# ai-bot configuration. Copy to ai-bot.env (chmod 600, gitignored) and fill in. # # The bot runs as a Synapse application service: it authenticates with the # registration.yaml tokens (as_token/hs_token), which never expire — no token # rotation, no stored password. # # Secrets (AS_TOKEN, HS_TOKEN, XAI_API_KEY) should live OUTSIDE this file in # production — provide them as mounted files / Docker secrets via the *_FILE # indirection (see the secrets block). They never belong in the client # config.json or the Docker image (.dockerignore keeps .env out of the build). # --- Matrix (non-secret) --- HOMESERVER_URL=http://synapse:8008 # docker service name, NOT localhost BOT_MXID=@ai:vojo.chat # must equal @: BOT_DISPLAY_NAME=Vojo AI # set on the bot profile at startup AS_ADDR=:8009 # transaction-push listen addr (matches registration url) # --- xAI (non-secret) --- XAI_BASE_URL=https://api.x.ai/v1 # Verify the id on docs.x.ai before deploy (D2). Alternative: grok-4.3. XAI_MODEL=grok-4.20-0309-non-reasoning XAI_TEMPERATURE=0.6 MAX_OUTPUT_TOKENS=320 # --- Behaviour (non-secret) --- ALLOWED_SERVERS=vojo.chat # comma-separated inviter-homeserver allowlist MAX_CONTEXT_EVENTS=20 # --- Spend limiter (non-secret) --- DAILY_USD_CEILING=10 PER_USER_DAILY_CAP=30 XAI_PRICE_INPUT_PER_M=1.25 # fallback per-1M prices that bound the hard ceiling XAI_PRICE_CACHED_PER_M=0.20 XAI_PRICE_OUTPUT_PER_M=2.50 # --- Paths (non-secret) --- SYSTEM_PROMPT_PATH=prompts/system_ru.txt STATE_DIR=/state # --- SECRETS --------------------------------------------------------------- # Preferred (prod): point at mounted read-only files / Docker secrets: # AS_TOKEN_FILE=/run/secrets/as_token # = as_token in ai-registration.yaml # HS_TOKEN_FILE=/run/secrets/hs_token # = hs_token in ai-registration.yaml # XAI_API_KEY_FILE=/run/secrets/xai_api_key # # Simple (dev): inline here instead (mutually exclusive with the *_FILE form): # AS_TOKEN=... # HS_TOKEN=... # XAI_API_KEY=xai-...