-
Notifications
You must be signed in to change notification settings - Fork 593
Expand file tree
/
Copy path.env.example
More file actions
147 lines (136 loc) · 6.9 KB
/
Copy path.env.example
File metadata and controls
147 lines (136 loc) · 6.9 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
# ========== Server ==========
PORT=3003
# API key for incoming requests (leave empty for open access)
API_KEY=
# Directory for persisted JSON state and logs (Docker 推荐用 /data)
DATA_DIR=
# In-memory duplicate response cache. Max bytes accepts b/k/kb/kib/m/mb/mib/g/gb/gib.
# RESPONSE_CACHE_ENABLED=1
# RESPONSE_CACHE_MAX_BYTES=16m
# ========== Codeium Auth ==========
# Option 1: Direct API key from Windsurf
CODEIUM_API_KEY=
# Option 2: Token from windsurf.com/show-auth-token
CODEIUM_AUTH_TOKEN=
# ========== Language Server ==========
# Path to the language server binary.
# Linux x64 default: /opt/windsurf/language_server_linux_x64
# Linux arm64 default: /opt/windsurf/language_server_linux_arm
# macOS Apple Silicon default: ~/.windsurf/language_server_macos_arm
# macOS Intel default: ~/.windsurf/language_server_macos_x64
LS_BINARY_PATH=/opt/windsurf/language_server_linux_x64
# Per-proxy language server data root.
# macOS local runs should use a user-writable directory, e.g. ~/.windsurf/data.
LS_DATA_DIR=/opt/windsurf/data
# gRPC port for language server
LS_PORT=42100
# Max live LS instances. Empty = memory-aware default (about 700MB per LS).
# Set low on small VPSes, especially when using per-proxy/per-user LS isolation.
# LS_MAX_INSTANCES=2
# Prewarm the no-proxy default LS on startup. Set 0 on low-memory hosts when
# all real traffic uses per-account proxies; LS will start lazily on demand.
# LS_PREWARM_DEFAULT=1
# How long a request waits for an active non-default LS to go idle before
# returning LS_POOL_EXHAUSTED / LS_MEMORY_GUARD.
# LS_POOL_WAIT_MS=30000
# Minimum available memory required before spawning another non-default LS. If
# unset, WindsurfAPI uses observed live LS RSS + margin after the first LS is
# ready, falling back to 700MB before any sample exists. Set this to pin a
# fixed operator budget. Accepts 700m / 1g / bytes.
# LS_SPAWN_MIN_AVAILABLE_BYTES=700m
# Dynamic RSS estimate floor/margin used only when LS_SPAWN_MIN_AVAILABLE_BYTES
# is unset.
# LS_OBSERVED_RSS_MIN_BYTES=384m
# LS_OBSERVED_RSS_MARGIN_PERCENT=35
# Disable memory guard only on hosts with external memory control/monitoring.
# LS_MEMORY_GUARD=1
# Stop idle non-default LS instances after this many milliseconds. 0 disables.
# LS_IDLE_TTL_MS=1200000
# Idle reaper interval. Empty = derived from LS_IDLE_TTL_MS.
# LS_IDLE_SWEEP_MS=300000
# Prewarm every configured proxy LS on startup. Default off to avoid memory spikes.
# LS_PREWARM_PROXIES=0
# Also prewarm/probe LS when adding accounts from Dashboard/batch/OAuth.
# Default off so bulk account import cannot spawn many heavy LSPs at once.
# LS_PREWARM_ON_ACCOUNT_ADD=0
# Background credit/token refresh skips accounts currently serving chat,
# account maintenance, or LS maintenance by default. Set 0 only if you want
# scheduled maintenance to run even when an account is busy.
# WINDSURFAPI_BACKGROUND_MAINTENANCE_SKIP_BUSY=1
# Native Cascade tool bridge. Default off because Cascade executes native
# Read/Bash-style tools in the remote Windsurf workspace, while most clients
# expect local execution.
# v2.0.139 production canary scope is intentionally narrow: without an
# explicit tool allowlist, only Bash / shell_command / run_command can route
# through the native bridge. Read/Grep/Glob/WebSearch/WebFetch are protocol
# matrix work, not production defaults. For local IDE tools (Claude Code,
# Cline, Codex, opencode), keep the default emulation path unless you are
# explicitly testing remote execution semantics.
# WINDSURFAPI_NATIVE_TOOL_BRIDGE=all_mapped
# Optional gray gates for real testing:
# WINDSURFAPI_NATIVE_TOOL_BRIDGE_TOOLS=Bash
# WINDSURFAPI_NATIVE_TOOL_BRIDGE_MODELS=claude-4.5-haiku
# WINDSURFAPI_NATIVE_TOOL_BRIDGE_API_KEYS=your-test-api-key
# Force bridge mode for mapped subsets only after the canary is proven:
# WINDSURFAPI_NATIVE_TOOL_BRIDGE=1
# Emergency hard-off:
# WINDSURFAPI_NATIVE_TOOL_BRIDGE_OFF=1
# Smoke an already-running native bridge deployment with:
# API_KEY=... BASE_URL=http://127.0.0.1:3003 npm run smoke:native-bridge
# Protocol trace is lab-only. For Read wrapper reverse engineering, prefer the
# dedicated child summary over global raw string dumps:
# WINDSURFAPI_PROTO_TRACE=1
# WINDSURFAPI_PROTO_TRACE_READ_WRAPPER_STRINGS=0
# Optional special-agent backend for models that do not work through direct
# Cascade chat (currently swe-1.6 / swe-1.6-fast / adaptive / arena-*).
# Default off. When enabled, the first PoC backend uses Devin CLI print mode:
# devin -p "<prompt>"
# Install/configure Devin CLI separately on the host/container and point this
# path at it. Do not bake it into the base image unless you want that runtime
# dependency for every deployment.
# WINDSURFAPI_SPECIAL_AGENT_BACKEND=devin-cli
# DEVIN_CLI_PATH=devin
# DEVIN_CLI_MODE=print
# DEVIN_MAX_PROCS=1
# DEVIN_QUEUE_TIMEOUT_MS=30000
# DEVIN_TIMEOUT_MS=600000
# Pass the checked-out Windsurf account apiKey to Devin CLI as WINDSURF_API_KEY.
# Set to 0 only when the CLI has its own login/session and you understand that
# the HTTP server still expects a normal WindsurfAPI account pool.
# DEVIN_CLI_USE_ACCOUNT_POOL=1
# Print mode refuses caller-local tools/media by default; ACP bridging should
# be used before enabling these in production.
# DEVIN_CLI_ALLOW_CLIENT_TOOLS=0
# DEVIN_CLI_ALLOW_MEDIA=0
# After configuring Devin CLI/ACP, validate the route with:
# API_KEY=... BASE_URL=http://127.0.0.1:3003 npm run smoke:special-agent
# ========== Dashboard ==========
# Dashboard password — protects /dashboard and all /dashboard/api/* endpoints.
# If empty AND API_KEY is also empty, dashboard is completely open (anyone can
# view accounts, API keys, logs, and trigger updates). Set this for any
# internet-facing deployment.
DASHBOARD_PASSWORD=
# ========== Astraflow (OpenAI-compatible, 200+ models — https://astraflow.ucloud-global.com) ==========
# Global endpoint (env: ASTRAFLOW_API_KEY) — base URL: https://api-us-ca.umodelverse.ai/v1
ASTRAFLOW_API_KEY=
# China endpoint (env: ASTRAFLOW_CN_API_KEY) — base URL: https://api.modelverse.cn/v1
ASTRAFLOW_CN_API_KEY=
# ========== Advanced ==========
CODEIUM_API_URL=https://server.self-serve.windsurf.com
DEFAULT_MODEL=claude-4.5-sonnet-thinking
MAX_TOKENS=8192
LOG_LEVEL=info
# ========== Cascade Reuse (single-user Claude Code optimization) ==========
# Caller-based fallback: when fingerprint misses, reuse the latest cascade
# for the same caller+model. Set to 1 for single-user Claude Code setups.
CASCADE_REUSE_BY_CALLER=0
# Max pool entries. Single-user setups can set to 1-5.
CASCADE_POOL_MAX=500
# Don't hash system prompt (reduces fingerprint drift from Claude Code's
# dynamic system prompt). Already defaults to 0.
# CASCADE_REUSE_HASH_SYSTEM=0
# ========== Security ==========
# Allow private/internal hosts (e.g., 192.168.x.x, 10.x.x.x, localhost) in proxy tests.
# Set to 1 for local deployments where you need to test proxies on private networks.
# Leave empty or set to 0 for public-facing deployments (default: only public hosts allowed).
ALLOW_PRIVATE_PROXY_HOSTS=