# clawdforge — copy to .env on Lucy at /mnt/cache/appdata/secrets/clawdforge.env
# (chmod 600, root:root)

# Bind
BIND_HOST=0.0.0.0
BIND_PORT=8800

# Bootstrap admin token. Used to mint per-app tokens via /admin/tokens.
# Once the SQLite db has any token, this var becomes a "root override" and
# should be rotated or unset.
ADMIN_BOOTSTRAP_TOKEN=change-me-32-bytes-of-entropy

# IP allowlist applied to ALL requests. CIDR list, comma-separated.
# 172.24.0.0/16 = sulkta bridge (where clawdforge sits with peer apps)
# 172.17.0.0/16 = docker0 default (some legacy apps still here)
# 192.168.0.0/24 = LAN clients
# Loopback always allowed.
ALLOW_CIDRS=172.24.0.0/16,172.17.0.0/16,192.168.0.0/24

# Default claude config (per-request override allowed)
CLAUDE_BIN=claude
DEFAULT_MODEL=sonnet
DEFAULT_TIMEOUT_SECS=120

# Run-staging area inside the container (don't change unless you also change compose mount)
RUNS_DIR=/data/runs

# SQLite db path (don't change unless you also change compose mount)
DB_PATH=/data/clawdforge.db