# Base URL of your self-hosted Gitea instance.
GITEA_BASE_URL=https://gitea.reversed.dev

# Bot account token used to read PRs and write comments.
GITEA_TOKEN=replace
GITEA_BOT_USERNAME=codex-bot

# Shared secret configured on the Gitea webhook.
GITEA_WEBHOOK_SECRET=replace

# OpenAI API credentials for API-key mode (required when CODEX_AUTH_MODE=api_key).
OPENAI_API_KEY=replace
OPENAI_PROJECT_ID=
OPENAI_ORG_ID=

# Codex runner auth mode:
# - api_key: use OPENAI_API_KEY inside the review container.
# - chatgpt: mount auth.json into the container and use ChatGPT-managed auth.
CODEX_AUTH_MODE=api_key

# Optional custom host path for auth.json when CODEX_AUTH_MODE=chatgpt.
# Defaults to ~/.codex/auth.json when unset.
CODEX_AUTH_JSON_PATH=

# Comma-separated allowlist of repositories this bot may process.
# Example: space/gitea-codex,space/another-repo
ALLOWED_REPOS=space/gitea-codex

COOLDOWN_SECONDS=60

# WEBHOOK_MODE is informational for your deployment model:
# - repo: you configured repository-level webhooks in Gitea.
# - global: you configured one instance-level/admin webhook in Gitea.
# This bot does NOT auto-provision webhooks. Admin config is manual.
WEBHOOK_MODE=repo

DB_HOST=mariadb
DB_PORT=3306
DB_NAME=gitea_codex
DB_USER=gitea_codex
DB_PASSWORD=replace

WORKDIR=/var/lib/gitea-codex/worktrees
MAX_DIFF_BYTES=200000
MAX_REVIEW_MINUTES=10
CONCURRENCY=1
JOB_LEASE_TIMEOUT_SECONDS=300
STUCK_JOB_RECOVERY_ACTION=requeue

# Image used for ephemeral job containers (Node + npm + Codex CLI install).
REVIEW_RUNNER_IMAGE=node:22-bookworm-slim

# Keep false for review-only mode.
ENABLE_FIX_COMMANDS=false

# Security: fork PRs are skipped unless explicitly enabled.
ALLOW_UNTRUSTED_FORKS=false