Environment Variables
Complete reference for every environment variable used by the oversight server and
task runner. Copy .env.example to .env to get started —
the runner will do this automatically on first launch if no .env exists.
Supabase
These connect oversight to your Supabase project. The server uses the
service role key for backend operations; the web frontend uses the
anon key with RLS policies.
| Variable | Required | Default | Description |
|---|
SUPABASE_URL |
Yes |
— |
Your Supabase project URL, e.g. https://xxxx.supabase.co |
SUPABASE_ANON_KEY |
Yes |
— |
Supabase anon (public) key. Used by the browser OAuth login flow and user-scoped client. |
SUPABASE_SERVICE_ROLE_KEY |
Yes |
— |
Supabase service role key. Used by the server and runner for unrestricted database access (bypasses RLS). |
VITE_SUPABASE_URL |
Yes |
— |
Same as SUPABASE_URL. Vite requires the VITE_ prefix to expose variables to the frontend. |
VITE_SUPABASE_ANON_KEY |
Yes |
— |
Same as SUPABASE_ANON_KEY. Exposed to the Vite frontend. |
GitHub
GitHub credentials for OAuth login and API access. The runner can obtain a token
via browser OAuth automatically, but a PAT is useful for headless/CI environments.
| Variable | Required | Default | Description |
|---|
GITHUB_OAUTH_CLIENT_ID |
No |
— |
OAuth App client ID. Used by Supabase for GitHub authentication and for token refresh. Only needed for multi-user setups. |
GITHUB_OAUTH_CLIENT_SECRET |
No |
— |
OAuth App client secret. Used server-side for the token refresh endpoint. Only needed for multi-user setups. |
GITHUB_PAT |
No |
— |
Personal access token. Fallback for the task runner when browser OAuth is not available (e.g. headless servers). Needs repo scope. |
Runner
Configuration for the background task runner daemon.
| Variable | Required | Default | Description |
|---|
RUNNER_USER_ID |
No |
Auto-detected |
Explicit Supabase user UUID. Tells the runner whose tasks to pick up. If omitted, auto-detects when there is exactly one user, otherwise opens browser for OAuth login. |
OVERSIGHT_CLI |
No |
Auto-detected |
Which AI CLI the runner uses: claude or codex. Auto-detects if unset, preferring claude then falling back to codex. |
OVERSIGHT_REPO_DIR |
No |
$TMPDIR/oversight-repo-cache |
Directory for cloned repos and worktrees. The default temp path is lost on reboot; set this for persistence. |
AI / CopilotKit
| Variable | Required | Default | Description |
|---|
COPILOTKIT_MODEL |
No |
claude-opus-4-6 |
Model for the AI copilot endpoint. Uses Anthropic models by default. |
Notion
Optional integration for syncing review results to Notion pages.
| Variable | Required | Default | Description |
|---|
NOTION_API_KEY |
No |
— |
Notion internal integration token. Create one at notion.so/my-integrations. |
NOTION_DATABASE_ID |
No |
— |
Notion database ID for syncing plans and proposals. |
Server
| Variable | Required | Default | Description |
|---|
PORT |
No |
3001 |
HTTP port for the Fastify server. |
CORS_ORIGINS |
No |
http://localhost:5173,http://localhost:3000 |
Comma-separated list of allowed CORS origins. |
Example .env
# Supabase
SUPABASE_URL=https://xxxx.supabase.co
SUPABASE_ANON_KEY=eyJ...
SUPABASE_SERVICE_ROLE_KEY=eyJ...
VITE_SUPABASE_URL=https://xxxx.supabase.co
VITE_SUPABASE_ANON_KEY=eyJ...
# GitHub OAuth (for Supabase auth provider)
GITHUB_OAUTH_CLIENT_ID=Iv1.abc123
GITHUB_OAUTH_CLIENT_SECRET=secret123
# Optional: GitHub PAT for headless runner
# GITHUB_PAT=ghp_...
# Optional: Notion integration
# NOTION_API_KEY=ntn_...
# Server
PORT=3001
Tip: The runner automatically copies .env.example to
.env on first launch if no .env file exists. Edit it with
your actual credentials before running.