Environment Variables

x-fidelity supports various environment variables to configure its behavior. This guide explains each available option.

Core Configuration

OpenAI Integration

# Your OpenAI API key for AI-powered analysis
OPENAI_API_KEY=your_api_key_here

# The OpenAI model to use (default: 'gpt-4o')
OPENAI_MODEL=gpt-4o

Server Configuration

# The port for the config server to listen on (default: 8888)
XFI_LISTEN_PORT=8888

# Path to SSL certificates for HTTPS config server
CERT_PATH=/path/to/certs

# Allow self-signed certificates (use with caution)
NODE_TLS_REJECT_UNAUTHORIZED=0

Security

# Shared secret for securing telemetry and certain server routes
XFI_SHARED_SECRET=your_shared_secret_here

# Secret for GitHub webhook endpoints
GITHUB_WEBHOOK_SECRET=your_github_webhook_secret

Logging

# Set logging level (default: 'info')
XFI_LOG_LEVEL=debug

# Disable colored output in CLI logs (default: enabled)
XFI_LOG_COLORS=false

The XFI_LOG_COLORS environment variable controls whether CLI output includes ANSI color codes. This is useful in CI/CD, when redirecting logs to files, or in terminals that don't support colors. The VSCode extension disables colors when spawning the CLI.

Usage Examples

Basic Setup

export OPENAI_API_KEY=your_api_key_here
export XFI_SHARED_SECRET=your_shared_secret_here
xfidelity .

Server Mode with SSL

export XFI_LISTEN_PORT=9999
export CERT_PATH=/etc/ssl/certs
export XFI_SHARED_SECRET=your_shared_secret_here
xfidelity --mode server

Development Setup

export NODE_TLS_REJECT_UNAUTHORIZED=0
export XFI_LOG_LEVEL=debug
xfidelity . --configServer https://localhost:8888

Best Practices

1. Security:

   • Never commit environment variables to version control
   • Use strong, unique secrets
   • Rotate secrets regularly
   • Use different secrets for development and production

2. Configuration Management:

   • Use a .env file for local development
   • Use CI/CD secrets for production
   • Document all required variables
   • Provide example values

3. SSL/TLS:

   • Always use HTTPS in production
   • Only disable certificate verification in development
   • Use proper certificates in production
   • Keep certificates up to date

4. Logging:

   • Use appropriate log levels
   • Enable debug logging when needed
   • Monitor log output
   • Rotate log files

Next Steps

• Set up Local Configuration
• Configure Remote Configuration
• Learn about OpenAI Integration