forked from builderz-labs/mission-control
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
111 lines (95 loc) · 4.44 KB
/
.env.example
File metadata and controls
111 lines (95 loc) · 4.44 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
# === Server Port ===
# Port the Next.js server listens on (dev and production)
# PORT=3000
# === Authentication ===
# Admin user seeded on first run (only if no users exist in DB)
AUTH_USER=admin
AUTH_PASS=change-me-on-first-login
# If your password includes "#" and you do not want to quote AUTH_PASS, use base64:
# AUTH_PASS_B64=Y2hhbmdlLW1lLW9uLWZpcnN0LWxvZ2lu
# Example: echo -n 'my#password' | base64
# API key for headless/external access (x-api-key header)
API_KEY=generate-a-random-key
# Primary gateway defaults (used by /api/gateways seeding if DB is empty)
MC_DEFAULT_GATEWAY_NAME=primary
# Session cookie behavior
# - In production, cookies default to secure=true unless overridden.
# - SameSite defaults to "strict".
MC_COOKIE_SECURE=
MC_COOKIE_SAMESITE=strict
# Network access control (middleware)
# In production, access is blocked unless the host is explicitly allowed.
# Patterns supported:
# - Exact hosts: "app.example.com"
# - Subdomains: "*.example.com"
# - Prefix wildcard: "100.*" (useful for Tailscale IPs)
MC_ALLOW_ANY_HOST=
MC_ALLOWED_HOSTS=localhost,127.0.0.1
# Google OAuth client IDs for Google Sign-In approval workflow
# Create in Google Cloud Console (Web application) and set authorized origins/redirects
GOOGLE_CLIENT_ID=
NEXT_PUBLIC_GOOGLE_CLIENT_ID=
# Legacy cookie auth (backward compat, can be removed once all clients use session auth)
AUTH_SECRET=random-secret-for-legacy-cookies
# Coordinator identity (used for coordinator chat status replies and comms UI)
MC_COORDINATOR_AGENT=coordinator
NEXT_PUBLIC_COORDINATOR_AGENT=coordinator
# === 1Password Integration (optional) ===
# Vault name for 1Password CLI pulls (used by Integrations panel)
OP_VAULT_NAME=default
# === OpenClaw Integration ===
# Path to .openclaw home directory (required for memory browser, gateway config, logs)
OPENCLAW_HOME=
# Optional: explicitly point at openclaw.json
# OPENCLAW_CONFIG_PATH=
# Gateway connection (used by frontend WebSocket)
OPENCLAW_GATEWAY_HOST=127.0.0.1
OPENCLAW_GATEWAY_PORT=18789
# Optional: token used by server-side gateway calls
OPENCLAW_GATEWAY_TOKEN=
# Tools profile used when Mission Control spawns sessions via sessions_spawn.
# OpenClaw 2026.3.2+ defaults to "messaging" if omitted.
OPENCLAW_TOOLS_PROFILE=coding
# Frontend env vars (NEXT_PUBLIC_ prefix = available in browser)
NEXT_PUBLIC_GATEWAY_HOST=
NEXT_PUBLIC_GATEWAY_PORT=18789
NEXT_PUBLIC_GATEWAY_PROTOCOL=
NEXT_PUBLIC_GATEWAY_URL=
# Do not expose gateway tokens via NEXT_PUBLIC_* variables.
# Keep gateway auth secrets server-side only (OPENCLAW_GATEWAY_TOKEN / GATEWAY_TOKEN).
# Gateway client id used in websocket handshake (role=operator UI client).
NEXT_PUBLIC_GATEWAY_CLIENT_ID=openclaw-control-ui
# Gateway optional mode: set to 'true' if deploying on VPS with firewall blocking WebSocket ports.
# In optional mode, Mission Control runs standalone; core CRUD features work but live gateway events do not.
# NEXT_PUBLIC_GATEWAY_OPTIONAL=false
# === Data Paths (all optional, defaults to .data/ in project root) ===
# MISSION_CONTROL_DATA_DIR=.data
# MISSION_CONTROL_DB_PATH=.data/mission-control.db
# MISSION_CONTROL_TOKENS_PATH=.data/mission-control-tokens.json
# === OpenClaw Paths (derived from OPENCLAW_HOME if not set) ===
# OPENCLAW_LOG_DIR=/path/to/.openclaw/logs
# OPENCLAW_MEMORY_DIR=/path/to/.openclaw/memory
#
# NOTE: OpenClaw does NOT store agent memory markdown files under OPENCLAW_HOME/memory/.
# That directory does not exist by default. Agent memory lives in each agent's workspace
# (e.g. ~/clawd-agents/{agent}/memory/). Point this at your agents root to make the
# Memory Browser useful:
# OPENCLAW_MEMORY_DIR=/home/you/clawd-agents
# OPENCLAW_SOUL_TEMPLATES_DIR=/path/to/.openclaw/templates/souls
# OPENCLAW_BIN=openclaw
# === Super Admin / Provisioning (optional) ===
# Path to this repo root, needed if you use the super-admin provisioning helpers.
# MISSION_CONTROL_REPO_ROOT=/path/to/mission-control
# Template openclaw.json used to seed new tenant state (required for tenant bootstrap).
# MC_SUPER_TEMPLATE_OPENCLAW_JSON=/path/to/openclaw.json
# Base path used for provisioned linux user homes (default: /home)
# MC_TENANT_HOME_ROOT=/home
# Workspace directory name under each tenant user home (default: workspace)
# MC_TENANT_WORKSPACE_DIRNAME=workspace
# === Data Retention (days, 0 = keep forever) ===
# MC_RETAIN_ACTIVITIES_DAYS=90
# MC_RETAIN_AUDIT_DAYS=365
# MC_RETAIN_LOGS_DAYS=30
# MC_RETAIN_NOTIFICATIONS_DAYS=60
# MC_RETAIN_PIPELINE_RUNS_DAYS=90
# MC_RETAIN_TOKEN_USAGE_DAYS=90