Core Runtime
| Variable | Default | Description |
|---|---|---|
PORT | 3100 | Server port |
HOST | 127.0.0.1 | Server host binding |
DATABASE_URL | (embedded) | PostgreSQL connection string |
PAPERCLIP_HOME | ~/.paperclip | Base directory for all Paperclip data |
PAPERCLIP_INSTANCE_ID | default | Instance identifier for multiple local instances |
PAPERCLIP_DEPLOYMENT_MODE | local_trusted | Runtime mode override |
PAPERCLIP_DEPLOYMENT_EXPOSURE | private | Exposure policy when PAPERCLIP_DEPLOYMENT_MODE=authenticated |
PAPERCLIP_PUBLIC_URL | (derived) | Canonical browser URL for the instance |
PAPERCLIP_AUTH_BASE_URL_MODE | auto | Whether Better Auth should derive or require an explicit base URL |
PAPERCLIP_AUTH_PUBLIC_BASE_URL | (derived) | Explicit Better Auth base URL for hosted/public deployments |
PAPERCLIP_AUTH_DISABLE_SIGN_UP | false | Disable end-user sign-up for Better Auth sessions |
PAPERCLIP_ALLOWED_HOSTNAMES | (optional) | Extra hostnames trusted in authenticated/private mode |
SERVE_UI | false | Serve the UI from the API process |
DISABLE_TELEMETRY | false | Disable telemetry collection |
PORKBUN_API_KEY | (optional) | DNS automation when sydiolabs.com remains Porkbun-managed |
PORKBUN_SECRET_API_KEY | (optional) | Porkbun API secret paired with PORKBUN_API_KEY |
PORKBUN_DOMAIN | sydiolabs.com | Authoritative domain used for hosted monitor DNS automation |
Board/Auth Secrets
| Variable | Default | Description |
|---|---|---|
BETTER_AUTH_SECRET | (required in authenticated mode) | Board/session auth secret for Better Auth |
BETTER_AUTH_URL | (derived) | Better Auth base URL override |
BETTER_AUTH_BASE_URL | (derived) | Better Auth base URL override |
BETTER_AUTH_TRUSTED_ORIGINS | (optional) | Additional trusted origins for Better Auth |
PAPERCLIP_AGENT_JWT_SECRET | (required for local agent JWTs) | Signs the short-lived PAPERCLIP_API_KEY JWT injected into local heartbeat runs |
PAPERCLIP_AGENT_JWT_TTL_SECONDS | 172800 | Lifetime for the injected agent JWT, in seconds |
PAPERCLIP_AGENT_JWT_ISSUER | paperclip | JWT issuer claim for injected agent tokens |
PAPERCLIP_AGENT_JWT_AUDIENCE | paperclip-api | JWT audience claim for injected agent tokens |
PAPERCLIP_SECRETS_MASTER_KEY | (from file) | 32-byte encryption key (base64/hex/raw) |
PAPERCLIP_SECRETS_MASTER_KEY_FILE | ~/.paperclip/.../secrets/master.key | Path to key file |
PAPERCLIP_SECRETS_STRICT_MODE | false | Require secret refs for sensitive env vars |
Provider / Connector Auth
These are deployment-specific and should be owned by the provider or connector layer, not by Paperclip’s board auth.| Variable | Description |
|---|---|
COMPOSIO_* | Deployment-specific connected-account configuration, webhook auth, and connection metadata |
OPENAI_API_KEY | OpenAI API key for Codex Local or hosted containerized adapter runs |
ANTHROPIC_API_KEY | Anthropic API key for Claude Local adapter runs |
Agent Runtime
These are set automatically by the server when invoking agents:| Variable | Description |
|---|---|
PAPERCLIP_AGENT_ID | Agent’s unique ID |
PAPERCLIP_COMPANY_ID | Company ID |
PAPERCLIP_API_URL | Paperclip API base URL |
PAPERCLIP_API_KEY | Short-lived JWT for API auth |
PAPERCLIP_RUN_ID | Current heartbeat run ID |
PAPERCLIP_TASK_ID | Issue that triggered this wake |
PAPERCLIP_WAKE_REASON | Wake trigger reason |
PAPERCLIP_WAKE_COMMENT_ID | Comment that triggered this wake |
PAPERCLIP_APPROVAL_ID | Resolved approval ID |
PAPERCLIP_APPROVAL_STATUS | Approval decision |
PAPERCLIP_LINKED_ISSUE_IDS | Comma-separated linked issue IDs |
Hosted Ingress
| Variable | Description |
|---|---|
CLOUDFLARE_TUNNEL_TOKEN | Enables the cloudflared container when present |
OBS_ENABLE_CLOUDFLARE_TUNNEL | Alternate opt-in flag for the tunnel container |
OBS_PROXY_HTTP_PORT | Local-only port override for the hostname router |
Operator Notes
- Treat
BETTER_AUTH_SECRET,PAPERCLIP_AGENT_JWT_SECRET, database credentials, and provider API keys as separate secret classes. - Use
PAPERCLIP_PUBLIC_URLas the canonical browser origin when possible. - Use
PAPERCLIP_ALLOWED_HOSTNAMESonly for extra private hostnames in authenticated/private mode. - Keep
COMPOSIO_*values out of Paperclip’s secret store unless they are explicitly consumed by a deployment script.