runtime/.env.example at main · commandlayer/runtime · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
# -----------------------------------------------
# CommandLayer Runtime — Environment Variables
# -----------------------------------------------

# --- Required for production receipt signing ---

# ENS name of the signer (e.g. "runtime.commandlayer.eth")
# Canonical name: RECEIPT_SIGNER_ID (CL_RECEIPT_SIGNER_ID and CL_RECEIPT_SIGNER are also accepted)
RECEIPT_SIGNER_ID=runtime.commandlayer.eth

# Ed25519 private key in PKCS8 PEM format, base64-encoded for safe env transport
# Generate: openssl genpkey -algorithm ed25519 | base64 -w 0
RECEIPT_SIGNING_PRIVATE_KEY_PEM_B64=<base64-encoded-pkcs8-pem>

# Ed25519 public key — raw 32 bytes as base64
# Generate: openssl pkey -pubout -outform DER | tail -c 32 | base64
RECEIPT_SIGNING_PUBLIC_KEY_B64=<32-byte-pubkey-base64>

# --- ENS verification (optional) ---

# Ethereum JSON-RPC URL for ENS resolution (mainnet)
# ETH_RPC_URL=https://eth-mainnet.g.alchemy.com/v2/YOUR_KEY

# ENS TXT key names (defaults match CommandLayer spec)
# ENS_SIG_PUB_KEY=cl.sig.pub
# ENS_SIG_KID_KEY=cl.sig.kid
# ENS_SIG_CANONICAL_KEY=cl.sig.canonical

# --- Server ---
PORT=8080
HOST=0.0.0.0
# SERVICE_NAME=commandlayer-runtime
# SERVICE_VERSION=1.1.0
# API_VERSION=1.1.0
# CANONICAL_BASE_URL=https://runtime.commandlayer.org

# --- Rate limiting ---
# RATE_LIMIT_WINDOW_MS=60000
# RATE_LIMIT_MAX=120

# --- Schema validation ---
# SCHEMA_HOST=https://www.commandlayer.org
# SCHEMA_FETCH_TIMEOUT_MS=15000
# VERIFY_SCHEMA_CACHED_ONLY=1

# --- Fetch verb hardening ---
# FETCH_TIMEOUT_MS=8000
# FETCH_MAX_BYTES=262144
# ENABLE_SSRF_GUARD=1
# ALLOW_FETCH_HOSTS=

# --- Debug (never enable in production) ---
# ENABLE_DEBUG=0
# DEBUG_TOKEN=

# --- Dev only (generates ephemeral keypair, NEVER use in production) ---
# DEV_AUTO_KEYS=0