4b6817381b
Benchmark image — build + push to ECR (any adapter) / build + push (push) Waiting to run
CI / quality (ubuntu-latest) (push) Waiting to run
CI / test (tools-runtime) (push) Waiting to run
CI / test (e2e-general) (push) Waiting to run
CI / test (cli-runtime) (push) Waiting to run
CI / test (e2e-provider-and-openclaw) (push) Waiting to run
CI / test (integrations-and-misc) (push) Waiting to run
CI / coverage-report (push) Blocked by required conditions
CI / test-kubernetes (push) Waiting to run
CI / should-run-thorough (push) Waiting to run
CI / test-thorough (cloudwatch-demo) (push) Blocked by required conditions
CI / test-thorough (flink-ecs) (push) Blocked by required conditions
CI / test-thorough (upstream-lambda) (push) Blocked by required conditions
CI / test-thorough (prefect-ecs-fargate) (push) Blocked by required conditions
CodeQL / Analyze (python) (push) Waiting to run
Release / build-binaries (zip, opensre.exe, onefile, windows-latest, windows-x64) (push) Blocked by required conditions
Release / publish-release (push) Blocked by required conditions
Release / publish-main-release (push) Blocked by required conditions
Release / prepare (push) Waiting to run
Release / verify (push) Blocked by required conditions
Release / build-python-dist (push) Blocked by required conditions
Release / build-binaries (tar.gz, opensre, onedir, macos-15-intel, darwin-x64) (push) Blocked by required conditions
Release / build-binaries (tar.gz, opensre, onedir, macos-latest, darwin-arm64) (push) Blocked by required conditions
Release / build-binaries (tar.gz, opensre, onedir, ubuntu-22.04, linux-x64) (push) Blocked by required conditions
Release / build-binaries (tar.gz, opensre, onedir, ubuntu-22.04-arm, linux-arm64) (push) Blocked by required conditions
Synthetic Deterministic Tests / Synthetic offline (deterministic) (push) Waiting to run
Interactive Shell Live (PR + post-merge) / turn-checks (no-LLM) (push) Waiting to run
Interactive Shell Live (PR + post-merge) / turn-live shard ${{ matrix.shard_index }} (push) Waiting to run
CI (OpenClaw E2E) / openclaw test (push) Has been cancelled
630 lines
18 KiB
Bash
630 lines
18 KiB
Bash
# OpenSRE example environment
|
|
#
|
|
# Fast path:
|
|
# 1. Set `LLM_PROVIDER` and the matching API key below.
|
|
# 2. Run `opensre onboard` for guided local setup.
|
|
# 3. Configure one integration with `opensre integrations setup <service>`.
|
|
# 4. Verify with `opensre health` and `opensre integrations verify <service>`.
|
|
#
|
|
# `~/.config/opensre/integrations.json` is the preferred local integration store.
|
|
# The env vars below are still supported as fallback/direct configuration.
|
|
|
|
# --- Most important ---------------------------------------------------------
|
|
|
|
# Provider used for LLM calls. Common values: anthropic, openai, openrouter,
|
|
# deepseek, gemini, nvidia, minimax, bedrock, ollama, codex, claude-code,
|
|
# opencode, kimi, copilot, antigravity-cli.
|
|
LLM_PROVIDER=anthropic
|
|
|
|
# Codex CLI works for `opensre investigate` after `codex login`.
|
|
# Leave CODEX_MODEL empty to use the CLI's currently configured model.
|
|
CODEX_MODEL=
|
|
CODEX_BIN=
|
|
|
|
# Claude Code CLI works for `opensre investigate` after `claude login` or setting ANTHROPIC_API_KEY.
|
|
# Install: npm i -g @anthropic-ai/claude-code
|
|
# Leave CLAUDE_CODE_MODEL empty to use the CLI's currently configured model.
|
|
CLAUDE_CODE_MODEL=
|
|
CLAUDE_CODE_BIN=
|
|
|
|
# Gemini CLI works for `opensre investigate` after `gemini` auth setup.
|
|
# Install: npm i -g @google/gemini-cli
|
|
# Leave GEMINI_CLI_MODEL empty to use the CLI's configured default model.
|
|
GEMINI_CLI_MODEL=
|
|
GEMINI_CLI_BIN=
|
|
|
|
# Antigravity CLI (agy) works for `opensre investigate` after running `agy`
|
|
# (browser OAuth on first run; token cached by OS keyring).
|
|
# Install: curl -fsSL https://antigravity.google/cli/install.sh | bash
|
|
# Leave ANTIGRAVITY_CLI_MODEL empty to use agy's currently configured model.
|
|
# Note: ANTIGRAVITY_CLI_MODEL is forward-compat; agy v1.0.2 does not yet expose
|
|
# --model in headless mode. Switch models interactively via `/models` inside agy.
|
|
ANTIGRAVITY_CLI_MODEL=
|
|
ANTIGRAVITY_CLI_BIN=
|
|
# ANTIGRAVITY_CLI_TIMEOUT_SECONDS=
|
|
|
|
# OpenCode CLI works for `opensre investigate` after `opencode auth login`.
|
|
# Leave OPENCODE_MODEL empty to use the CLI's currently configured model
|
|
OPENCODE_MODEL=
|
|
OPENCODE_BIN=
|
|
|
|
# Cursor Agent CLI
|
|
# Leave CURSOR_MODEL empty to use the CLI's currently configured model.
|
|
CURSOR_MODEL=
|
|
CURSOR_BIN=
|
|
|
|
# Kimi Code CLI works for `opensre investigate` after `kimi login`.
|
|
# Leave KIMI_MODEL empty to use the CLI's currently configured model.
|
|
KIMI_MODEL=
|
|
KIMI_BIN=
|
|
KIMI_API_KEY=
|
|
# KIMI_SHARE_DIR=~/.kimi
|
|
|
|
# GitHub Copilot CLI works for `opensre investigate` after running `copilot`
|
|
# and authenticating with the interactive `/login` slash command.
|
|
# Install: npm i -g @github/copilot
|
|
# Leave COPILOT_MODEL empty to use the CLI's currently configured model.
|
|
COPILOT_MODEL=
|
|
COPILOT_BIN=
|
|
# Optional auth fallbacks (only used when no stored Copilot CLI login exists):
|
|
# COPILOT_GITHUB_TOKEN=
|
|
# GH_TOKEN=
|
|
# GITHUB_TOKEN=
|
|
# Optional config dir override (default: ~/.copilot):
|
|
# COPILOT_HOME=
|
|
|
|
# xAI Grok Build CLI works for `opensre investigate` after `grok login`,
|
|
# or set XAI_API_KEY for headless/CI use.
|
|
# Install: curl -fsSL https://x.ai/cli/install.sh | bash
|
|
# Leave GROK_CLI_MODEL empty to use the CLI's currently configured model.
|
|
GROK_CLI_MODEL=
|
|
GROK_CLI_BIN=
|
|
XAI_API_KEY=
|
|
# Optional xAI API base URL override.
|
|
# XAI_BASE_URL=
|
|
# Optional exec timeout in seconds (clamped 30-600; default 300).
|
|
# GROK_CLI_TIMEOUT_SECONDS=
|
|
|
|
# --- Pi coding tool (lets OpenSRE submit coding tasks to the Pi agent) ---
|
|
# Separate from using Pi as an LLM provider. This tool edits the working tree
|
|
# and returns a diff; it never commits or pushes. Mutating + approval-required,
|
|
# so it is OFF unless PI_CODING_ENABLED is truthy. Install: npm i -g @earendil-works/pi-coding-agent
|
|
# PI_CODING_ENABLED=1
|
|
# PI_CODING_MODEL=anthropic/claude-haiku-4-5
|
|
# PI_CODING_WORKSPACE=
|
|
# Optional per-task timeout in seconds (clamped 60-1800; default 600).
|
|
# PI_CODING_TIMEOUT_SECONDS=
|
|
|
|
# --- Fix a Sentry issue (paste a Sentry issue URL, Pi proposes the fix) ---
|
|
# Resolves the issue from Sentry (needs SENTRY_ORG_SLUG + SENTRY_AUTH_TOKEN below)
|
|
# and runs the Pi coding agent in the current repo. Returns a diff for review.
|
|
# OFF unless PI_ISSUE_FIX_ENABLED is truthy. Reuses the PI_CODING_MODEL /
|
|
# PI_CODING_WORKSPACE / PI_CODING_TIMEOUT_SECONDS settings.
|
|
# PI_ISSUE_FIX_ENABLED=1
|
|
|
|
# Maximum tokens for LLM responses (default: 4096).
|
|
LLM_MAX_TOKENS=4096
|
|
|
|
# LLM transport: unset or "sdk" for native vendor SDKs; "litellm" routes all API providers
|
|
# through LiteLLM (anthropic, openai, bedrock, and OpenAI-compatible endpoints).
|
|
# CLI-backed providers (codex, claude-code, etc.) are unaffected.
|
|
# OPENSRE_LLM_TRANSPORT=litellm
|
|
|
|
# Set the key for the provider you choose above.
|
|
ANTHROPIC_API_KEY=
|
|
ANTHROPIC_REASONING_MODEL=
|
|
ANTHROPIC_CLASSIFICATION_MODEL=
|
|
ANTHROPIC_TOOLCALL_MODEL=
|
|
|
|
OPENAI_API_KEY=
|
|
OPENAI_REASONING_MODEL=
|
|
OPENAI_CLASSIFICATION_MODEL=
|
|
OPENAI_TOOLCALL_MODEL=
|
|
|
|
# OpenRouter supports many hosted models behind one API key.
|
|
OPENROUTER_API_KEY=
|
|
OPENROUTER_MODEL=
|
|
OPENROUTER_REASONING_MODEL=
|
|
OPENROUTER_CLASSIFICATION_MODEL=
|
|
OPENROUTER_TOOLCALL_MODEL=
|
|
|
|
# DeepSeek official API (OpenAI-compatible endpoint).
|
|
DEEPSEEK_API_KEY=
|
|
DEEPSEEK_MODEL=
|
|
DEEPSEEK_REASONING_MODEL=
|
|
DEEPSEEK_CLASSIFICATION_MODEL=
|
|
DEEPSEEK_TOOLCALL_MODEL=
|
|
|
|
# Gemini uses the OpenAI-compatible endpoint in this project.
|
|
GEMINI_API_KEY=
|
|
GEMINI_MODEL=
|
|
GEMINI_REASONING_MODEL=
|
|
GEMINI_CLASSIFICATION_MODEL=
|
|
GEMINI_TOOLCALL_MODEL=
|
|
|
|
# NVIDIA NIM / hosted inference.
|
|
NVIDIA_API_KEY=
|
|
NVIDIA_MODEL=
|
|
NVIDIA_REASONING_MODEL=
|
|
NVIDIA_CLASSIFICATION_MODEL=
|
|
NVIDIA_TOOLCALL_MODEL=
|
|
|
|
# Amazon Bedrock — set `LLM_PROVIDER=bedrock` above. Uses the same AWS credential
|
|
# chain as the AWS integration block below (region, keys, or IAM role). No LLM API key.
|
|
BEDROCK_REASONING_MODEL=
|
|
BEDROCK_CLASSIFICATION_MODEL=
|
|
BEDROCK_TOOLCALL_MODEL=
|
|
|
|
# Ollama (local)
|
|
OLLAMA_MODEL=
|
|
OLLAMA_HOST=http://localhost:11434
|
|
|
|
# MiniMax
|
|
MINIMAX_API_KEY=
|
|
MINIMAX_MODEL=
|
|
MINIMAX_REASONING_MODEL=
|
|
MINIMAX_CLASSIFICATION_MODEL=
|
|
MINIMAX_TOOLCALL_MODEL=
|
|
|
|
# Groq
|
|
GROQ_API_KEY=
|
|
GROQ_MODEL=
|
|
GROQ_REASONING_MODEL=
|
|
GROQ_CLASSIFICATION_MODEL=
|
|
GROQ_TOOLCALL_MODEL=
|
|
|
|
# Azure OpenAI (routes via LiteLLM; model values are deployment names in your resource)
|
|
AZURE_OPENAI_BASE_URL=
|
|
AZURE_OPENAI_API_KEY=
|
|
AZURE_OPENAI_API_VERSION=2024-10-21
|
|
AZURE_OPENAI_REASONING_MODEL=
|
|
AZURE_OPENAI_CLASSIFICATION_MODEL=
|
|
AZURE_OPENAI_TOOLCALL_MODEL=
|
|
|
|
# --- First integrations to set up ------------------------------------------
|
|
|
|
# For a first real RCA run, one of Grafana / Datadog / Honeycomb / Coralogix
|
|
# is usually enough. Prefer `opensre integrations setup <service>` when local.
|
|
|
|
# Grafana
|
|
# For `make grafana-local-up`, use `http://localhost:3000` and any placeholder
|
|
# token such as `local`.
|
|
GRAFANA_READ_TOKEN=
|
|
GRAFANA_INSTANCE_URL=
|
|
GRAFANA_LOKI_DATASOURCE_UID=
|
|
GRAFANA_TEMPO_DATASOURCE_UID=
|
|
|
|
# Optional multi-instance override. When set, this takes precedence over the
|
|
# single-instance Grafana vars above.
|
|
# GRAFANA_INSTANCES='[
|
|
# {"name":"prod","tags":{"env":"prod"},"endpoint":"https://prod.grafana.net","api_key":"..."}
|
|
# ]'
|
|
GRAFANA_INSTANCES=
|
|
|
|
# Argo CD (read-only REST API integration)
|
|
# Use exactly one auth method: ARGOCD_AUTH_TOKEN/ARGOCD_TOKEN or username/password.
|
|
ARGOCD_BASE_URL=
|
|
ARGOCD_AUTH_TOKEN=
|
|
ARGOCD_TOKEN=
|
|
ARGOCD_USERNAME=
|
|
ARGOCD_PASSWORD=
|
|
ARGOCD_PROJECT=
|
|
ARGOCD_APP_NAMESPACE=
|
|
ARGOCD_VERIFY_SSL=true
|
|
|
|
# Multi-instance Argo CD (optional). When set, takes precedence over the
|
|
# single-instance ARGOCD_* vars above. See docs/multi-instance-integrations.mdx.
|
|
# ARGOCD_INSTANCES='[{"name":"prod","base_url":"https://argocd.example.com","bearer_token":"***","project":"default"}]'
|
|
ARGOCD_INSTANCES=
|
|
|
|
# Helm 3 (read-only CLI — list/status/history/get values/get manifest)
|
|
# Requires OSRE_HELM_INTEGRATION=1 (or true/yes) to activate from env.
|
|
OSRE_HELM_INTEGRATION=
|
|
HELM_PATH=helm
|
|
HELM_KUBE_CONTEXT=
|
|
HELM_KUBECONFIG=
|
|
HELM_NAMESPACE=
|
|
# Optional: cap manifest size from helm get manifest (integer, min 1024; default 600000).
|
|
# HELM_MANIFEST_MAX_CHARS=
|
|
|
|
# Datadog
|
|
DD_API_KEY=
|
|
DD_APP_KEY=
|
|
DD_SITE=datadoghq.com
|
|
|
|
# Optional multi-instance override.
|
|
# DD_INSTANCES='[{"name":"prod","api_key":"...","app_key":"...","site":"datadoghq.com"}]'
|
|
DD_INSTANCES=
|
|
|
|
# groundcover
|
|
# Read-only service-account token (Bearer). GROUNDCOVER_MCP_TOKEN is accepted as an alias.
|
|
GROUNDCOVER_API_KEY=
|
|
GROUNDCOVER_MCP_URL=https://mcp.groundcover.com/api/mcp
|
|
# Optional routing — only needed for multi-workspace / multi-backend accounts.
|
|
GROUNDCOVER_TENANT_UUID=
|
|
GROUNDCOVER_BACKEND_ID=
|
|
GROUNDCOVER_TIMEZONE=UTC
|
|
|
|
# Optional multi-instance override.
|
|
# GROUNDCOVER_INSTANCES='[{"name":"prod","api_key":"...","tenant_uuid":"...","backend_id":"..."}]'
|
|
GROUNDCOVER_INSTANCES=
|
|
|
|
# Honeycomb
|
|
# `HONEYCOMB_DATASET` can be a dataset slug or `__all__`.
|
|
HONEYCOMB_API_KEY=
|
|
HONEYCOMB_DATASET=__all__
|
|
HONEYCOMB_API_URL=https://api.honeycomb.io
|
|
|
|
# Optional multi-instance override.
|
|
# HONEYCOMB_INSTANCES='[{"name":"prod","api_key":"...","dataset":"__all__"}]'
|
|
HONEYCOMB_INSTANCES=
|
|
|
|
# Coralogix
|
|
CORALOGIX_API_KEY=
|
|
CORALOGIX_API_URL=https://api.coralogix.com
|
|
CORALOGIX_APPLICATION_NAME=
|
|
CORALOGIX_SUBSYSTEM_NAME=
|
|
|
|
# Optional multi-instance override.
|
|
# CORALOGIX_INSTANCES='[{"name":"prod","api_key":"...","base_url":"https://api.coralogix.com"}]'
|
|
CORALOGIX_INSTANCES=
|
|
|
|
# SigNoz (Query API — logs, metrics, traces)
|
|
# Local Docker stack: http://localhost:8080 (see docs/signoz.mdx)
|
|
# API key: Settings → Service Accounts → Keys
|
|
SIGNOZ_URL=
|
|
SIGNOZ_API_KEY=
|
|
|
|
# Grafana Tempo (standalone — direct HTTP API, no Grafana datasource proxy)
|
|
# Default local Tempo HTTP port is 3200. Auth is optional: provide either
|
|
# TEMPO_API_KEY (bearer token) OR TEMPO_USERNAME/TEMPO_PASSWORD (basic auth),
|
|
# not both. TEMPO_ORG_ID is only needed for multi-tenant deployments.
|
|
TEMPO_URL=
|
|
TEMPO_API_KEY=
|
|
TEMPO_USERNAME=
|
|
TEMPO_PASSWORD=
|
|
TEMPO_ORG_ID=
|
|
|
|
# Temporal (self-hosted only — talks to the Temporal HTTP API, not gRPC or Cloud)
|
|
# Point TEMPORAL_API_URL at the frontend HTTP port (default 7243), not the gRPC
|
|
# port (7233) or Web UI (8233). TEMPORAL_NAMESPACE defaults to "default".
|
|
# TEMPORAL_API_KEY is optional — leave empty for unauthenticated self-hosted clusters.
|
|
TEMPORAL_API_URL=
|
|
TEMPORAL_NAMESPACE=default
|
|
TEMPORAL_API_KEY=
|
|
|
|
# AWS
|
|
AWS_REGION=us-east-1
|
|
AWS_ROLE_ARN=
|
|
AWS_EXTERNAL_ID=
|
|
AWS_ACCESS_KEY_ID=
|
|
AWS_SECRET_ACCESS_KEY=
|
|
AWS_SESSION_TOKEN=
|
|
|
|
# Optional multi-instance override.
|
|
# AWS_INSTANCES='[
|
|
# {"name":"prod","tags":{"account":"prod"},"role_arn":"arn:aws:iam::111:role/opensre"}
|
|
# ]'
|
|
AWS_INSTANCES=
|
|
|
|
# GitHub MCP
|
|
GITHUB_MCP_URL=
|
|
GITHUB_MCP_MODE=streamable-http
|
|
GITHUB_MCP_COMMAND=
|
|
GITHUB_MCP_ARGS=
|
|
GITHUB_MCP_AUTH_TOKEN=
|
|
GITHUB_MCP_TOOLSETS=repos,issues,pull_requests,actions,search
|
|
# Optional: 5-500, default 50.
|
|
# OPENSRE_GITHUB_MCP_REPO_PROBE_LIMIT=
|
|
|
|
# Sentry
|
|
# Runtime error monitoring for OpenSRE itself uses the project Sentry DSN constant.
|
|
# Optional: override for operator-side DSN rotation without rebuilding.
|
|
# OPENSRE_SENTRY_DSN=
|
|
SENTRY_ERROR_SAMPLE_RATE=1.0
|
|
SENTRY_TRACES_SAMPLE_RATE=1.0
|
|
OPENSRE_SENTRY_DISABLED=0
|
|
OPENSRE_SENTRY_LOGGING_DISABLED=0
|
|
# Tag value attached to Sentry events to identify how this process is deployed.
|
|
# Common values: railway, ec2, vercel, local. Defaults to "local" when unset.
|
|
# OPENSRE_DEPLOYMENT_METHOD=local
|
|
|
|
# Interactive-shell prompt logging (for local eval mining + PostHog LLM analytics).
|
|
# Set OPENSRE_PROMPT_LOG_DISABLED=1 to disable prompt/response logging entirely.
|
|
OPENSRE_PROMPT_LOG_DISABLED=0
|
|
# Disable only local JSONL prompt log file.
|
|
OPENSRE_PROMPT_LOG_LOCAL_DISABLED=0
|
|
# Redact prompt/response content (known token shapes) before local or PostHog
|
|
# sinks. On by default — set to 0 to log/send raw, unredacted content.
|
|
OPENSRE_PROMPT_LOG_REDACT=1
|
|
# Optional override for local prompt log path (default ~/.config/opensre/prompt_log.jsonl).
|
|
# OPENSRE_PROMPT_LOG_PATH=
|
|
|
|
# Sentry investigation integration
|
|
SENTRY_URL=https://sentry.io
|
|
SENTRY_ORG_SLUG=
|
|
SENTRY_PROJECT_SLUG=
|
|
SENTRY_AUTH_TOKEN=
|
|
|
|
# Slack delivery and Slack-thread investigation context
|
|
SLACK_WEBHOOK_URL=
|
|
SLACK_BOT_TOKEN=
|
|
# SLACK_ACCESS_TOKEN=
|
|
|
|
# --- Additional RCA integrations -------------------------------------------
|
|
|
|
# Alertmanager
|
|
ALERTMANAGER_URL=
|
|
ALERTMANAGER_BEARER_TOKEN=
|
|
ALERTMANAGER_USERNAME=
|
|
ALERTMANAGER_PASSWORD=
|
|
|
|
# MongoDB
|
|
MONGODB_CONNECTION_STRING=
|
|
MONGODB_DATABASE=
|
|
MONGODB_AUTH_SOURCE=admin
|
|
MONGODB_TLS=true
|
|
|
|
# Redis
|
|
REDIS_HOST=
|
|
REDIS_PORT=6379
|
|
REDIS_USERNAME=
|
|
REDIS_PASSWORD=
|
|
REDIS_DATABASE=0
|
|
REDIS_SSL=false
|
|
|
|
# MongoDB Atlas
|
|
MONGODB_ATLAS_PUBLIC_KEY=
|
|
MONGODB_ATLAS_PRIVATE_KEY=
|
|
MONGODB_ATLAS_PROJECT_ID=
|
|
MONGODB_ATLAS_BASE_URL=https://cloud.mongodb.com/api/atlas/v2
|
|
|
|
# PostgreSQL
|
|
POSTGRESQL_HOST=
|
|
POSTGRESQL_PORT=5432
|
|
POSTGRESQL_DATABASE=
|
|
POSTGRESQL_USERNAME=postgres
|
|
POSTGRESQL_PASSWORD=
|
|
POSTGRESQL_SSL_MODE=prefer
|
|
|
|
# MySQL
|
|
MYSQL_HOST=
|
|
MYSQL_PORT=3306
|
|
MYSQL_DATABASE=
|
|
MYSQL_USERNAME=root
|
|
MYSQL_PASSWORD=
|
|
MYSQL_SSL_MODE=preferred
|
|
|
|
# MariaDB
|
|
MARIADB_HOST=
|
|
MARIADB_PORT=3306
|
|
MARIADB_DATABASE=
|
|
MARIADB_USERNAME=
|
|
MARIADB_PASSWORD=
|
|
MARIADB_SSL=true
|
|
|
|
# Dagster workflow orchestration
|
|
DAGSTER_ENDPOINT=
|
|
DAGSTER_API_TOKEN=
|
|
|
|
# RabbitMQ management API
|
|
RABBITMQ_HOST=
|
|
RABBITMQ_MANAGEMENT_PORT=15672
|
|
RABBITMQ_USERNAME=
|
|
RABBITMQ_PASSWORD=
|
|
RABBITMQ_VHOST=/
|
|
RABBITMQ_SSL=false
|
|
RABBITMQ_VERIFY_SSL=true
|
|
|
|
# Better Stack Telemetry
|
|
BETTERSTACK_QUERY_ENDPOINT=
|
|
BETTERSTACK_USERNAME=
|
|
BETTERSTACK_PASSWORD=
|
|
BETTERSTACK_SOURCES=
|
|
|
|
# Kafka
|
|
KAFKA_BOOTSTRAP_SERVERS=
|
|
KAFKA_SECURITY_PROTOCOL=PLAINTEXT
|
|
KAFKA_SASL_MECHANISM=
|
|
KAFKA_SASL_USERNAME=
|
|
KAFKA_SASL_PASSWORD=
|
|
|
|
# ClickHouse
|
|
CLICKHOUSE_HOST=
|
|
CLICKHOUSE_PORT=8123
|
|
CLICKHOUSE_DATABASE=default
|
|
CLICKHOUSE_USER=default
|
|
CLICKHOUSE_PASSWORD=
|
|
CLICKHOUSE_SECURE=false
|
|
|
|
# Bitbucket
|
|
BITBUCKET_WORKSPACE=
|
|
BITBUCKET_USERNAME=
|
|
BITBUCKET_APP_PASSWORD=
|
|
|
|
# GitLab
|
|
GITLAB_BASE_URL=https://gitlab.com/api/v4
|
|
GITLAB_MR_WRITEBACK=false
|
|
GITLAB_MR_IID=
|
|
GITLAB_ACCESS_TOKEN=
|
|
GITLAB_PROJECT_ID=
|
|
GITLAB_REPO_URL=
|
|
|
|
# Jira
|
|
JIRA_BASE_URL=
|
|
JIRA_EMAIL=
|
|
JIRA_API_TOKEN=
|
|
JIRA_PROJECT_KEY=
|
|
|
|
# OpsGenie
|
|
OPSGENIE_API_KEY=
|
|
OPSGENIE_REGION=us
|
|
|
|
# incident.io
|
|
INCIDENT_IO_API_KEY=
|
|
INCIDENT_IO_BASE_URL=
|
|
|
|
# Splunk
|
|
SPLUNK_URL=
|
|
SPLUNK_TOKEN=
|
|
SPLUNK_INDEX=main
|
|
SPLUNK_VERIFY_SSL=true
|
|
|
|
# Hermes
|
|
HERMES_API_URL=
|
|
HERMES_API_KEY=
|
|
|
|
# OpenObserve
|
|
OPENOBSERVE_URL=
|
|
OPENOBSERVE_TOKEN=
|
|
OPENOBSERVE_USERNAME=
|
|
OPENOBSERVE_PASSWORD=
|
|
OPENOBSERVE_ORG=default
|
|
OPENOBSERVE_STREAM=
|
|
OPENOBSERVE_MAX_RESULTS=100
|
|
|
|
# Azure Monitor (Log Analytics)
|
|
AZURE_LOG_ANALYTICS_WORKSPACE_ID=
|
|
AZURE_LOG_ANALYTICS_TOKEN=
|
|
AZURE_TENANT_ID=
|
|
AZURE_SUBSCRIPTION_ID=
|
|
AZURE_MAX_RESULTS=100
|
|
|
|
# VictoriaLogs
|
|
VICTORIA_LOGS_URL=
|
|
VICTORIA_LOGS_TENANT_ID=
|
|
|
|
# Vercel
|
|
VERCEL_API_TOKEN=
|
|
VERCEL_TEAM_ID=
|
|
|
|
# PostHog (REST bounce-rate alerting)
|
|
POSTHOG_PROJECT_ID=
|
|
POSTHOG_PERSONAL_API_KEY=
|
|
POSTHOG_BASE_URL=https://us.i.posthog.com
|
|
POSTHOG_TIMEOUT_SECONDS=15.0
|
|
POSTHOG_BOUNCE_THRESHOLD=0.6
|
|
POSTHOG_BOUNCE_WINDOW=24h
|
|
|
|
# PostHog MCP (analytics, feature flags, error tracking, HogQL via the hosted MCP server)
|
|
POSTHOG_MCP_MODE=streamable-http
|
|
POSTHOG_MCP_URL=https://mcp.posthog.com/mcp
|
|
POSTHOG_MCP_AUTH_TOKEN=
|
|
POSTHOG_MCP_ORGANIZATION_ID=
|
|
POSTHOG_MCP_PROJECT_ID=
|
|
POSTHOG_MCP_FEATURES=
|
|
POSTHOG_MCP_READ_ONLY=true
|
|
POSTHOG_MCP_COMMAND=
|
|
POSTHOG_MCP_ARGS=
|
|
|
|
# Sentry MCP (issues, events, traces, releases, Seer root-cause via the hosted MCP server)
|
|
SENTRY_MCP_MODE=streamable-http
|
|
SENTRY_MCP_URL=https://mcp.sentry.dev/mcp
|
|
SENTRY_MCP_AUTH_TOKEN=
|
|
SENTRY_MCP_HOST=
|
|
SENTRY_MCP_ORGANIZATION_SLUG=
|
|
SENTRY_MCP_PROJECT_SLUG=
|
|
SENTRY_MCP_SKILLS=
|
|
SENTRY_MCP_COMMAND=
|
|
SENTRY_MCP_ARGS=
|
|
|
|
# X (Twitter) MCP (post, search, timelines, likes via https://github.com/xdevplatform/xmcp)
|
|
# XMCP runs locally by default; point X_MCP_URL at your own instance
|
|
# (optionally tunneled) or launch it directly with X_MCP_COMMAND/X_MCP_ARGS.
|
|
X_MCP_MODE=streamable-http
|
|
X_MCP_URL=http://127.0.0.1:8000/mcp
|
|
X_MCP_AUTH_TOKEN=
|
|
X_MCP_COMMAND=
|
|
X_MCP_ARGS=
|
|
# X API bearer token forwarded to the local xmcp server (its own X API auth,
|
|
# not the MCP transport auth above).
|
|
X_BEARER_TOKEN=
|
|
|
|
# Google Docs export
|
|
GOOGLE_CREDENTIALS_FILE=
|
|
GOOGLE_DRIVE_FOLDER_ID=
|
|
|
|
# OpenClaw MCP
|
|
OPENCLAW_MCP_MODE=stdio
|
|
OPENCLAW_MCP_URL=
|
|
OPENCLAW_MCP_COMMAND=openclaw
|
|
OPENCLAW_MCP_ARGS=mcp serve
|
|
OPENCLAW_MCP_AUTH_TOKEN=
|
|
|
|
# Splunk
|
|
SPLUNK_URL=
|
|
SPLUNK_TOKEN=
|
|
SPLUNK_INDEX=main
|
|
SPLUNK_VERIFY_SSL=true
|
|
|
|
# Hermes
|
|
HERMES_API_URL=
|
|
HERMES_API_KEY=
|
|
|
|
# OpenObserve
|
|
OPENOBSERVE_URL=
|
|
OPENOBSERVE_TOKEN=
|
|
OPENOBSERVE_USERNAME=
|
|
OPENOBSERVE_PASSWORD=
|
|
OPENOBSERVE_ORG=default
|
|
OPENOBSERVE_STREAM=
|
|
OPENOBSERVE_MAX_RESULTS=100
|
|
|
|
# Azure Monitor (Log Analytics)
|
|
AZURE_LOG_ANALYTICS_WORKSPACE_ID=
|
|
AZURE_LOG_ANALYTICS_TOKEN=
|
|
AZURE_TENANT_ID=
|
|
AZURE_SUBSCRIPTION_ID=
|
|
AZURE_MAX_RESULTS=100
|
|
|
|
# VictoriaLogs
|
|
VICTORIA_LOGS_URL=
|
|
VICTORIA_LOGS_TENANT_ID=
|
|
|
|
# Discord
|
|
DISCORD_BOT_TOKEN=
|
|
DISCORD_APPLICATION_ID=
|
|
DISCORD_PUBLIC_KEY=
|
|
DISCORD_DEFAULT_CHANNEL_ID=
|
|
|
|
# Telegram
|
|
TELEGRAM_BOT_TOKEN=
|
|
TELEGRAM_DEFAULT_CHAT_ID=
|
|
|
|
# WhatsApp (Twilio)
|
|
TWILIO_ACCOUNT_SID=
|
|
TWILIO_AUTH_TOKEN=
|
|
TWILIO_WHATSAPP_FROM=
|
|
WHATSAPP_DEFAULT_TO=
|
|
|
|
# Twilio SMS — shares TWILIO_ACCOUNT_SID / TWILIO_AUTH_TOKEN from the block
|
|
# above (do NOT re-declare them; dotenv keeps only the first occurrence).
|
|
# Set either TWILIO_SMS_FROM (E.164 number) or TWILIO_SMS_MESSAGING_SERVICE_SID.
|
|
TWILIO_SMS_FROM=
|
|
# TWILIO_SMS_MESSAGING_SERVICE_SID=
|
|
TWILIO_SMS_DEFAULT_TO=
|
|
|
|
# --- Web app / hosted runtime only -----------------------------------------
|
|
|
|
# Required only when using the Tracer web app / hosted integration path.
|
|
JWT_TOKEN=
|
|
TRACER_API_URL=
|
|
|
|
# Remote server API key for `opensre remote ...` and hosted agent access.
|
|
OPENSRE_API_KEY=
|
|
|
|
# --- Deployment / runtime ---------------------------------------------------
|
|
|
|
# Required for hosted OpenSRE runtimes that need persistent storage.
|
|
DATABASE_URI=
|
|
REDIS_URI=
|
|
|
|
ENV=development
|
|
|
|
# Reversible masking before external LLM calls. Off by default.
|
|
OPENSRE_MASK_ENABLED=false
|
|
# Comma-separated kinds to mask. Empty = project defaults.
|
|
OPENSRE_MASK_KINDS=
|
|
# Example: '{"jira_key": "\\b[A-Z]+-\\d+\\b"}'
|
|
OPENSRE_MASK_EXTRA_REGEX=
|