# === Server Port === # Port the Next.js server listens on (dev and production) # PORT=3000 # === Authentication === # Admin user seeded on first run (only if no users exist in DB) AUTH_USER=admin AUTH_PASS=change-me-on-first-login # If your password includes "#" and you do not want to quote AUTH_PASS, use base64: # AUTH_PASS_B64=Y2hhbmdlLW1lLW9uLWZpcnN0LWxvZ2lu # Example: echo -n 'my#password' | base64 # API key for headless/external access (x-api-key header) API_KEY=generate-a-random-key # Primary gateway defaults (used by /api/gateways seeding if DB is empty) MC_DEFAULT_GATEWAY_NAME=primary # Session cookie behavior # - In production, cookies default to secure=true unless overridden. # - SameSite defaults to "strict". MC_COOKIE_SECURE= MC_COOKIE_SAMESITE=strict # Network access control (middleware) # In production, access is blocked unless the host is explicitly allowed. # Patterns supported: # - Exact hosts: "app.example.com" # - Subdomains: "*.example.com" # - Prefix wildcard: "100.*" (useful for Tailscale IPs) MC_ALLOW_ANY_HOST= MC_ALLOWED_HOSTS=localhost,127.0.0.1 # Google OAuth client IDs for Google Sign-In approval workflow # Create in Google Cloud Console (Web application) and set authorized origins/redirects GOOGLE_CLIENT_ID= NEXT_PUBLIC_GOOGLE_CLIENT_ID= # Legacy cookie auth (backward compat, can be removed once all clients use session auth) AUTH_SECRET=random-secret-for-legacy-cookies # Coordinator identity (used for coordinator chat status replies and comms UI) MC_COORDINATOR_AGENT=coordinator NEXT_PUBLIC_COORDINATOR_AGENT=coordinator # === 1Password Integration (optional) === # Vault name for 1Password CLI pulls (used by Integrations panel) OP_VAULT_NAME=default # === OpenClaw Integration === # Path to .openclaw home directory (required for memory browser, gateway config, logs) OPENCLAW_HOME= # Optional: explicitly point at openclaw.json # OPENCLAW_CONFIG_PATH= # Gateway connection (used by frontend WebSocket) OPENCLAW_GATEWAY_HOST=127.0.0.1 OPENCLAW_GATEWAY_PORT=18789 # Optional: token used by server-side gateway calls OPENCLAW_GATEWAY_TOKEN= # Tools profile used when Mission Control spawns sessions via sessions_spawn. # OpenClaw 2026.3.2+ defaults to "messaging" if omitted. OPENCLAW_TOOLS_PROFILE=coding # Frontend env vars (NEXT_PUBLIC_ prefix = available in browser) NEXT_PUBLIC_GATEWAY_HOST= NEXT_PUBLIC_GATEWAY_PORT=18789 NEXT_PUBLIC_GATEWAY_PROTOCOL= NEXT_PUBLIC_GATEWAY_URL= # NEXT_PUBLIC_GATEWAY_TOKEN= # Optional, set if gateway requires auth token # Gateway client id used in websocket handshake (role=operator UI client). NEXT_PUBLIC_GATEWAY_CLIENT_ID=openclaw-control-ui # === Data Paths (all optional, defaults to .data/ in project root) === # MISSION_CONTROL_DATA_DIR=.data # MISSION_CONTROL_DB_PATH=.data/mission-control.db # MISSION_CONTROL_TOKENS_PATH=.data/mission-control-tokens.json # === OpenClaw Paths (derived from OPENCLAW_HOME if not set) === # OPENCLAW_LOG_DIR=/path/to/.openclaw/logs # OPENCLAW_MEMORY_DIR=/path/to/.openclaw/memory # # NOTE: OpenClaw does NOT store agent memory markdown files under OPENCLAW_HOME/memory/. # That directory does not exist by default. Agent memory lives in each agent's workspace # (e.g. ~/clawd-agents/{agent}/memory/). Point this at your agents root to make the # Memory Browser useful: # OPENCLAW_MEMORY_DIR=/home/you/clawd-agents # OPENCLAW_SOUL_TEMPLATES_DIR=/path/to/.openclaw/templates/souls # OPENCLAW_BIN=openclaw # === Super Admin / Provisioning (optional) === # Path to this repo root, needed if you use the super-admin provisioning helpers. # MISSION_CONTROL_REPO_ROOT=/path/to/mission-control # Template openclaw.json used to seed new tenant state (required for tenant bootstrap). # MC_SUPER_TEMPLATE_OPENCLAW_JSON=/path/to/openclaw.json # Base path used for provisioned linux user homes (default: /home) # MC_TENANT_HOME_ROOT=/home # Workspace directory name under each tenant user home (default: workspace) # MC_TENANT_WORKSPACE_DIRNAME=workspace # === Data Retention (days, 0 = keep forever) === # MC_RETAIN_ACTIVITIES_DAYS=90 # MC_RETAIN_AUDIT_DAYS=365 # MC_RETAIN_LOGS_DAYS=30 # MC_RETAIN_NOTIFICATIONS_DAYS=60 # MC_RETAIN_PIPELINE_RUNS_DAYS=90 # MC_RETAIN_TOKEN_USAGE_DAYS=90