-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
65 lines (58 loc) · 4.57 KB
/
Copy path.env.example
File metadata and controls
65 lines (58 loc) · 4.57 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
# Model ROLES for a LIVE run (read by ReverseConfig.from_env). Referred to by role, never a fixed name.
# `render`/`response`/`export` need none of this — they work offline on any trace.
# --- planner + lifeline (required for a live reverse) ---
CR_ROOT_LM=openai/gpt-4o # planner: the cheap orchestrator driving the REPL loop
CR_SUB_LM=openai/gpt-4o # lifeline: the expensive security brain (llm_query); never writes YAML
CR_API_KEY=sk-...
# CR_BASE_URL=https://your-endpoint/v1 # OpenAI-compatible proxy (then use the plain model ids it serves)
# --- OR: run planner + lifeline on a Claude Pro/Max SUBSCRIPTION (no API key) ---
# Give a role the `claude-agent-sdk/<id>` prefix and it runs on your personal Claude subscription via
# the official Claude Agent SDK (the vendored cve_reverser/claude_agent_lm.py) — each call a pure
# completion (no tools, no filesystem, no settings leakage). Prerequisites: `uv sync --extra
# subscription`; the Claude Code CLI installed and logged in (`claude` → /login, or `claude
# setup-token` → export CLAUDE_CODE_OAUTH_TOKEN); and you MUST `unset ANTHROPIC_API_KEY` — the CLI
# silently prefers it and would bill API credit (the adapter refuses to start while it is set). Prefer
# full model ids over aliases (which drift over time).
# CR_ROOT_LM=claude-agent-sdk/claude-sonnet-5 # planner on Sonnet 5
# CR_SUB_LM=claude-agent-sdk/claude-fable-5 # lifeline on Fable 5
# CR_API_KEY/CR_BASE_URL are then unused BY THESE TWO ROLES, but the GENERATOR still needs its own
# OpenAI-compatible endpoint — a subscription-only end-to-end run is NOT possible. You MUST set
# CR_GENERATOR_LM to a real model id (and GENERATOR_BASE_URL/GENERATOR_API_KEY if it's a separate box);
# leaving it UNSET makes the generator inherit the `claude-agent-sdk/…` CR_SUB_LM and from_env fails
# LOUD (the generator uses an OpenAI client, not the Agent SDK). Budgets use the SAME env vars as proxy
# mode. Expect ~2-5s CLI-spawn overhead per call, so keep runs interactive (not batch/CI).
# CR_PLANNER_MAX_TOKENS is inert on this path — the Agent SDK exposes no token/sampling controls.
# --- template generator (the SEAM) ---
CR_TEMPLATE_BACKEND=self # "self" = a general model authors the YAML (default, open-source-ready)
# "harness" = (future) delegate to a mature downstream harness via make_harness_tool
# CR_GENERATOR_LM=openai/gpt-4o # generator model for the "self" backend (defaults to CR_SUB_LM)
# GENERATOR_BASE_URL=... # point the generator at a separate box (defaults to CR_BASE_URL)
# GENERATOR_API_KEY=...
# CR_TEMPLATE_AUTHOR=cve-reverser # the canonical info.author the author gate enforces
# --- sandbox (required for a live reverse) ---
CR_INTERPRETER=deno # the pyodide/deno sandbox is the security boundary. `brew install deno`
# --- budget (optional) ---
# CR_MAX_ITERATIONS=30
# CR_MAX_LLM_CALLS=10
# CR_PLANNER_MAX_TOKENS=16384 # the planner/lifeline model's own generation cap
# CR_MAX_OUTPUT_CHARS=10000 # head+tail char cap dspy.RLM puts on each REPL output the planner
# sees; raise it if a large plugin diff/file gets truncated mid-patch
# CR_GENERATOR_CIRCUIT_BREAK=5
# --- fetch / feed (optional) ---
# CR_FETCH_PROVIDER=direct # host-side SSRF-guarded httpx fetch (the only provider shipped)
# CR_FETCH_ALLOW_CIDRS=198.18.0.0/16 # ONLY if you're behind a fake-IP proxy / split-DNS VPN
# # (Clash/Mihomo/Surge default range 198.18.0.0/16, etc.) that maps
# # public hosts into a RESERVED range — otherwise every fetch is
# # refused as "internal" and the planner is starved of source.
# # Empty = full SSRF strictness (localhost/metadata always refused).
# Feed source is FIXED: the Patchstack database page (no key, no provider knob). `today` lists
# High/Critical WordPress *plugin* CVEs disclosed in the last ~24h, highest-CVSS first.
# CR_MIN_CVSS=7.0 # High/Critical floor (the author's rule)
# CR_MAX_LEADS=10 # cap CVEs per `today` run
# --- publishing (optional, off by default) — host-side GitHub commit of the per-CVE folder ---
# Set BOTH to enable `--publish`. Publishing is a DETERMINISTIC host-side step AFTER the run (the
# planner never gets write creds); it commits <YEAR>/<CVE_ID>/ and, for a CVSS>=9 unauth bug, opens
# a [CRITICAL] issue.
# CR_GITHUB_REPO=owner/name
# CR_GITHUB_TOKEN=ghp_... # PAT with contents (+ issues) write scope
# CR_GITHUB_BRANCH=main