-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
221 lines (190 loc) · 9.84 KB
/
.env.example
File metadata and controls
221 lines (190 loc) · 9.84 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
# ─────────────────────────────────────────────────────────────────────────────
# Crewmate — Environment Variables
# Copy this file to .env and fill in the values for the mode you are using:
# cp .env.example .env
#
# Modes used in this repo:
# - Local solo: private development on your own machine
# - Local friend test: frontend + backend stay local, but you share one HTTPS tunnel
# - Hosted staging: public frontend/backend deployment later
# ─────────────────────────────────────────────────────────────────────────────
# ── MINIMUM LOCAL MODE ───────────────────────────────────────────────────────
#
# The smallest working setup is:
# GOOGLE_API_KEY=...
#
# That gives you:
# - local dev email-code auth
# - local dashboard/tasks/memory/sessions experience
# - Gemini-powered chat/live flows
# - optional integrations that can be connected later
# Gemini API key — get one free at https://aistudio.google.com/app/apikey
GOOGLE_API_KEY=
# 32-character random string for encrypting stored integration secrets
# Generate with: openssl rand -hex 16
# Optional for minimum local mode. Strongly recommended once you start using
# saved integrations or hosted deployments.
CREWMATE_ENCRYPTION_KEY=
# ── SERVER BASICS ────────────────────────────────────────────────────────────
PORT=8787
NODE_ENV=development
# Local solo:
# CORS_ORIGIN=http://localhost:3000
# PUBLIC_APP_URL=http://localhost:3000
# PUBLIC_WEB_APP_URL=http://localhost:3000
#
# Local friend test via one tunnel on the frontend port:
# set all three values to the SAME tunnel origin, for example:
# https://your-app.trycloudflare.com
#
# Hosted staging later:
# set these to your real public frontend origin
CORS_ORIGIN=http://localhost:3000
PUBLIC_APP_URL=http://localhost:3000
PUBLIC_WEB_APP_URL=http://localhost:3000
REQUEST_BODY_LIMIT=25mb
CREWMATE_DB_PATH=data/crewmate.db
CREWMATE_ARTIFACTS_PATH=data/artifacts
CREWMATE_COMMAND_TOKEN=
SCREENSHOT_SHARE_TTL_MS=3600000
# Local solo default: true
# Local friend test recommended: false once Firebase Auth is configured
# Hosted staging / production: must be false
AUTH_EXPOSE_DEV_CODE=true
# ── FEATURE FLAGS ────────────────────────────────────────────────────────────
# Browser/UI navigator agent. Leave true for the hackathon demo unless you want
# to temporarily narrow the test surface.
FEATURE_UI_NAVIGATOR=true
# Human approval step before high-impact skill execution.
FEATURE_APPROVAL_GATES=false
# Enable inbound Slack command handling only after Slack signing secret is set.
FEATURE_SLACK_INBOUND=false
# Research agent grounding.
FEATURE_RESEARCH_GROUNDING=true
# ── FRONTEND / VITE ──────────────────────────────────────────────────────────
# Recommended for local dev and local friend testing:
# leave blank so the browser uses same-origin /api and Vite proxies to :8787.
# For a separately hosted frontend later, set this to your backend origin.
VITE_API_URL=
VITE_ENABLE_CONSERVATIVE_LIVE_TURN_TAKING=true
VITE_ENABLE_DIRECT_LIVE=false
# One-flag local preview mode:
# - forces localhost API/proxy assumptions
# - forces local email-code auth in the frontend
# - disables Firebase auth mode even if Firebase values are still present below
# - makes the backend treat the app like local development
VITE_FORCE_LOCAL_PREVIEW=false
# Force the frontend to use local dev auth even if Firebase values are present
# in this file or injected by your shell. Useful when switching back and forth
# between hosted testing and local preview.
VITE_FORCE_LOCAL_AUTH=false
# Never expose client-side Gemini keys in production. These are only for direct
# live/dev experiments if you explicitly need them.
# VITE_GEMINI_API_KEY=
# VITE_GOOGLE_API_KEY=
# ── FIREBASE AUTH (required for shared friend testing and hosted staging) ───
# Backend verification:
# - Minimum shared-test requirement: FIREBASE_PROJECT_ID
# - If you are not using Application Default Credentials, also set the service
# account email/private key below.
FIREBASE_PROJECT_ID=
FIREBASE_CLIENT_EMAIL=
FIREBASE_PRIVATE_KEY=
# Frontend Firebase web config:
# Leave these blank for minimum local mode. If you keep them populated for
# shared testing, set VITE_FORCE_LOCAL_AUTH=true when you want the local
# email-code auth flow instead.
VITE_FIREBASE_API_KEY=
VITE_FIREBASE_AUTH_DOMAIN=
VITE_FIREBASE_PROJECT_ID=
VITE_FIREBASE_APP_ID=
VITE_FIREBASE_MESSAGING_SENDER_ID=
VITE_FIREBASE_STORAGE_BUCKET=
VITE_FIREBASE_MEASUREMENT_ID=
# ── MODEL OVERRIDES (optional) ───────────────────────────────────────────────
# Defaults are already defined in server/config.ts. Only override when needed.
# GEMINI_LIVE_MODEL=gemini-2.5-flash-native-audio-preview-12-2025 # live audio + screen sessions
# GEMINI_TEXT_MODEL=gemini-3.1-flash-lite-preview # inline skill calls, quick responses
# GEMINI_BROWSER_MODEL=google/gemini-2.5-flash # Stagehand browser automation
# GEMINI_RESEARCH_MODEL=gemini-3.1-pro-preview # agents, deep research
# GEMINI_ORCHESTRATION_MODEL=gemini-3.1-pro-preview # intent routing, A2A dispatch
# GEMINI_CREATIVE_MODEL=gemini-3.1-flash-image-preview # image generation, creative content
# GEMINI_LITE_MODEL=gemini-3.1-flash-lite-preview # confirmations, filler responses
# ── SEARCH (optional but recommended) ────────────────────────────────────────
# Tavily gives better web research results. Without it, Crewmate falls back to
# DuckDuckGo.
TAVILY_API_KEY=
PEXELS_API_KEY=
# ── GOOGLE WORKSPACE (required integration baseline for shared testing) ─────
# Create OAuth client in Google Cloud Console → APIs & Services → Credentials
#
# Canonical redirect rule:
# GOOGLE_WORKSPACE_REDIRECT_URI must always be the backend callback URL:
# https://<backend-origin>/api/integrations/google-workspace/callback
#
# Local solo example:
# GOOGLE_WORKSPACE_REDIRECT_URI=http://localhost:8787/api/integrations/google-workspace/callback
#
# Hosted example:
# GOOGLE_WORKSPACE_REDIRECT_URI=https://your-cloud-run-service.run.app/api/integrations/google-workspace/callback
GOOGLE_WORKSPACE_CLIENT_ID=
GOOGLE_WORKSPACE_CLIENT_SECRET=
GOOGLE_WORKSPACE_REDIRECT_URI=http://localhost:8787/api/integrations/google-workspace/callback
# Back-compat aliases still read by server/config.ts if older envs use them.
GOOGLE_CLIENT_ID=
GOOGLE_CLIENT_SECRET=
GOOGLE_REDIRECT_URI=
# ── NOTION (optional follow-up integration) ──────────────────────────────────
# Token-based local use:
NOTION_TOKEN=
NOTION_PARENT_PAGE_ID=
#
# OAuth for shared/public deployments:
# NOTION_REDIRECT_URI must always be the backend callback URL:
# https://<backend-origin>/api/integrations/notion/callback
NOTION_CLIENT_ID=
NOTION_CLIENT_SECRET=
NOTION_REDIRECT_URI=http://localhost:8787/api/integrations/notion/callback
# ── SLACK (optional follow-up integration) ───────────────────────────────────
# Token-based local use:
SLACK_BOT_TOKEN=
SLACK_DEFAULT_CHANNEL_ID=
SLACK_SIGNING_SECRET=
#
# OAuth for shared/public deployments:
# SLACK_REDIRECT_URI must always be the backend callback URL:
# https://<backend-origin>/api/integrations/slack/callback
SLACK_CLIENT_ID=
SLACK_CLIENT_SECRET=
SLACK_REDIRECT_URI=http://localhost:8787/api/integrations/slack/callback
# ── CLICKUP (optional follow-up integration) ─────────────────────────────────
# Token-based local use:
CLICKUP_TOKEN=
CLICKUP_LIST_ID=
#
# OAuth for shared/public deployments:
# CLICKUP_REDIRECT_URI must always be the backend callback URL:
# https://<backend-origin>/api/integrations/clickup/callback
CLICKUP_CLIENT_ID=
CLICKUP_CLIENT_SECRET=
CLICKUP_REDIRECT_URI=http://localhost:8787/api/integrations/clickup/callback
# ── LOCAL FRIEND-TEST CHECKLIST ──────────────────────────────────────────────
# 1. Run npm run dev
# 2. Start one HTTPS tunnel to http://localhost:3000
# 3. Set CORS_ORIGIN, PUBLIC_APP_URL, and PUBLIC_WEB_APP_URL to that tunnel URL
# 4. Leave VITE_API_URL blank so /api stays same-origin through Vite
# 5. Add the tunnel domain to Firebase Auth authorized domains
# 6. Set GOOGLE_WORKSPACE_REDIRECT_URI to:
# https://<backend-origin>/api/integrations/google-workspace/callback
# 7. Restart npm run dev after any env change
#
# ── HOSTED STAGING / PRODUCTION NOTES ────────────────────────────────────────
# - Set NODE_ENV=production
# - Set AUTH_EXPOSE_DEV_CODE=false
# - Firebase startup validation requires:
# FIREBASE_PROJECT_ID
# VITE_FIREBASE_API_KEY
# VITE_FIREBASE_AUTH_DOMAIN
# VITE_FIREBASE_APP_ID
# - Keep SQLite, artifact files, and live runtime state on a single backend
# instance until you intentionally refactor storage/session architecture.