Configuration
# ============================================================================
# Application URL (used for referral links and redirects)
# Production: https://feed.market
# Staging: https://staging.feed.market
NEXT_PUBLIC_APP_URL=https://feed.market
# HTTP port used by the Next.js runtime and local server wrappers.
PORT=3000
# Mobile (Capacitor): Optional API base URL for cross-origin requests.
# Leave unset (or empty) for the web app (same-origin). When set, client helpers
# (apiUrl/apiFetch/SSE) will prefix `/api/*` with this base.
# Example: https://play.feed.market
NEXT_PUBLIC_API_URL=
# Mobile (Capacitor): Optional OAuth redirect URL for social login flows.
# Defaults to https://feed.market/redirect when unset.
NEXT_PUBLIC_OAUTH_REDIRECT_URL=
# Mobile (Capacitor): Optional dev server URL for the native shell.
# If set, Capacitor loads this URL instead of bundled `apps/mobile/out` assets.
CAPACITOR_SERVER_URL=
# Waitlist URL (canonical landing for referrals and "no access" redirects when app is token-gated)
# In production: https://feed.market
# In staging: https://staging.feed.market
NEXT_PUBLIC_WAITLIST_URL=https://feed.market
# Blog URL (used for the blog link on the landing page)
NEXT_PUBLIC_BLOG_URL=https://blog.feed.market
# Deprecated: waitlist/app routing is now host-based (feed.market vs play.feed.market)
WAITLIST_MODE=false
# Comma-separated list of hostnames that should render the waitlist experience.
# Defaults to: feed.market,www.feed.market,staging.feed.market
# Local dev suggestion:
# - add hosts: 127.0.0.1 feed.local play.feed.local
# - set NEXT_PUBLIC_WAITLIST_URL=http://feed.local:3000
# - set NEXT_PUBLIC_APP_URL=http://play.feed.local:3000
# - set WAITLIST_HOSTNAMES=feed.local
WAITLIST_HOSTNAMES=
# Additional CORS origins allowed for API requests (comma-separated).
# Useful for preview domains and local/mobile development.
CORS_ALLOWED_ORIGINS=
# Cache TTL (seconds) for access decisions on app host.
# This controls the `ba_access` cookie set by middleware to avoid calling /api/nft/access on every request.
# Default: 60 (max: 300).
ACCESS_GATE_CACHE_SECONDS=60
# ============================================================================
# Admin Configuration
# ============================================================================
# Email domain for automatic admin access (users with this email domain get admin)
# Example: elizalabs.ai will grant admin to all users@elizalabs.ai emails
# ADMIN_EMAIL_DOMAIN=your-company.com # Optional: Auto-promote users with this email domain to admin
# Waitlist leaderboard cache window in ms (15s default if unset)
WAITLIST_LEADERBOARD_CACHE_MS=15000
# Waitlist position cache window in ms (5s default if unset)
WAITLIST_POSITION_CACHE_MS=5000
# Notification email delivery (BAB-189)
# If SENDGRID_API_KEY is not set, notification emails are skipped.
# NOTIFICATION_EMAIL_FROM example: Feed <notifications@your-domain.com>
SENDGRID_API_KEY=
NOTIFICATION_EMAIL_FROM=
# Signing secret for one-click unsubscribe links in notification emails.
# Falls back to CRON_SECRET/JWT_SECRET if not set.
NOTIFICATION_EMAIL_UNSUBSCRIBE_SECRET=
# Model pilot inquiry (/research, not in navigation). Optional internal recipient override.
MODEL_PILOT_INQUIRY_NOTIFY_EMAIL=
# Node Environment (production, development, test)
NODE_ENV=development
# ============================================================================
# Database Configuration
# ============================================================================
# Format: postgresql://username:password@host:port/database
DATABASE_URL=
# Per-process pool size (postgres.js `max` on this app instance). Capped at 500 in code.
# This is NOT Neons endpoint cap. Neon (see current docs) separates:
# - Direct URL → connections count against the compute “direct” limit (~4k on many plans).
# - Pooled URL (`-pooler` host / transaction mode) → “pooled” limit (~10k), multiplexed to fewer Postgres backends.
# Your real usage ≈ sum over every running worker/serverless instance of (this pool + replica pool + any direct clients).
# Defaults assume high fan-out (many concurrent instances): small per-process pools; raise DATABASE_POOL_MAX only if you measure pool starvation.
# Production: prefer Neons pooled `DATABASE_URL` so many instances share the higher pooled ceiling.
# Defaults when unset — pooler URL: primary prod 10 / dev 8 / test 2; direct URL: primary prod 8 / dev 10 / test 5.
# DATABASE_POOL_MAX=
# Read replica URLs own postgres.js pool (same Neon direct vs pooled idea applies to that host).
# Defaults when unset — pooler: prod 15 / dev 12 / test 2; direct: prod 12 / dev 15 / test 5.
# DATABASE_READ_REPLICA_POOL_MAX=
# Shown in pg_stat_activity (observability).
DATABASE_APPLICATION_NAME=feed
DATABASE_READ_REPLICA_APPLICATION_NAME=feed-read
# Log every SQL query to stdout (Drizzle logger). Optional, default false.
DB_LOG_QUERIES=false
# Production-only session guardrails (statement / lock / idle-in-tx timeouts). Ignored in tests.
# In development, set DATABASE_SESSION_GUARDRAILS=true to apply the same limits locally.
DATABASE_SESSION_GUARDRAILS=false
# Milliseconds. Applied when guardrails are active (production, or SESSION_GUARDRAILS in dev).
# Defaults: statement 60000, lock 10000, idle-in-tx 60000. Set to 0 via env not supported—omit key for default.
# DATABASE_STATEMENT_TIMEOUT_MS=
# DATABASE_LOCK_TIMEOUT_MS=
# DATABASE_IDLE_IN_TRANSACTION_TIMEOUT_MS=
# PostgreSQL URL (Alternative - used by Eliza agents)
# If not set, will use DATABASE_URL
POSTGRES_URL=
# PGlite Data Directory (Development - Embedded Database)
# Only used if POSTGRES_URL is not set
# PGLITE_DATA_DIR=./data/pglite
# ============================================================================
# Steward Authentication Configuration (Phase 2 — replaces Privy)
# ============================================================================
# Steward API base URL (local dev: http://localhost:3200, prod: set by ElizaCloud)
NEXT_PUBLIC_STEWARD_API_URL=http://localhost:3200
# Steward tenant ID for Feed (created by `bun run steward:init`)
NEXT_PUBLIC_STEWARD_TENANT_ID=feed
# Steward tenant API key (output from `bun run steward:init`)
STEWARD_TENANT_API_KEY=
# HS256 secret used by Steward to sign JWTs — must match Steward's STEWARD_JWT_SECRET
STEWARD_JWT_SECRET=dev-jwt-secret-change-in-prod
# Expected issuer for Steward JWT validation when the upstream auth service sets it.
STEWARD_JWT_ISSUER=
# Steward master password for platform API access (admin)
STEWARD_MASTER_PASSWORD=dev-master-password-change-in-prod
# Platform API keys for Steward (comma-separated list of allowed platform keys)
STEWARD_PLATFORM_KEYS=
# Steward API URL for server-side calls (may differ from public URL in production)
STEWARD_API_URL=http://localhost:3200
# HMAC secret for signed Steward mutating requests (OAuth exchange in prod).
# Must match Steward's request-signing secret when enabled upstream.
STEWARD_REQUEST_SIGNING_SECRET=
# App URL as seen by the Steward container (for magic-link redirects)
# In local dev: http://localhost:3000, in prod: your production domain
STEWARD_APP_URL=http://localhost:3000
STEWARD_TENANT_ID=feed
# ── Privy (DEPRECATED — Phase 2 migration target) ──────────────────────────
# These are kept for the migration period to allow exporting Privy users.
# Remove after migration is complete.
# NEXT_PUBLIC_PRIVY_APP_ID=your_privy_app_id_here
# PRIVY_APP_SECRET=your_privy_app_secret_here
# ============================================================================
# Storage Configuration (Image Uploads)
# ============================================================================
# Production: Use Vercel Blob (automatic in Vercel deployments)
# Set USE_VERCEL_BLOB=true to force Vercel Blob even in development
USE_VERCEL_BLOB=false
# Vercel Blob Token (automatically available in Vercel environment)
# Only needed if manually configuring Vercel Blob outside of Vercel
# BLOB_READ_WRITE_TOKEN=your_vercel_blob_token
# Development: MinIO Configuration (S3-compatible local storage)
MINIO_ENDPOINT=http://localhost:9000
MINIO_ACCESS_KEY=feed
MINIO_SECRET_KEY=feed_dev_password
MINIO_BUCKET=feed-uploads
# ============================================================================
# Feed Agent Authentication
# ============================================================================
# These credentials enable agents to authenticate internally without requiring
# users to provide authentication tokens manually.
# Generate a secure random string for FEED_AGENT_SECRET (e.g., using openssl rand -hex 32)
# Agent ID (must match the agent configuration)
FEED_AGENT_ID=feed-agent-alice
# ============================================================================
# ElizaCloud Inference (recommended — replaces individual provider keys)
# ============================================================================
# When set, ALL inference routes through ElizaCloud instead of direct provider APIs.
ELIZACLOUD_API_URL=https://api.elizacloud.com
ELIZACLOUD_API_KEY=
# Default model override for ElizaCloud inference (e.g. "openai/gpt-5-nano")
ELIZACLOUD_DEFAULT_MODEL=
# ============================================================================
# AI Model Provider Configuration (for Eliza Agents)
# ============================================================================
# Individual provider keys — used as fallback when ELIZACLOUD_API_KEY is not set.
# At least one of ElizaCloud OR a direct provider key is required for agent functionality.
OPENAI_API_KEY=
GROQ_API_KEY=
ANTHROPIC_API_KEY=
# Cerebras inference (optional — used as fast fallback in agent LLM routing)
CEREBRAS_API_KEY=
CEREBRAS_BASE_URL=
CEREBRAS_MODEL=
# ============================================================================
# Image Generation Configuration
# ============================================================================
# Fal.ai API key for generating actor and organization images
# Get from https://fal.ai/dashboard
FAL_KEY=your_fal_ai_api_key_here
# Optional: HTTPS URL of a reference image for fal-ai/nano-banana-2/edit (must be public; fal.ai fetches it).
# If unset and apps/web/public/assets/user-pfps/pfp-001.png exists, that file is uploaded to fal storage on each request (works in local dev).
# If neither applies, agent avatars use text-to-image only.
AGENT_AVATAR_REFERENCE_IMAGE_URL=
# ============================================================================
# Game Control Configuration
# ============================================================================
# Manual game start/stop control for production environments
# Controls both game-tick and agent-tick cron jobs
# Values: "start" | "running" | "true" to enable, anything else to pause
# Set to "pause" or "false" or leave empty to pause the game
GAME_START=pause
# ============================================================================
# Agent Behavior Configuration (Optional)
# ============================================================================
# Auto-start agents on daemon startup (default: true)
# AUTO_START_AGENTS=true
# Enable automatic trading for agents (default: false)
AGENT_AUTO_TRADE=false
# Runtime context refresh interval in hours (default: 48)
# Long-lived runtimes are recycled at this interval to prevent context bloat.
AGENT_CONTEXT_REFRESH_HOURS=48
# ============================================================================
# Logging Configuration (Optional)
# ============================================================================
# Log level: debug, info, warn, error (default: debug in dev, info in production)
LOG_LEVEL=debug
# A2A specific log level
# A2A_LOG_LEVEL=info
# ============================================================================
# Market Configuration (Optional - can be set after deployment)
# ============================================================================
# DEFAULT_LIQUIDITY=1000000000000000000000 # 1000 ETH in wei
# DEFAULT_FEE_RATE=100 # 100 basis points = 1%
# ============================================
# POSTHOG ANALYTICS
# ============================================
# PostHog is used for product analytics, event tracking, session recording,
# and error tracking across the entire application (client + server).
#
# All events are automatically tagged with an `environment` property
# (production, staging, or development) so you can filter or break down
# by environment within a single PostHog project.
#
# Get your project API key from: https://us.posthog.com/settings/project
NEXT_PUBLIC_POSTHOG_PROJECT_ID=phc_your_project_api_key_here
# PostHog API host (default: US Cloud)
# EU Cloud: https://eu.i.posthog.com
# Self-hosted: https://your-posthog-instance.com
NEXT_PUBLIC_POSTHOG_HOST=https://us.i.posthog.com
# ============================================
# SENTRY ERROR TRACKING (Optional)
# ============================================
# Sentry DSN for error tracking and performance monitoring
# Get your DSN from https://sentry.io/settings/projects/
NEXT_PUBLIC_SENTRY_DSN="https://your-dsn@sentry.io/project-id"
SENTRY_DSN="https://your-dsn@sentry.io/project-id"
# Environment (recommended if staging/prod share a Sentry project)
# Suggested values: development, staging, production
NEXT_PUBLIC_SENTRY_ENVIRONMENT="development"
SENTRY_ENVIRONMENT="development"
# Source Map Upload (Optional - for better stack traces in production)
# Get auth token from https://sentry.io/settings/account/api/auth-tokens/
SENTRY_AUTH_TOKEN="your-auth-token"
# Sentry project metadata for source map upload (Optional)
# If unset, defaults are applied in `apps/web/next.config.ts`.
SENTRY_ORG=
SENTRY_PROJECT=
# Release Tracking (Optional - set via CI/CD or manually)
# Format: version or git commit hash
NEXT_PUBLIC_SENTRY_RELEASE=""
SENTRY_RELEASE=""
# ============================================
# VERCEL SPEED INSIGHTS (Optional)
# ============================================
# Client-side sampling for Web Vitals: percentage of sessions (0100). Lower = fewer RUM datapoints.
# Why: full-funnel RUM scales cost and noise; we keep vitals on high-signal routes + sample sessions.
# High-signal routes are filtered in code (see apps/web/.../GatedSpeedInsights.tsx).
# Full rationale, allowlist, migration (old 01 fractions), roadmap: docs/observability/speed-insights.md
# Default when unset: 50 (50%).
NEXT_PUBLIC_SPEED_INSIGHTS_SAMPLE_RATE=50
# Enables Vercel client observability components in deployments that opt in.
NEXT_PUBLIC_ENABLE_VERCEL_OBSERVABILITY=false
# Sentry Service Hook webhook security (required if using /api/sentry/webhook)
# Create a secret in Sentry Project Settings > Integrations > Internal Integrations > Webhooks
SENTRY_WEBHOOK_SECRET=""
# Max allowed webhook timestamp skew in seconds (default 300, min 30, max 3600)
SENTRY_WEBHOOK_MAX_TIMESTAMP_SKEW_SECONDS=300
# Discord webhook for critical system alerts triggered by /api/cron/health-check
# Optional: if unset, critical alerts remain visible in Sentry/admin only.
DISCORD_SYSTEM_ALERT_WEBHOOK_URL=""
# ============================================================================
# Perpetuals Trading Configuration
# ============================================================================
# Feed perpetuals are offchain-only. Keep settlement in simulation mode.
NEXT_PUBLIC_PERP_SETTLEMENT_MODE=simulation
# URLs for game's MCP and A2A endpoints (OPTIONAL - auto-provisions if not set)
# These automatically use the correct URL based on your environment:
# - Production: feed.market (via NEXT_PUBLIC_APP_URL)
# - Staging: staging.feed.market (via NEXT_PUBLIC_APP_URL)
# - Preview: Your Vercel preview URL (via VERCEL_URL)
# - Local: http://localhost:3000
# Only set these if you need to override the automatic URL detection
# FEED_MCP_URL=
# FEED_A2A_URL=
# A2A Protocol API Key (Required for production/staging)
# Used to authenticate Agent-to-Agent communication requests
# Generate with: openssl rand -hex 32
# Note: Localhost bypasses this check for development
FEED_A2A_API_KEY=
FEED_LOGO_URL=
# ============================================================================
# Social Media Integration (for share verification)
# ============================================================================
# Twitter/X OAuth 2.0 (for user login and account linking)
# Get these from https://developer.twitter.com/en/portal/dashboard
# Go to your app → "User authentication settings" → OAuth 2.0 credentials
TWITTER_CLIENT_ID=
TWITTER_CLIENT_SECRET=
# Twitter API v2 Bearer Token (for tweet verification)
# Get from https://developer.twitter.com/en/portal/dashboard
# Go to your app → "Keys and tokens" → "Bearer Token"
TWITTER_BEARER_TOKEN=
# Farcaster (for cast verification via Neynar API)
# Get your API key from https://neynar.com/
NEYNAR_API_KEY=
# Farcaster FID for your Feed account (for follow verification)
# Find your FID at https://warpcast.com/~/settings
FARCASTER_FID=1521916
# Discord OAuth 2.0 (for user login and Discord server verification)
# Get these from https://discord.com/developers/applications
# Go to your app → OAuth2 → General
DISCORD_CLIENT_ID=
DISCORD_CLIENT_SECRET=
# Discord Guild ID (for Discord join verification)
# Right-click your server → Copy Server ID (requires Developer Mode enabled)
# Enable Developer Mode: User Settings → Advanced → Developer Mode
DISCORD_GUILD_ID=1438561373012627456
# Discord Invite URL (public invite link for users to join)
# Create in Discord: Server Settings → Invites → Create Invite
# Example: https://discord.gg/YourInviteCode
NEXT_PUBLIC_DISCORD_INVITE_URL=https://discord.gg/FEJpGH8f3r
# Optional: redirect path after completing OAuth linking flows (Twitter/Discord).
# Defaults to `/rewards` if unset or empty.
OAUTH_REDIRECT_PATH=/rewards
# Discord Activity (Embedded App) Client ID
# Used client-side by the Discord Embedded App SDK for Activities/mini-apps.
# This may be the same as DISCORD_CLIENT_ID or a separate application.
# Configure Activities in Discord Developer Portal → Your App → Activities
NEXT_PUBLIC_DISCORD_ACTIVITY_CLIENT_ID=
# Telegram Bot Token (used server-side only)
# Required for validating Telegram Mini App initData via HMAC-SHA-256.
# Get this from @BotFather when creating/managing your Telegram bot.
# Without this token, initData validation is skipped (insecure in production).
TELEGRAM_BOT_TOKEN=
# Random secret string for verifying Telegram webhook requests.
# Generate with: openssl rand -hex 32
TELEGRAM_WEBHOOK_SECRET=
# Optional: override the webhook URL registered with Telegram.
# Defaults to https://feed.market/api/telegram/webhook if not set.
WEBHOOK_URL=
# ============================================
# ADD THESE TO YOUR .env FILE
# ============================================
# Generated by Claude Code analysis on 2025-11-16
# For RL Pipeline and Agent Autonomous System
# ============================================
# Weights & Biases Configuration (REQUIRED FOR RL)
# ============================================
# Get your API key from: https://wandb.ai/authorize
WANDB_API_KEY=your_wandb_api_key_here
WANDB_PROJECT=feed-training
WANDB_ENTITY=your_wandb_username_or_org
# ============================================
# Training Configuration
# Note: Trajectory recording is always enabled automatically
# ============================================
# Minimum trajectories before GRPO training kicks in
TRAINING_MIN_TRAJECTORIES=1000
# Minimum group size for GRPO ranking comparisons
TRAINING_MIN_GROUP_SIZE=5
# ============================================
# Model Configuration
# ============================================
# Base model to use (must be in W&B ART catalog)
BASE_MODEL=OpenPipe/Qwen3-14B-Instruct
# Enable/disable RL model usage
USE_RL_MODEL=true
# Fallback to base model if RL model fails
RL_FALLBACK_TO_BASE=true
# Optional: Pin to specific RL model version
# RL_MODEL_VERSION=latest
# ============================================
# Training Execution Mode
# ============================================
# false = Use W&B remote backend (RECOMMENDED)
# true = Train locally (requires GPU)
# Deprecated local training flags (unreferenced in repo outside `.env.example` as of 2026-03-03).
# See "Deprecated / Unreferenced Keys" near the bottom of this file.
# ============================================
# Tinker Cloud Training (Alternative to Atropos)
# ============================================
# Training mode: 'atropos' for local vLLM or 'tinker' for cloud-based
# atropos = Uses local vLLM server for GRPO training (requires GPU)
# tinker = Uses Tinker cloud API for GRPO training (no GPU required)
TRAINING_MODE=atropos
# Tinker API Key for cloud training via Thinking Machines
# Get from: https://tinker.thinkingmachines.dev/
# Required when TRAINING_MODE=tinker
TINKER_API_KEY=
# ============================================
# Agent Configuration
# ============================================
# Agent LLM Provider: huggingface | phala | ollama | groq (default: groq)
# AGENT_LLM_PROVIDER=groq
# Phala TEE Inference Endpoint (required when AGENT_LLM_PROVIDER=phala)
# Example: https://phala-tee.example.com/v1/chat
PHALA_ENDPOINT=
# Cron job security token (generate with: openssl rand -hex 32)
CRON_SECRET=your_random_secret_here_replace_with_actual_secret
# Internal cron target for server-to-server scheduler calls.
INTERNAL_CRON_URL=
# Mirror cron calls from production to staging (optional, default: false)
REDIRECT_CRON_STAGING=false
# Staging base URL used when REDIRECT_CRON_STAGING=true (optional)
CRON_STAGING_URL=https://staging.feed.market
# Enable internal scheduler outside production or force it explicitly (optional, default: false)
ENABLE_INTERNAL_CRON_SCHEDULER=false
# /api/cron/trading-fee-outbox — drains TradingFeeOutbox after perp fee processor retries fail (same CRON_SECRET as other crons)
FEE_PROCESSING_MAX_RETRIES=3
# Guardrail for shared staging/production databases so fan-out crons can skip duplicate processing.
SHARED_DATABASE_WITH_STAGING=false
# NFT revalidation cron job timeout in milliseconds (default: 50000 = 50s, allows 10s buffer for Vercel 60s limit)
NFT_REVALIDATE_TIMEOUT_MS=50000
# NPC Tick Configuration
# Number of NPCs to process per tick (rotates through all)
NPC_TICK_BATCH_SIZE=20
# NPC Trading Configuration
# Probability (0-1) of NPC trading per tick (optional, default: 0.6)
NPC_TRADE_PROBABILITY=0.6
# NPC_MAX_TRADES_PER_DAY - Maximum trades per NPC per day (optional, default: 20)
# NPC_MIN_MINUTES_BETWEEN_TRADES - Minimum cooldown minutes between trades (optional, default: 5)
# NPC Feed Diversity Configuration (TikTok-inspired)
# NPC_MAX_CONSECUTIVE_SAME_ACTION - Max consecutive same action type, e.g. likes (default: 1)
# NPC_TIMESTAMP_STAGGER_MS - Stagger window in ms for organic pacing, 0 to disable (default: 300000)
# NPC_MAX_RECENT_ACTIONS - Number of recent actions to track for diversity (default: 5)
# Maximum consecutive errors before stopping NPC tick
NPC_TICK_MAX_ERRORS=5
# Route NPC decisions through the unified multi-step pipeline.
# When enabled, NPCs treat prediction markets as read-only context and only trade perps.
FEED_UNIFIED_NPC_PIPELINE=false
# Agent lock duration in milliseconds (prevents concurrent execution)
AGENT_LOCK_DURATION_MS=900000
# Leaderboard cache TTL in milliseconds
LEADERBOARD_CACHE_MS=120000
# Game tick budget in milliseconds (3 minutes)
GAME_TICK_BUDGET_MS=180000
# Event diversity: hours between same actor appearing in world events (default: 4)
EVENT_ACTOR_COOLDOWN_HOURS=4
# Parody headlines: max mentions of a single entity per batch (default: 3)
PARODY_MAX_ENTITY_MENTIONS=3
# ============================================
# Optional: Debug and Monitoring
# ============================================
# Enable debug logging
DEBUG=false
# ============================================
# Linear Integration (Optional)
# ============================================
# Automatically create Linear issues from game feedback submissions.
# If unset, feedback submissions still work but Linear issues are not created.
#
# Get API key from Linear > Settings > Account > Security & Access > API
LINEAR_API_KEY=
# Your team ID in Linear (find at Linear > Settings > Team > General > ID)
LINEAR_TEAM_ID=
# Game Feedback label ID in Linear (optional - find via Linear API or create a new label)
LINEAR_GAME_FEEDBACK_LABEL_ID=
# ============================================
# NFT Minting Configuration
# ============================================
# Contract address for the Top 100 NFT collection (required for minting to work)
# Must be a valid Ethereum address. Minting is disabled if not set.
NFT_CONTRACT_ADDRESS=
# NFT chain ID is derived from `NEXT_PUBLIC_CHAIN_ID`/`CHAIN_ID` (single-chain per environment).
# `NFT_CHAIN_ID` is kept for backwards compatibility; if set, it must match the configured chain id.
NFT_CHAIN_ID=1
# Envio hosted GraphQL endpoint for on-chain NFT ownership checks (required for on-chain gating / secondary transfers).
# Example: https://indexer.dev.hyperindex.xyz/<project>/v1/graphql
NFT_INDEXER_GRAPHQL_URL=
# IPFS CID for NFT images (used by the image proxy at /api/nft/image/[tokenId])
NFT_IPFS_IMAGES_CID=
# IPFS CID for NFT metadata JSON files (used by the seed script)
NFT_IPFS_METADATA_CID=
# ============================================
# NFT Chat Gating (single gated chat)
# ============================================
NFT_CHAT_GATING_ENABLED=false
# Chat ID (Chat.id) for the gated chat (required when NFT_CHAT_GATING_ENABLED=true)
NFT_CHAT_GATING_CHAT_ID=
# ============================================================================
# Currency Configuration
# ============================================================================
# Symbol used for displaying Feed points in the UI (not real USD — in-game points)
# Default: $
# Examples: $, ƀ, Ƀ, ₿, ◆
NEXT_PUBLIC_CURRENCY_SYMBOL=$
# ============================================================================
# Alpha Group Configuration
# ============================================================================
# Controls how users are invited to NPC alpha groups.
# All values have sensible defaults - only set if you need to override.
# --- Engagement Thresholds ---
# Minimum interactions required for invite eligibility
ALPHA_MIN_REPLIES=1
ALPHA_MIN_LIKES=2
ALPHA_MIN_TOTAL_INTERACTIONS=5
ALPHA_MIN_QUALITY_SCORE=0.5
# --- Invite Probability ---
# Global multiplier for all tier invite probabilities (1.0 = default, 2.0 = 2x more invites)
ALPHA_INVITE_PROBABILITY_MULTIPLIER=1.0
# Maximum invites to send per game tick (across all NPCs)
ALPHA_MAX_INVITES_PER_TICK=15
# --- Trading Activity ---
# Include trading activity in engagement score calculation
ALPHA_INCLUDE_TRADING=true
# Weight for trades in engagement score (each trade contributes this many points)
ALPHA_TRADE_WEIGHT=2.5
# --- Fast Track ---
# Enable fast-track for high-value traders (skip Tier 3 → join Tier 2 directly)
ALPHA_FAST_TRACK_ENABLED=true
# Minimum profitable trades for fast-track eligibility
ALPHA_FAST_TRACK_MIN_TRADES=10
# Minimum P&L (in points) for fast-track eligibility
ALPHA_FAST_TRACK_MIN_PNL=5000
# --- Invite Decay ---
# Enable exponential backoff for users who decline invites
ALPHA_INVITE_DECAY_ENABLED=true
# Base cooldown hours after first decline (doubles with each subsequent decline)
ALPHA_INVITE_DECAY_BASE_HOURS=24
# Maximum cooldown hours (cap for exponential backoff)
ALPHA_INVITE_DECAY_MAX_HOURS=168
# Maximum declines before temporary exclusion
ALPHA_INVITE_DECAY_MAX_DECLINES=5
# --- Feature Flags ---
# Enable per-NPC tier customization via ActorTierOverrides
ALPHA_PER_NPC_CUSTOMIZATION_ENABLED=true
# Enable grandfathering for existing members when thresholds change
ALPHA_GRANDFATHERING_ENABLED=true
# ============================================
# Stripe
# ============================================
STRIPE_SECRET_KEY=sk_test_...
NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY=pk_test_...
STRIPE_WEBHOOK_SECRET=whsec_...
# Optional: Override redirect URL for local development
# STRIPE_REDIRECT_BASE_URL=http://localhost:3000
# --- Billing Tab Feature Flag (in /settings page) ---
NEXT_PUBLIC_BILLING_ENABLED=false
# ============================================
# Points / Leaderboard
# ============================================
# Scope batch points recompute to whitelisted users only.
# Set to "false" when opening registration to all users.
# POINTS_WHITELIST_ONLY=true
# ============================================
# Session Tracking
# ============================================
# Salt for hashing IP addresses in session tracking (privacy protection)
# Generate a secure random string for production
IP_HASH_SALT=your-secure-random-salt-here
# ============================================================================
# Deprecated / Unreferenced Keys
# ============================================================================
# These keys are not referenced anywhere in the repo (outside `.env.example`)
# as of 2026-03-03. They are kept here for historical context and may be removed
# after 2026-04-01 unless a real usage is reintroduced/documented.
# FEED_GAME_DESCRIPTION="AI-powered prediction market game on Base"
# FEED_GAME_NAME="Feed Prediction Market"
# BASE_ETHERSCAN_API_KEY=your_api_key_here
# BASE_SEPOLIA_ETHERSCAN_API_KEY=your_api_key_here
# FORCE_LOCAL_TRAINING=false
# NEXT_PUBLIC_ASYNC_SETTLEMENT=true
# NEXT_PUBLIC_CONTEST_ORACLE=0xCf7Ed3AccA5a467e9e704C703E8D87F634fB0Fc9
# NEXT_PUBLIC_DIAMOND_BASE_SEPOLIA=0x0000000000000000000000000000000000000000
# NEXT_PUBLIC_ENABLE_LIQUIDITY_POOLS=false
# NEXT_PUBLIC_ENABLE_REFERRALS=false
# NEXT_PUBLIC_HYBRID_BATCH_INTERVAL=3600000
# NEXT_PUBLIC_HYBRID_BATCH_SIZE=100
# NEXT_PUBLIC_IDENTITY_REGISTRY_BASE_SEPOLIA=0x0000000000000000000000000000000000000000
# NEXT_PUBLIC_MARKET_FACTORY=0x9fE46736679d2D9a65F0992F2272dE9f3c7fa6e0
# NEXT_PUBLIC_PREDIMARKET=0xe7f1725E7734CE288F8367e1Bb143E90bb3F0512
# NEXT_PUBLIC_REPUTATION_SYSTEM_BASE_SEPOLIA=0x0000000000000000000000000000000000000000
# NEXT_PUBLIC_SETTLEMENT_RETRIES=3
# ORACLE_CONFIRMATIONS=1
# ORACLE_GAS_MULTIPLIER=1.2
# ORACLE_MAX_GAS_PRICE=100
# TRAIN_RL_LOCAL=false
# WANDB_MODEL=meta-llama/Llama-3.3-70B-Instruct
# ============================================================================
# Code-Discovered Runtime Variables (env:audit)
# ============================================================================
# The following keys are referenced via `process.env` in runtime code but were
# missing from this example file. Values are intentionally omitted.
#
# Notes:
# - Some entries may be internal-only, deprecated, or slated for removal.
# - Keep this section roughly alphabetical to minimize diff churn.
# - `env:audit:check` only requires runtime-used keys to be declared here.
A2A_CLEANUP_INTERVAL_MS=
A2A_FETCH_TIMEOUT_MS=
A2A_MAX_INDEX_SIZE=
A2A_TASK_TTL_SECONDS=
A2A_TRANSFER_RATE_LIMIT=
ADAPTER_PATH=
ADMIN_EMAIL_DOMAIN=
AGENT_LLM_PROVIDER=
AGENT_SECRET=
# ALLOW_TEST_PRIVY_DID_AUTH= # DEPRECATED — moved to Legacy section at bottom
ANTHROPIC_BASE_URL=
ANTHROPIC_LARGE_MODEL=
ANTHROPIC_LOG=
ANTHROPIC_SMALL_MODEL=
ATROPOS_API_URL=
AVAILABLE_VRAM_GB=
# Optional: static admin token for CI integration tests. Only checked when CI=true.
# Set to any string value. The same value must be used by both server and test runner.
CI_ADMIN_TOKEN=
FEED_A2A_ENDPOINT=
FEED_DAG_TRACE=
FEED_DAG_TRACE_KEEP=
FEED_DISABLE_A2A=
FEED_DISABLE_REDIS=
FEED_ENABLE_PLAYER_POSTING=
FEED_FORCE_LOCAL_REDEPLOY=
FEED_LOCAL_BOOTSTRAP_ONCE=
FEED_PERP_MARKETS_JSON=
FEED_PREDICTION_MARKET_DYNAMIC=
FEED_PREDICTION_MARKET_INITIAL_LIQUIDITY=
FEED_PREDICTION_MARKET_SOURCE=
FEED_PYTHON_BIN=
FEED_SKIP_AGENT_FRAMEWORKS_BOOTSTRAP=
FEED_SKIP_ALPHA_GROUP_INVITES=
FEED_SKIP_NPC_GROUP_DYNAMICS=
FEED_SUPPRESS_OPTIONAL_LLM_WARNINGS=
FEED_TRUST_CORPUS_FAST_MODE=
BENCHMARK_OUTPUT_DIR=
BENCHMARK_QUICK=
BENCHMARK_TIMEOUT_MS=
BLOB_READ_WRITE_TOKEN=
CACHE_THUNDERING_HERD_BETA=
CORS_ALLOWED_ORIGINS=
DATABASE_READ_REPLICA_URL=
DEBUG_PROMPTS=
DEBUG_SAVE_PROMPTS=
DEPLOYMENT_ENV=
DIRECT_DATABASE_URL=
DISABLE_RATE_LIMITING=
DISABLE_SENTRY=
EMAIL_FROM=
ENABLE_EVENT_BASED_SUB_MARKETS=
ENABLE_QUERY_MONITORING=
GITHUB_REPO=
GITHUB_TOKEN=
GROQ_API_URL=
GROQ_BASE_URL=
GROQ_LARGE_MODEL=
GROQ_PRIMARY_MODEL=
GROQ_SMALL_MODEL=
HF_DATASET_NAME=
HF_MODEL_NAME=
HF_TOKEN=
HF_TRAJECTORY_DATASET=
HF_TRAJECTORY_DATASET_NAME=
HF_TRAJECTORY_SPLIT=
HUGGING_FACE_TOKEN=
HUGGINGFACE_API_FORMAT=
HUGGINGFACE_API_KEY=
HUGGINGFACE_HUB_TOKEN=
HUGGINGFACE_MODEL_ENDPOINT=
HUGGINGFACE_MODEL_NAME=
JWT_SECRET=
MARKET_DECISION_MAX_OUTPUT_TOKENS=
MARKET_DECISION_MODEL=
MARKETS_TICK_BUDGET_MS=
MAX_ACTIVE_USER_GROUPS=
MIN_DEFAULT_GROUPS=
MODEL_DISPLAY_NAME=
MODEL_PATH=
MODEL_QUANTIZATION=
MODEL_TIER=
MODERATION_ESCROW_RECEIVER=
NEXT_DIST_DIR=
NEXT_PUBLIC_API_URL=
NEXT_PUBLIC_BASE_URL=
NEXT_PUBLIC_DISABLE_SENTRY=
NEXT_PUBLIC_STATIC_ASSETS_URL=
NEXT_PUBLIC_WAITLIST_MODE=
NEXT_PUBLIC_WAITLIST_URL=
NFT_BASE_URI=
NFT_COLLECTION_SIZE=
NFT_CONTRACT_DEPLOY_BLOCK=
NFT_METADATA_BASE_URL=
NFT_SIGNER_ADDRESS=
NFT_SIGNER_PRIVATE_KEY=
OLLAMA_BASE_MODEL=
OLLAMA_BASE_URL=
OLLAMA_HOST=
OLLAMA_MODEL=
OPENAI_BASE_URL=
OPENAI_LARGE_MODEL=
OPENAI_SMALL_MODEL=
ORG_MIN_MINUTES_BETWEEN_POSTS=
ORG_TICK_BATCH_SIZE=
ORG_TICK_MAX_ERRORS=
PERP_SETTLEMENT_MODE=
POINTS_PAYMENT_RECEIVER=
POINTS_WHITELIST_ONLY=
POSTGRES_DEV_PORT=
PREDICTION_MARKET_INITIAL_LIQUIDITY=
PRIVY_APP_ID= # DEPRECATED — moved to Legacy section at bottom
PYTHON_BIN=
REALTIME_SIGNING_SECRET=
RECORD_AGENT_TRAJECTORIES=false
REDIS_URL=
RESOLUTION_POSTPONE_HOURS=
RL_MODEL_VERSION=
RUN_OPTIONAL_INTEGRATION_TESTS=
SCAMBENCH_MODEL=
SCAMBENCH_PROVIDER=
SCAMBENCH_SYSTEM_PROMPT=
SECRET_SALT=
SIM_ONCE=
SIMULATION_BRIDGE_PORT=3001
SIMULATION_DATA_PATH=
# Online RL: ratio of online (live sim) vs offline (DB) data in hybrid mode (0.0-1.0)
HYBRID_ONLINE_RATIO=0.2
# Reward weight profile: default | trust_blue | trust_red | trust_mixed
REWARD_WEIGHT_PROFILE=default
# Max time to wait for training subprocess to complete (ms, default: 1 hour)
TRAINING_TIMEOUT_MS=3600000
SLOW_QUERY_THRESHOLD_MS=
STRICT_LLM_VALIDATION=
STRIPE_REDIRECT_BASE_URL=
TEST_API_URL=
TEST_BASE_URL=
TEST_CONCURRENCY=
TICK_INTERVAL_MS=
TRAJECTORY_SOURCE=
TRAJECTORY_SAMPLING_RATE=
TRENDING_GROUPING_MODEL=
TRENDING_SUMMARY_MODEL=
TRUST_EXPERIMENT_RUNTIME_BASE_URL=
TRUST_EXPERIMENT_RUNTIME_MODEL=
TRUST_EXPERIMENT_RUNTIME_MODEL_VERSION=
USE_LOCAL_STORAGE=
USE_REAL_INFERENCE=
VLLM_BASE_URL=
VLLM_MODEL=
VLLM_PORT=
VLLM_URL=
WORKER_ID=
WORLD_FACTS_LOCK_DURATION_MINUTES=
WORLD_FACTS_UPDATE_INTERVAL_HOURS=
# ============================================================================
# Legacy / Deprecated Variables
# These variables are referenced by migration scripts, example packages,
# or simulation tooling. They are NOT required for normal app operation.
# ============================================================================
# Privy legacy — only needed for migrate-privy-to-steward.ts script
# DEPRECATED: replaced by Steward auth (Phase 2)
PRIVY_APP_SECRET=
PRIVY_AUTHORIZATION_PRIVATE_KEY=
PRIVY_OFFLINE_POLICY_ID=
PRIVY_OFFLINE_SIGNER_ID=
PRIVY_SOLANA_OFFLINE_POLICY_ID=
NEXT_PUBLIC_PRIVY_APP_ID=
# Dev auth bypass — legacy test helper, DEPRECATED: use STEWARD_JWT_SECRET
ALLOW_TEST_PRIVY_DID_AUTH=
# Bypass Steward JWT validation in dev/test (set to "true"); never enable in production
ALLOW_TEST_STEWARD_AUTH=
# Simulation bridge (packages/sim)
SIMULATION_BRIDGE_HOST=0.0.0.0
SIMULATION_BRIDGE_TOKEN=
# Blockchain / crypto examples (packages/examples — not needed for core app)
AGENT0_ENABLED=
AGENT0_NETWORK=
AGENT0_SUBGRAPH_URL=
FEED_GAME_PRIVATE_KEY=
FEED_GAME_WALLET_ADDRESS=
FEED_REGISTRY_REGISTERED=
BASE_MAINNET_RPC_URL=
BASE_SEPOLIA_RPC_URL=
CHAIN_ID=
DEPLOYER_PRIVATE_KEY=
ETH_MAINNET_RPC_URL=
ETH_SEPOLIA_RPC_URL=
ETHEREUM_RPC_URL=
ETHEREUM_SEPOLIA_RPC_URL=
NEXT_PUBLIC_CHAIN_ID=
NEXT_PUBLIC_IDENTITY_REGISTRY=
NEXT_PUBLIC_REPUTATION_SYSTEM=
NEXT_PUBLIC_RPC_URL=
NEXT_PUBLIC_TREASURY_ADDRESS=
PINATA_JWT=
RPC_URL=
SEPOLIA_RPC_URL=
BASE_RPC_URL=
ETHERSCAN_API_KEY=
EXPOSE_ONCHAIN_ERROR_DETAILS=
USE_MAINNET=