-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathenv.example
More file actions
72 lines (62 loc) · 3.3 KB
/
Copy pathenv.example
File metadata and controls
72 lines (62 loc) · 3.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
# Network / bind. Production should normally bind only to localhost and expose
# the app through Cloudflare Tunnel or another reverse proxy.
APP_HOST=127.0.0.1
APP_PORT=3000
# Public origin used for WebSocket origin checks and secure-cookie inference.
# Must exactly match the browser origin in production.
# Either APP_PUBLIC_ORIGIN or APP_BASE_URL is accepted.
APP_PUBLIC_ORIGIN=https://terminal.example.com
# APP_BASE_URL=https://terminal.example.com
# Keep enabled behind Cloudflare / reverse proxy.
APP_TRUST_PROXY=1
# PIN auth. Set one of APP_PIN or APP_PIN_HASH.
# APP_PIN is convenient for local testing. Prefer APP_PIN_HASH in production.
APP_PIN=123456
# Format: scrypt$<salt-hex>$<hash-hex>
APP_PIN_HASH=
# Session cookie
APP_COOKIE_NAME=chat2ide_session
# auto | always | never
APP_COOKIE_SECURE=auto
APP_SESSION_TTL_HOURS=24
# Login throttling
APP_LOGIN_MAX_ATTEMPTS=5
APP_LOGIN_LOCKOUT_SECONDS=120
APP_LOGIN_ATTEMPT_WINDOW_SECONDS=600
# WebSocket guardrail. Incoming messages above this size are rejected by ws.
APP_WS_MAX_MESSAGE_BYTES=131072
# Outgoing WebSocket send-buffer cap per browser/client socket.
APP_WS_MAX_BUFFERED_BYTES=1048576
# Codex CLI command. The command must be executable by the user running
# chat2ide, and Codex CLI should already be installed and authenticated.
CODEX_COMMAND=codex
# Supports:
# 1) space-separated string, e.g. "--model your-model"
# 2) JSON string array, e.g. ["--model","your-model"]
CODEX_ARGS=
# Business boundary for the remote terminal. Point this at the project you want
# Codex CLI to operate on, and run chat2ide with a least-privilege OS account.
CODEX_CWD=/srv/your-project
# Optional path-delimited allowlist for API-provided cwd overrides. Defaults to
# all configured profile cwd values. Use ":" on Linux/macOS and ";" on Windows.
# TERMINAL_ALLOWED_CWD_ROOTS=/srv/your-project:/srv/another-project
# Optional launch profiles shown in the mobile UI. The default "codex" profile
# is built from CODEX_COMMAND/CODEX_ARGS/CODEX_CWD. Extra profiles let one
# deployment start different CLIs or wrapper scripts without editing the app.
# Keep this as one JSON array string in .env.
# TERMINAL_PROFILES=[{"id":"claude","name":"Claude Code","command":"claude","args":[],"cwd":"/srv/your-project","description":"Claude Code CLI"},{"id":"codex-remote","name":"Codex remote TUI","command":"codex","args":["--remote","wss://remote-host:4500","--remote-auth-token-env","CODEX_REMOTE_TOKEN"],"cwd":"/srv/your-project","description":"Connect Codex TUI to a secured app-server"}]
# Optional direct client bridge for IDE plugins or desktop clients that do not
# expose an independently runnable CLI. When configured, trusted companion
# clients connect to /bridge with Authorization: Bearer <token>, publish their
# sessions, and receive mobile input/resize/control messages.
# APP_BRIDGE_TOKEN=replace-with-32-byte-random-bridge-token
# Prefer scoped tokens when multiple trusted companions share one deployment.
# APP_BRIDGE_CLIENTS=[{"id":"desktop-ide","name":"Desktop IDE","token":"replace-with-32-byte-random-client-token"}]
# APP_BRIDGE_MAX_SESSIONS=8
# APP_BRIDGE_STOPPED_SESSION_TTL_MINUTES=60
# Terminal defaults. Ring buffer is only recent-output replay, not full logs.
TERMINAL_DEFAULT_COLS=120
TERMINAL_DEFAULT_ROWS=32
TERMINAL_BUFFER_BYTES=262144
TERMINAL_MAX_SESSIONS=8
TERMINAL_MAX_INPUT_BYTES=65536