LibreCodeInterpreter/.env.example at main · On-Behalf-AI/LibreCodeInterpreter · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
# Code Interpreter API Configuration
# Only settings you're likely to change are listed here.
# All other settings have sensible defaults — see docs/CONFIGURATION.md for the full list.

# ── Authentication ──────────────────────────────────────────────
API_KEY=your-secure-api-key-here-change-this-in-production
# API_KEYS=key1,key2,key3  # Additional API keys (comma-separated)
# MASTER_API_KEY=your-secure-master-key  # Required for admin dashboard CLI
#
# AUTH_ENABLED=true        # Set to false to disable x-api-key/Basic auth checks
#                          # on user endpoints. Use only when running behind a
#                          # trusted network boundary. /api/v1/admin/* still
#                          # requires MASTER_API_KEY regardless.
#
# Three ways clients can authenticate when AUTH_ENABLED=true:
#   1. x-api-key: <key>                                 (recommended for proxies)
#   2. Authorization: Basic base64("<key>:")            (LibreChat URL credentials)
#      e.g. LIBRECHAT_CODE_BASEURL=https://<key>@your-api/v1
#   3. (none, when AUTH_ENABLED=false)

# ── Sandbox network access (skill installs) ───────────────────
# When ENABLE_SANDBOX_NETWORK=true, sandboxes can reach the internet but only
# through an inline allowlist proxy that permits PyPI, npm, Go modules, and
# crates.io. Required for skills that pip/npm/go install dependencies at
# runtime. Off by default (sandboxes are isolated).
#
# ENABLE_SANDBOX_NETWORK=false
# SANDBOX_EGRESS_PORT=18443                       # local-only, sandbox -> proxy
# SANDBOX_EGRESS_ALLOWLIST=                       # comma-separated extra hosts
# SKILL_DEPS_PATH=/opt/skill-deps                 # backing volume mount

# ── Redis ───────────────────────────────────────────────────────
REDIS_HOST=localhost
REDIS_PORT=6379
# REDIS_PASSWORD=
# REDIS_URL=redis://localhost:6379/0  # Alternative to individual settings

# ── S3 Storage (Garage) ────────────────────────────────────────
S3_ENDPOINT=localhost:3900
S3_ACCESS_KEY=GKminioadmin0000
S3_SECRET_KEY=minioadminsecret
# S3_SECURE=false
# S3_BUCKET=code-interpreter-files
# S3_REGION=garage

# ── Execution Limits ───────────────────────────────────────────
# MAX_EXECUTION_TIME=30    # Seconds (default: 30)
# MAX_MEMORY_MB=512        # Per-execution memory limit

# ── Sandbox Pool (Python REPL) ─────────────────────────────────
# SANDBOX_POOL_ENABLED=true
# SANDBOX_POOL_PY=5        # Number of pre-warmed Python REPLs
# SANDBOX_POOL_PARALLEL_BATCH=1  # Safer on busy multi-tenant hosts
# REPL_ENABLED=true
# SANDBOX_UID=1002         # Shared host UID for all sandbox languages

# ── Port ──────────────────────────────────────────────────────
# PORT=8000                # External host port published by docker compose

# ── SSL/HTTPS ──────────────────────────────────────────────────
# HTTPS configuration:
# 1. SSL_CERTS_PATH is a host path mounted to /app/ssl inside the container
# 2. SSL_CERT_FILE and SSL_KEY_FILE must be container paths under /app/ssl
#
# Simple local/self-managed cert directory:
# PORT=443
# ENABLE_HTTPS=true
# SSL_CERTS_PATH=./ssl
# SSL_CERT_FILE=/app/ssl/fullchain.pem
# SSL_KEY_FILE=/app/ssl/privkey.pem
#
# Let's Encrypt on the host:
# PORT=443
# ENABLE_HTTPS=true
# SSL_CERTS_PATH=/etc/letsencrypt
# SSL_CERT_FILE=/app/ssl/live/example.com/fullchain.pem
# SSL_KEY_FILE=/app/ssl/live/example.com/privkey.pem

# ── Logging ────────────────────────────────────────────────────
# LOG_LEVEL=INFO             # INFO = clean (1 log per execution); DEBUG = full detail
# LOG_FORMAT=json            # json (structured) or text (human-readable, colored)
# ENABLE_ACCESS_LOGS=false   # Set true to enable uvicorn per-request access logs