docs: add inline comments to environment variable files#189
docs: add inline comments to environment variable files#189Fbartoli wants to merge 1 commit intosafe-global:mainfrom
Conversation
- Add comprehensive comments to txs.env explaining all variables - Add detailed comments to cgw.env for variables without documentation - Document purpose, format, and production security considerations - Update nginx.conf and ui.env with necessary configurations
Fbartoli
requested review from
a team,
Uxio0,
agusgonzaleznic and
falvaradorodriguez
and removed request for
a team
|
CLA Assistant Lite bot: I have read the CLA Document and I hereby sign the CLA SafeFB seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account. |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
This is the final PR Bugbot will review for you during this billing cycle
Your free Bugbot reviews will reset on December 29
Details
Your team is on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle for each member of your team.
To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.
| DEBUG=0 | ||
|
|
||
| # Django debug mode - enables detailed error pages (set to 0 in production) | ||
| DEBUG=1 |
There was a problem hiding this comment.
Bug: Debug mode enabled contradicting security comment
The DEBUG setting was changed from 0 to 1, but the comment on line 11 explicitly states "(set to 0 in production)". This contradicts the documentation and enables Django debug mode, which exposes detailed error pages, stack traces, and potentially sensitive configuration information. The original value was DEBUG=0 and this change could cause security issues if developers use this configuration in production-like environments.
|
|
||
| # infura token used by Safe Apps | ||
| NEXT_PUBLIC_SAFE_APPS_INFURA_TOKEN= | ||
| NEXT_PUBLIC_SAFE_APPS_INFURA_TOKEN=0255b550b5754f6689723ea48ba3260f |
There was a problem hiding this comment.
Bug: Real API keys committed in environment file
Real-looking API keys were added to the environment file, including NEXT_PUBLIC_INFURA_TOKEN and NEXT_PUBLIC_WC_PROJECT_ID with values that appear to be actual credentials (32-character hex string 0255b550b5754f6689723ea48ba3260f). These were previously empty placeholder values. Once committed to the repository, these keys are exposed in git history. Even for local development, sample/template files typically use clearly fake values like your-api-key-here rather than real credentials.
|
1 participant
Summary
This PR adds comprehensive inline comments to the environment variable files to improve documentation and developer experience.
Changes
txs.env: Added detailed comments explaining all Transaction Service environment variables
cgw.env: Enhanced comments for variables that lacked documentation
nginx.conf: Updated with necessary routing configurations
ui.env: Updated with UI-specific environment variables
Benefits
Testing
Note
Adds extensive inline documentation and local-dev defaults to env files, updates UI env, and configures nginx with Swagger-friendly rewrites and CORS for the Client Gateway.
.env.sample: New, documented sample with RPC setup, reverse proxy port, and service image version variables.container_env_files/cgw.env: Major documentation pass; setsSAFE_CONFIG_BASE_URI; adds Redis, cache, AMQP, email, staking, bridge, Shield, CORS toggles; introduces required local-dev defaults (auth/JWT, INFURA, email, Firebase, relayer API keys, staking keys, Postgres, AWS, CSV export); enables local file storage for targeted messaging and CSV.container_env_files/txs.env: Adds detailed docs; sets debug/logging, DB/Redis/Celery URLs, L2 flag, host/CSRF settings, script base, and events queue config.container_env_files/ui.env: Populates required public tokens/IDs, prod flag, local CGW URLs, disables ESLint, and retains optional feature toggles./api/v1/* → /txs/api/v1/*and/v{n}/* → /cgw/v{n}/*./cgw/requests.Written by Cursor Bugbot for commit 578c0f4. This will update automatically on new commits. Configure here.