singularity-forge/docker/.env.example

# ──────────────────────────────────────────────
# SF Docker Sandbox — Environment Variables
# Copy this file to .env and fill in your keys.
# ──────────────────────────────────────────────

# ── Container User Identity ──
# Match your host UID/GID to avoid permission issues on bind mounts.
# Run `id -u` and `id -g` on your host to find the right values.
PUID=1000
PGID=1000

# ── LLM Provider API Keys (at least one required) ──

# Anthropic (Claude)
# ANTHROPIC_API_KEY=sk-ant-...

# OpenAI
# OPENAI_API_KEY=sk-...

# Google (Gemini)
# GOOGLE_API_KEY=...

# OpenRouter (multi-provider gateway)
# OPENROUTER_API_KEY=sk-or-...

# ── Optional: Research & Search Tools ──

# Brave Search API
# BRAVE_API_KEY=...

# Tavily Search API
# TAVILY_API_KEY=tvly-...

# Jina AI (reader/search)
# JINA_API_KEY=...

# ── Optional: Git & GitHub ──

# GitHub personal access token (for PR operations)
# GITHUB_TOKEN=ghp_...

# Git author identity inside the sandbox
# GIT_AUTHOR_NAME=Your Name
# GIT_AUTHOR_EMAIL=you@example.com
feat(docker): add official Docker sandbox template for isolated GSD auto mode (#2360) Ship a Dockerfile.sandbox, docker-compose.yml, .env.example, and docs so users can run GSD auto mode inside an isolated Docker sandbox (MicroVM) without risk to the host filesystem, SSH keys, or other projects. - Dockerfile.sandbox: Node 22 base, gsd-pi pre-installed, non-root user, port 3000 - docker-compose.yml: workspace volume mount, persistent .gsd state, env_file support - .env.example: template for LLM provider keys and optional tool credentials - docker/README.md: setup guide covering sandbox CLI, Compose, two-terminal workflow, credential injection, and network allowlisting - .dockerignore: project-root ignore file for efficient Docker builds - src/tests/docker-template.test.ts: 13 structural tests verifying all template files Fixes #1544 Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-24 15:57:59 -04:00			`# ──────────────────────────────────────────────`
chore: sync workspace state after rebrand - Rebrand commits already in history (gsd → forge) - Sync pre-existing doc, docker, and CI config updates - All rebrand artifacts verified in place: * Native crates: forge-engine, forge-ast, forge-grep * Log prefixes: [forge] across 22+ files * Binary: ~/bin/sf-run * Workspace scopes: @sf-run/, @singularity-forge/ * Nix flake: Rust toolchain ready System ready for: nix develop && bun run build:native Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-15 14:54:20 +02:00			`# SF Docker Sandbox — Environment Variables`
feat(docker): add official Docker sandbox template for isolated GSD auto mode (#2360) Ship a Dockerfile.sandbox, docker-compose.yml, .env.example, and docs so users can run GSD auto mode inside an isolated Docker sandbox (MicroVM) without risk to the host filesystem, SSH keys, or other projects. - Dockerfile.sandbox: Node 22 base, gsd-pi pre-installed, non-root user, port 3000 - docker-compose.yml: workspace volume mount, persistent .gsd state, env_file support - .env.example: template for LLM provider keys and optional tool credentials - docker/README.md: setup guide covering sandbox CLI, Compose, two-terminal workflow, credential injection, and network allowlisting - .dockerignore: project-root ignore file for efficient Docker builds - src/tests/docker-template.test.ts: 13 structural tests verifying all template files Fixes #1544 Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-24 15:57:59 -04:00			`# Copy this file to .env and fill in your keys.`
			`# ──────────────────────────────────────────────`

fix(docker): overhaul fragile setup, adopt proven container patterns (#2716) Split fake multi-stage Dockerfile into independent CI builder and runtime images. Add proper entrypoint with UID/GID remapping via PUID/PGID, sentinel-based first-boot bootstrap, pre-creation of critical file targets, and signal-forwarding privilege drop via gosu. Standardize on Node 24, split compose into minimal + full reference. Closes #9 2026-03-26 18:10:49 -04:00			`# ── Container User Identity ──`
			`# Match your host UID/GID to avoid permission issues on bind mounts.`
			# Run `id -u` and `id -g` on your host to find the right values.
			`PUID=1000`
			`PGID=1000`

feat(docker): add official Docker sandbox template for isolated GSD auto mode (#2360) Ship a Dockerfile.sandbox, docker-compose.yml, .env.example, and docs so users can run GSD auto mode inside an isolated Docker sandbox (MicroVM) without risk to the host filesystem, SSH keys, or other projects. - Dockerfile.sandbox: Node 22 base, gsd-pi pre-installed, non-root user, port 3000 - docker-compose.yml: workspace volume mount, persistent .gsd state, env_file support - .env.example: template for LLM provider keys and optional tool credentials - docker/README.md: setup guide covering sandbox CLI, Compose, two-terminal workflow, credential injection, and network allowlisting - .dockerignore: project-root ignore file for efficient Docker builds - src/tests/docker-template.test.ts: 13 structural tests verifying all template files Fixes #1544 Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-24 15:57:59 -04:00			`# ── LLM Provider API Keys (at least one required) ──`

			`# Anthropic (Claude)`
			`# ANTHROPIC_API_KEY=sk-ant-...`

			`# OpenAI`
			`# OPENAI_API_KEY=sk-...`

			`# Google (Gemini)`
			`# GOOGLE_API_KEY=...`

			`# OpenRouter (multi-provider gateway)`
			`# OPENROUTER_API_KEY=sk-or-...`

			`# ── Optional: Research & Search Tools ──`

			`# Brave Search API`
			`# BRAVE_API_KEY=...`

			`# Tavily Search API`
			`# TAVILY_API_KEY=tvly-...`

			`# Jina AI (reader/search)`
			`# JINA_API_KEY=...`

			`# ── Optional: Git & GitHub ──`

			`# GitHub personal access token (for PR operations)`
			`# GITHUB_TOKEN=ghp_...`

			`# Git author identity inside the sandbox`
			`# GIT_AUTHOR_NAME=Your Name`
			`# GIT_AUTHOR_EMAIL=you@example.com`