Files
wehub-resource-sync 4b6817381b
Benchmark image — build + push to ECR (any adapter) / build + push (push) Waiting to run
CI / quality (ubuntu-latest) (push) Waiting to run
CI / test (tools-runtime) (push) Waiting to run
CI / test (e2e-general) (push) Waiting to run
CI / test (cli-runtime) (push) Waiting to run
CI / test (e2e-provider-and-openclaw) (push) Waiting to run
CI / test (integrations-and-misc) (push) Waiting to run
CI / coverage-report (push) Blocked by required conditions
CI / test-kubernetes (push) Waiting to run
CI / should-run-thorough (push) Waiting to run
CI / test-thorough (cloudwatch-demo) (push) Blocked by required conditions
CI / test-thorough (flink-ecs) (push) Blocked by required conditions
CI / test-thorough (upstream-lambda) (push) Blocked by required conditions
CI / test-thorough (prefect-ecs-fargate) (push) Blocked by required conditions
CodeQL / Analyze (python) (push) Waiting to run
Release / build-binaries (zip, opensre.exe, onefile, windows-latest, windows-x64) (push) Blocked by required conditions
Release / publish-release (push) Blocked by required conditions
Release / publish-main-release (push) Blocked by required conditions
Release / prepare (push) Waiting to run
Release / verify (push) Blocked by required conditions
Release / build-python-dist (push) Blocked by required conditions
Release / build-binaries (tar.gz, opensre, onedir, macos-15-intel, darwin-x64) (push) Blocked by required conditions
Release / build-binaries (tar.gz, opensre, onedir, macos-latest, darwin-arm64) (push) Blocked by required conditions
Release / build-binaries (tar.gz, opensre, onedir, ubuntu-22.04, linux-x64) (push) Blocked by required conditions
Release / build-binaries (tar.gz, opensre, onedir, ubuntu-22.04-arm, linux-arm64) (push) Blocked by required conditions
Synthetic Deterministic Tests / Synthetic offline (deterministic) (push) Waiting to run
Interactive Shell Live (PR + post-merge) / turn-checks (no-LLM) (push) Waiting to run
Interactive Shell Live (PR + post-merge) / turn-live shard ${{ matrix.shard_index }} (push) Waiting to run
CI (OpenClaw E2E) / openclaw test (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 13:10:45 +08:00

630 lines
18 KiB
Bash

# OpenSRE example environment
#
# Fast path:
# 1. Set `LLM_PROVIDER` and the matching API key below.
# 2. Run `opensre onboard` for guided local setup.
# 3. Configure one integration with `opensre integrations setup <service>`.
# 4. Verify with `opensre health` and `opensre integrations verify <service>`.
#
# `~/.config/opensre/integrations.json` is the preferred local integration store.
# The env vars below are still supported as fallback/direct configuration.
# --- Most important ---------------------------------------------------------
# Provider used for LLM calls. Common values: anthropic, openai, openrouter,
# deepseek, gemini, nvidia, minimax, bedrock, ollama, codex, claude-code,
# opencode, kimi, copilot, antigravity-cli.
LLM_PROVIDER=anthropic
# Codex CLI works for `opensre investigate` after `codex login`.
# Leave CODEX_MODEL empty to use the CLI's currently configured model.
CODEX_MODEL=
CODEX_BIN=
# Claude Code CLI works for `opensre investigate` after `claude login` or setting ANTHROPIC_API_KEY.
# Install: npm i -g @anthropic-ai/claude-code
# Leave CLAUDE_CODE_MODEL empty to use the CLI's currently configured model.
CLAUDE_CODE_MODEL=
CLAUDE_CODE_BIN=
# Gemini CLI works for `opensre investigate` after `gemini` auth setup.
# Install: npm i -g @google/gemini-cli
# Leave GEMINI_CLI_MODEL empty to use the CLI's configured default model.
GEMINI_CLI_MODEL=
GEMINI_CLI_BIN=
# Antigravity CLI (agy) works for `opensre investigate` after running `agy`
# (browser OAuth on first run; token cached by OS keyring).
# Install: curl -fsSL https://antigravity.google/cli/install.sh | bash
# Leave ANTIGRAVITY_CLI_MODEL empty to use agy's currently configured model.
# Note: ANTIGRAVITY_CLI_MODEL is forward-compat; agy v1.0.2 does not yet expose
# --model in headless mode. Switch models interactively via `/models` inside agy.
ANTIGRAVITY_CLI_MODEL=
ANTIGRAVITY_CLI_BIN=
# ANTIGRAVITY_CLI_TIMEOUT_SECONDS=
# OpenCode CLI works for `opensre investigate` after `opencode auth login`.
# Leave OPENCODE_MODEL empty to use the CLI's currently configured model
OPENCODE_MODEL=
OPENCODE_BIN=
# Cursor Agent CLI
# Leave CURSOR_MODEL empty to use the CLI's currently configured model.
CURSOR_MODEL=
CURSOR_BIN=
# Kimi Code CLI works for `opensre investigate` after `kimi login`.
# Leave KIMI_MODEL empty to use the CLI's currently configured model.
KIMI_MODEL=
KIMI_BIN=
KIMI_API_KEY=
# KIMI_SHARE_DIR=~/.kimi
# GitHub Copilot CLI works for `opensre investigate` after running `copilot`
# and authenticating with the interactive `/login` slash command.
# Install: npm i -g @github/copilot
# Leave COPILOT_MODEL empty to use the CLI's currently configured model.
COPILOT_MODEL=
COPILOT_BIN=
# Optional auth fallbacks (only used when no stored Copilot CLI login exists):
# COPILOT_GITHUB_TOKEN=
# GH_TOKEN=
# GITHUB_TOKEN=
# Optional config dir override (default: ~/.copilot):
# COPILOT_HOME=
# xAI Grok Build CLI works for `opensre investigate` after `grok login`,
# or set XAI_API_KEY for headless/CI use.
# Install: curl -fsSL https://x.ai/cli/install.sh | bash
# Leave GROK_CLI_MODEL empty to use the CLI's currently configured model.
GROK_CLI_MODEL=
GROK_CLI_BIN=
XAI_API_KEY=
# Optional xAI API base URL override.
# XAI_BASE_URL=
# Optional exec timeout in seconds (clamped 30-600; default 300).
# GROK_CLI_TIMEOUT_SECONDS=
# --- Pi coding tool (lets OpenSRE submit coding tasks to the Pi agent) ---
# Separate from using Pi as an LLM provider. This tool edits the working tree
# and returns a diff; it never commits or pushes. Mutating + approval-required,
# so it is OFF unless PI_CODING_ENABLED is truthy. Install: npm i -g @earendil-works/pi-coding-agent
# PI_CODING_ENABLED=1
# PI_CODING_MODEL=anthropic/claude-haiku-4-5
# PI_CODING_WORKSPACE=
# Optional per-task timeout in seconds (clamped 60-1800; default 600).
# PI_CODING_TIMEOUT_SECONDS=
# --- Fix a Sentry issue (paste a Sentry issue URL, Pi proposes the fix) ---
# Resolves the issue from Sentry (needs SENTRY_ORG_SLUG + SENTRY_AUTH_TOKEN below)
# and runs the Pi coding agent in the current repo. Returns a diff for review.
# OFF unless PI_ISSUE_FIX_ENABLED is truthy. Reuses the PI_CODING_MODEL /
# PI_CODING_WORKSPACE / PI_CODING_TIMEOUT_SECONDS settings.
# PI_ISSUE_FIX_ENABLED=1
# Maximum tokens for LLM responses (default: 4096).
LLM_MAX_TOKENS=4096
# LLM transport: unset or "sdk" for native vendor SDKs; "litellm" routes all API providers
# through LiteLLM (anthropic, openai, bedrock, and OpenAI-compatible endpoints).
# CLI-backed providers (codex, claude-code, etc.) are unaffected.
# OPENSRE_LLM_TRANSPORT=litellm
# Set the key for the provider you choose above.
ANTHROPIC_API_KEY=
ANTHROPIC_REASONING_MODEL=
ANTHROPIC_CLASSIFICATION_MODEL=
ANTHROPIC_TOOLCALL_MODEL=
OPENAI_API_KEY=
OPENAI_REASONING_MODEL=
OPENAI_CLASSIFICATION_MODEL=
OPENAI_TOOLCALL_MODEL=
# OpenRouter supports many hosted models behind one API key.
OPENROUTER_API_KEY=
OPENROUTER_MODEL=
OPENROUTER_REASONING_MODEL=
OPENROUTER_CLASSIFICATION_MODEL=
OPENROUTER_TOOLCALL_MODEL=
# DeepSeek official API (OpenAI-compatible endpoint).
DEEPSEEK_API_KEY=
DEEPSEEK_MODEL=
DEEPSEEK_REASONING_MODEL=
DEEPSEEK_CLASSIFICATION_MODEL=
DEEPSEEK_TOOLCALL_MODEL=
# Gemini uses the OpenAI-compatible endpoint in this project.
GEMINI_API_KEY=
GEMINI_MODEL=
GEMINI_REASONING_MODEL=
GEMINI_CLASSIFICATION_MODEL=
GEMINI_TOOLCALL_MODEL=
# NVIDIA NIM / hosted inference.
NVIDIA_API_KEY=
NVIDIA_MODEL=
NVIDIA_REASONING_MODEL=
NVIDIA_CLASSIFICATION_MODEL=
NVIDIA_TOOLCALL_MODEL=
# Amazon Bedrock — set `LLM_PROVIDER=bedrock` above. Uses the same AWS credential
# chain as the AWS integration block below (region, keys, or IAM role). No LLM API key.
BEDROCK_REASONING_MODEL=
BEDROCK_CLASSIFICATION_MODEL=
BEDROCK_TOOLCALL_MODEL=
# Ollama (local)
OLLAMA_MODEL=
OLLAMA_HOST=http://localhost:11434
# MiniMax
MINIMAX_API_KEY=
MINIMAX_MODEL=
MINIMAX_REASONING_MODEL=
MINIMAX_CLASSIFICATION_MODEL=
MINIMAX_TOOLCALL_MODEL=
# Groq
GROQ_API_KEY=
GROQ_MODEL=
GROQ_REASONING_MODEL=
GROQ_CLASSIFICATION_MODEL=
GROQ_TOOLCALL_MODEL=
# Azure OpenAI (routes via LiteLLM; model values are deployment names in your resource)
AZURE_OPENAI_BASE_URL=
AZURE_OPENAI_API_KEY=
AZURE_OPENAI_API_VERSION=2024-10-21
AZURE_OPENAI_REASONING_MODEL=
AZURE_OPENAI_CLASSIFICATION_MODEL=
AZURE_OPENAI_TOOLCALL_MODEL=
# --- First integrations to set up ------------------------------------------
# For a first real RCA run, one of Grafana / Datadog / Honeycomb / Coralogix
# is usually enough. Prefer `opensre integrations setup <service>` when local.
# Grafana
# For `make grafana-local-up`, use `http://localhost:3000` and any placeholder
# token such as `local`.
GRAFANA_READ_TOKEN=
GRAFANA_INSTANCE_URL=
GRAFANA_LOKI_DATASOURCE_UID=
GRAFANA_TEMPO_DATASOURCE_UID=
# Optional multi-instance override. When set, this takes precedence over the
# single-instance Grafana vars above.
# GRAFANA_INSTANCES='[
# {"name":"prod","tags":{"env":"prod"},"endpoint":"https://prod.grafana.net","api_key":"..."}
# ]'
GRAFANA_INSTANCES=
# Argo CD (read-only REST API integration)
# Use exactly one auth method: ARGOCD_AUTH_TOKEN/ARGOCD_TOKEN or username/password.
ARGOCD_BASE_URL=
ARGOCD_AUTH_TOKEN=
ARGOCD_TOKEN=
ARGOCD_USERNAME=
ARGOCD_PASSWORD=
ARGOCD_PROJECT=
ARGOCD_APP_NAMESPACE=
ARGOCD_VERIFY_SSL=true
# Multi-instance Argo CD (optional). When set, takes precedence over the
# single-instance ARGOCD_* vars above. See docs/multi-instance-integrations.mdx.
# ARGOCD_INSTANCES='[{"name":"prod","base_url":"https://argocd.example.com","bearer_token":"***","project":"default"}]'
ARGOCD_INSTANCES=
# Helm 3 (read-only CLI — list/status/history/get values/get manifest)
# Requires OSRE_HELM_INTEGRATION=1 (or true/yes) to activate from env.
OSRE_HELM_INTEGRATION=
HELM_PATH=helm
HELM_KUBE_CONTEXT=
HELM_KUBECONFIG=
HELM_NAMESPACE=
# Optional: cap manifest size from helm get manifest (integer, min 1024; default 600000).
# HELM_MANIFEST_MAX_CHARS=
# Datadog
DD_API_KEY=
DD_APP_KEY=
DD_SITE=datadoghq.com
# Optional multi-instance override.
# DD_INSTANCES='[{"name":"prod","api_key":"...","app_key":"...","site":"datadoghq.com"}]'
DD_INSTANCES=
# groundcover
# Read-only service-account token (Bearer). GROUNDCOVER_MCP_TOKEN is accepted as an alias.
GROUNDCOVER_API_KEY=
GROUNDCOVER_MCP_URL=https://mcp.groundcover.com/api/mcp
# Optional routing — only needed for multi-workspace / multi-backend accounts.
GROUNDCOVER_TENANT_UUID=
GROUNDCOVER_BACKEND_ID=
GROUNDCOVER_TIMEZONE=UTC
# Optional multi-instance override.
# GROUNDCOVER_INSTANCES='[{"name":"prod","api_key":"...","tenant_uuid":"...","backend_id":"..."}]'
GROUNDCOVER_INSTANCES=
# Honeycomb
# `HONEYCOMB_DATASET` can be a dataset slug or `__all__`.
HONEYCOMB_API_KEY=
HONEYCOMB_DATASET=__all__
HONEYCOMB_API_URL=https://api.honeycomb.io
# Optional multi-instance override.
# HONEYCOMB_INSTANCES='[{"name":"prod","api_key":"...","dataset":"__all__"}]'
HONEYCOMB_INSTANCES=
# Coralogix
CORALOGIX_API_KEY=
CORALOGIX_API_URL=https://api.coralogix.com
CORALOGIX_APPLICATION_NAME=
CORALOGIX_SUBSYSTEM_NAME=
# Optional multi-instance override.
# CORALOGIX_INSTANCES='[{"name":"prod","api_key":"...","base_url":"https://api.coralogix.com"}]'
CORALOGIX_INSTANCES=
# SigNoz (Query API — logs, metrics, traces)
# Local Docker stack: http://localhost:8080 (see docs/signoz.mdx)
# API key: Settings → Service Accounts → Keys
SIGNOZ_URL=
SIGNOZ_API_KEY=
# Grafana Tempo (standalone — direct HTTP API, no Grafana datasource proxy)
# Default local Tempo HTTP port is 3200. Auth is optional: provide either
# TEMPO_API_KEY (bearer token) OR TEMPO_USERNAME/TEMPO_PASSWORD (basic auth),
# not both. TEMPO_ORG_ID is only needed for multi-tenant deployments.
TEMPO_URL=
TEMPO_API_KEY=
TEMPO_USERNAME=
TEMPO_PASSWORD=
TEMPO_ORG_ID=
# Temporal (self-hosted only — talks to the Temporal HTTP API, not gRPC or Cloud)
# Point TEMPORAL_API_URL at the frontend HTTP port (default 7243), not the gRPC
# port (7233) or Web UI (8233). TEMPORAL_NAMESPACE defaults to "default".
# TEMPORAL_API_KEY is optional — leave empty for unauthenticated self-hosted clusters.
TEMPORAL_API_URL=
TEMPORAL_NAMESPACE=default
TEMPORAL_API_KEY=
# AWS
AWS_REGION=us-east-1
AWS_ROLE_ARN=
AWS_EXTERNAL_ID=
AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY=
AWS_SESSION_TOKEN=
# Optional multi-instance override.
# AWS_INSTANCES='[
# {"name":"prod","tags":{"account":"prod"},"role_arn":"arn:aws:iam::111:role/opensre"}
# ]'
AWS_INSTANCES=
# GitHub MCP
GITHUB_MCP_URL=
GITHUB_MCP_MODE=streamable-http
GITHUB_MCP_COMMAND=
GITHUB_MCP_ARGS=
GITHUB_MCP_AUTH_TOKEN=
GITHUB_MCP_TOOLSETS=repos,issues,pull_requests,actions,search
# Optional: 5-500, default 50.
# OPENSRE_GITHUB_MCP_REPO_PROBE_LIMIT=
# Sentry
# Runtime error monitoring for OpenSRE itself uses the project Sentry DSN constant.
# Optional: override for operator-side DSN rotation without rebuilding.
# OPENSRE_SENTRY_DSN=
SENTRY_ERROR_SAMPLE_RATE=1.0
SENTRY_TRACES_SAMPLE_RATE=1.0
OPENSRE_SENTRY_DISABLED=0
OPENSRE_SENTRY_LOGGING_DISABLED=0
# Tag value attached to Sentry events to identify how this process is deployed.
# Common values: railway, ec2, vercel, local. Defaults to "local" when unset.
# OPENSRE_DEPLOYMENT_METHOD=local
# Interactive-shell prompt logging (for local eval mining + PostHog LLM analytics).
# Set OPENSRE_PROMPT_LOG_DISABLED=1 to disable prompt/response logging entirely.
OPENSRE_PROMPT_LOG_DISABLED=0
# Disable only local JSONL prompt log file.
OPENSRE_PROMPT_LOG_LOCAL_DISABLED=0
# Redact prompt/response content (known token shapes) before local or PostHog
# sinks. On by default — set to 0 to log/send raw, unredacted content.
OPENSRE_PROMPT_LOG_REDACT=1
# Optional override for local prompt log path (default ~/.config/opensre/prompt_log.jsonl).
# OPENSRE_PROMPT_LOG_PATH=
# Sentry investigation integration
SENTRY_URL=https://sentry.io
SENTRY_ORG_SLUG=
SENTRY_PROJECT_SLUG=
SENTRY_AUTH_TOKEN=
# Slack delivery and Slack-thread investigation context
SLACK_WEBHOOK_URL=
SLACK_BOT_TOKEN=
# SLACK_ACCESS_TOKEN=
# --- Additional RCA integrations -------------------------------------------
# Alertmanager
ALERTMANAGER_URL=
ALERTMANAGER_BEARER_TOKEN=
ALERTMANAGER_USERNAME=
ALERTMANAGER_PASSWORD=
# MongoDB
MONGODB_CONNECTION_STRING=
MONGODB_DATABASE=
MONGODB_AUTH_SOURCE=admin
MONGODB_TLS=true
# Redis
REDIS_HOST=
REDIS_PORT=6379
REDIS_USERNAME=
REDIS_PASSWORD=
REDIS_DATABASE=0
REDIS_SSL=false
# MongoDB Atlas
MONGODB_ATLAS_PUBLIC_KEY=
MONGODB_ATLAS_PRIVATE_KEY=
MONGODB_ATLAS_PROJECT_ID=
MONGODB_ATLAS_BASE_URL=https://cloud.mongodb.com/api/atlas/v2
# PostgreSQL
POSTGRESQL_HOST=
POSTGRESQL_PORT=5432
POSTGRESQL_DATABASE=
POSTGRESQL_USERNAME=postgres
POSTGRESQL_PASSWORD=
POSTGRESQL_SSL_MODE=prefer
# MySQL
MYSQL_HOST=
MYSQL_PORT=3306
MYSQL_DATABASE=
MYSQL_USERNAME=root
MYSQL_PASSWORD=
MYSQL_SSL_MODE=preferred
# MariaDB
MARIADB_HOST=
MARIADB_PORT=3306
MARIADB_DATABASE=
MARIADB_USERNAME=
MARIADB_PASSWORD=
MARIADB_SSL=true
# Dagster workflow orchestration
DAGSTER_ENDPOINT=
DAGSTER_API_TOKEN=
# RabbitMQ management API
RABBITMQ_HOST=
RABBITMQ_MANAGEMENT_PORT=15672
RABBITMQ_USERNAME=
RABBITMQ_PASSWORD=
RABBITMQ_VHOST=/
RABBITMQ_SSL=false
RABBITMQ_VERIFY_SSL=true
# Better Stack Telemetry
BETTERSTACK_QUERY_ENDPOINT=
BETTERSTACK_USERNAME=
BETTERSTACK_PASSWORD=
BETTERSTACK_SOURCES=
# Kafka
KAFKA_BOOTSTRAP_SERVERS=
KAFKA_SECURITY_PROTOCOL=PLAINTEXT
KAFKA_SASL_MECHANISM=
KAFKA_SASL_USERNAME=
KAFKA_SASL_PASSWORD=
# ClickHouse
CLICKHOUSE_HOST=
CLICKHOUSE_PORT=8123
CLICKHOUSE_DATABASE=default
CLICKHOUSE_USER=default
CLICKHOUSE_PASSWORD=
CLICKHOUSE_SECURE=false
# Bitbucket
BITBUCKET_WORKSPACE=
BITBUCKET_USERNAME=
BITBUCKET_APP_PASSWORD=
# GitLab
GITLAB_BASE_URL=https://gitlab.com/api/v4
GITLAB_MR_WRITEBACK=false
GITLAB_MR_IID=
GITLAB_ACCESS_TOKEN=
GITLAB_PROJECT_ID=
GITLAB_REPO_URL=
# Jira
JIRA_BASE_URL=
JIRA_EMAIL=
JIRA_API_TOKEN=
JIRA_PROJECT_KEY=
# OpsGenie
OPSGENIE_API_KEY=
OPSGENIE_REGION=us
# incident.io
INCIDENT_IO_API_KEY=
INCIDENT_IO_BASE_URL=
# Splunk
SPLUNK_URL=
SPLUNK_TOKEN=
SPLUNK_INDEX=main
SPLUNK_VERIFY_SSL=true
# Hermes
HERMES_API_URL=
HERMES_API_KEY=
# OpenObserve
OPENOBSERVE_URL=
OPENOBSERVE_TOKEN=
OPENOBSERVE_USERNAME=
OPENOBSERVE_PASSWORD=
OPENOBSERVE_ORG=default
OPENOBSERVE_STREAM=
OPENOBSERVE_MAX_RESULTS=100
# Azure Monitor (Log Analytics)
AZURE_LOG_ANALYTICS_WORKSPACE_ID=
AZURE_LOG_ANALYTICS_TOKEN=
AZURE_TENANT_ID=
AZURE_SUBSCRIPTION_ID=
AZURE_MAX_RESULTS=100
# VictoriaLogs
VICTORIA_LOGS_URL=
VICTORIA_LOGS_TENANT_ID=
# Vercel
VERCEL_API_TOKEN=
VERCEL_TEAM_ID=
# PostHog (REST bounce-rate alerting)
POSTHOG_PROJECT_ID=
POSTHOG_PERSONAL_API_KEY=
POSTHOG_BASE_URL=https://us.i.posthog.com
POSTHOG_TIMEOUT_SECONDS=15.0
POSTHOG_BOUNCE_THRESHOLD=0.6
POSTHOG_BOUNCE_WINDOW=24h
# PostHog MCP (analytics, feature flags, error tracking, HogQL via the hosted MCP server)
POSTHOG_MCP_MODE=streamable-http
POSTHOG_MCP_URL=https://mcp.posthog.com/mcp
POSTHOG_MCP_AUTH_TOKEN=
POSTHOG_MCP_ORGANIZATION_ID=
POSTHOG_MCP_PROJECT_ID=
POSTHOG_MCP_FEATURES=
POSTHOG_MCP_READ_ONLY=true
POSTHOG_MCP_COMMAND=
POSTHOG_MCP_ARGS=
# Sentry MCP (issues, events, traces, releases, Seer root-cause via the hosted MCP server)
SENTRY_MCP_MODE=streamable-http
SENTRY_MCP_URL=https://mcp.sentry.dev/mcp
SENTRY_MCP_AUTH_TOKEN=
SENTRY_MCP_HOST=
SENTRY_MCP_ORGANIZATION_SLUG=
SENTRY_MCP_PROJECT_SLUG=
SENTRY_MCP_SKILLS=
SENTRY_MCP_COMMAND=
SENTRY_MCP_ARGS=
# X (Twitter) MCP (post, search, timelines, likes via https://github.com/xdevplatform/xmcp)
# XMCP runs locally by default; point X_MCP_URL at your own instance
# (optionally tunneled) or launch it directly with X_MCP_COMMAND/X_MCP_ARGS.
X_MCP_MODE=streamable-http
X_MCP_URL=http://127.0.0.1:8000/mcp
X_MCP_AUTH_TOKEN=
X_MCP_COMMAND=
X_MCP_ARGS=
# X API bearer token forwarded to the local xmcp server (its own X API auth,
# not the MCP transport auth above).
X_BEARER_TOKEN=
# Google Docs export
GOOGLE_CREDENTIALS_FILE=
GOOGLE_DRIVE_FOLDER_ID=
# OpenClaw MCP
OPENCLAW_MCP_MODE=stdio
OPENCLAW_MCP_URL=
OPENCLAW_MCP_COMMAND=openclaw
OPENCLAW_MCP_ARGS=mcp serve
OPENCLAW_MCP_AUTH_TOKEN=
# Splunk
SPLUNK_URL=
SPLUNK_TOKEN=
SPLUNK_INDEX=main
SPLUNK_VERIFY_SSL=true
# Hermes
HERMES_API_URL=
HERMES_API_KEY=
# OpenObserve
OPENOBSERVE_URL=
OPENOBSERVE_TOKEN=
OPENOBSERVE_USERNAME=
OPENOBSERVE_PASSWORD=
OPENOBSERVE_ORG=default
OPENOBSERVE_STREAM=
OPENOBSERVE_MAX_RESULTS=100
# Azure Monitor (Log Analytics)
AZURE_LOG_ANALYTICS_WORKSPACE_ID=
AZURE_LOG_ANALYTICS_TOKEN=
AZURE_TENANT_ID=
AZURE_SUBSCRIPTION_ID=
AZURE_MAX_RESULTS=100
# VictoriaLogs
VICTORIA_LOGS_URL=
VICTORIA_LOGS_TENANT_ID=
# Discord
DISCORD_BOT_TOKEN=
DISCORD_APPLICATION_ID=
DISCORD_PUBLIC_KEY=
DISCORD_DEFAULT_CHANNEL_ID=
# Telegram
TELEGRAM_BOT_TOKEN=
TELEGRAM_DEFAULT_CHAT_ID=
# WhatsApp (Twilio)
TWILIO_ACCOUNT_SID=
TWILIO_AUTH_TOKEN=
TWILIO_WHATSAPP_FROM=
WHATSAPP_DEFAULT_TO=
# Twilio SMS — shares TWILIO_ACCOUNT_SID / TWILIO_AUTH_TOKEN from the block
# above (do NOT re-declare them; dotenv keeps only the first occurrence).
# Set either TWILIO_SMS_FROM (E.164 number) or TWILIO_SMS_MESSAGING_SERVICE_SID.
TWILIO_SMS_FROM=
# TWILIO_SMS_MESSAGING_SERVICE_SID=
TWILIO_SMS_DEFAULT_TO=
# --- Web app / hosted runtime only -----------------------------------------
# Required only when using the Tracer web app / hosted integration path.
JWT_TOKEN=
TRACER_API_URL=
# Remote server API key for `opensre remote ...` and hosted agent access.
OPENSRE_API_KEY=
# --- Deployment / runtime ---------------------------------------------------
# Required for hosted OpenSRE runtimes that need persistent storage.
DATABASE_URI=
REDIS_URI=
ENV=development
# Reversible masking before external LLM calls. Off by default.
OPENSRE_MASK_ENABLED=false
# Comma-separated kinds to mask. Empty = project defaults.
OPENSRE_MASK_KINDS=
# Example: '{"jira_key": "\\b[A-Z]+-\\d+\\b"}'
OPENSRE_MASK_EXTRA_REGEX=