Configuration is passed as Action inputs in GitHub Action mode and as
environment variables in server modes.
LLM
| Env var |
Action input |
Default |
Description |
LLM_API_KEY |
llm_api_key |
required |
Bearer token for the LLM endpoint. In web mode, provider configs can supply per-repo keys. |
LLM_API_BASE |
llm_api_base |
https://api.openai.com/v1 |
OpenAI-compatible API base. LLM_BASE_URL is also accepted as an env alias. |
LLM_MODEL |
llm_model |
first model from /models |
Model identifier. |
LLM_BILL_TO |
llm_bill_to |
unset |
Optional routing slug, used for Hugging Face Router requests. |
LLM_MAX_TOKENS |
llm_max_tokens |
4096 |
Maximum completion tokens. |
LLM_STREAM |
llm_stream |
env default true, Action default false |
Consume streaming SSE responses. |
LLM_REASONING_EFFORT |
none |
unset |
Optional reasoning_effort value passed through to providers that support it. |
LLM_MAX_INPUT_TOKENS |
none |
2000000 |
Hard cap on cumulative input tokens for a review. Set 0 to disable. |
Review Behavior
| Env var |
Action input |
Default |
Description |
MENTION_TRIGGER |
mention_trigger |
@askserge |
Phrase that triggers reviews. |
REVIEW_EVENT |
review_event |
COMMENT |
Fallback review event when the model omits one. |
MAX_DIFF_CHARS |
max_diff_chars |
200000 |
Maximum diff characters sent to the LLM. |
REVIEW_RULES_PATH |
review_rules_path |
.ai/review-rules.md |
Rules file read from the target repo default branch. |
DEFAULT_REVIEW_RULES |
default_review_rules |
general Python correctness and security rules |
Fallback when no rules file exists. |
ALLOW_APPROVE |
none |
false |
Allows publishing APPROVE events in App/web mode. |
PERSONA_HEADER |
none |
🤗 **Serge** says: |
Prefix for failure comments and bot messages. |
STAGING |
staging |
false |
Marks a non-production deployment. Published reviews then carry a note that they were posted from staging. |
Context Compression
Opt-in compression of token-heavy context (tool outputs, older turns) before
each LLM call, via the headroom-ai
package. Install the extra with pip install '.[headroom]' (the Action pulls
it in automatically when headroom_compress is on). It is a no-op if the
package is missing or a compression call fails, so a review never breaks on it.
| Env var |
Action input |
Default |
Description |
HEADROOM_COMPRESS |
headroom_compress |
false |
Master switch. |
HEADROOM_TARGET_RATIO |
headroom_target_ratio |
unset |
Keep-ratio for text compression (e.g. 0.5). Empty lets headroom decide. |
HEADROOM_COMPRESS_USER_MESSAGES |
headroom_compress_user_messages |
false |
Also compress user messages (the annotated diff). Off keeps cited lines intact. |
HEADROOM_COMPRESS_SYSTEM_MESSAGES |
headroom_compress_system_messages |
true |
Compress system messages. |
HEADROOM_PROTECT_RECENT |
headroom_protect_recent |
4 |
Never compress the last N messages. |
HEADROOM_MIN_TOKENS |
headroom_min_tokens |
250 |
Skip messages shorter than this many tokens. |
HEADROOM_KOMPRESS_MODEL |
headroom_kompress_model |
unset |
Kompress model id, or disabled to skip ML compression. |
HEADROOM_MODEL_LIMIT |
headroom_model_limit |
200000 |
Model context window (tokens) used for sizing. |
Repository Context and Tools
| Env var |
Action input |
Default |
Description |
CONTEXT_SCRIPT_PATH |
context_script_path |
.ai/context-script |
Optional executable context script. |
CONTEXT_SCRIPT_TIMEOUT |
context_script_timeout |
30 |
Seconds before the context script is ignored. |
HELPER_TOOLS_PATH |
helper_tools_path |
.ai/review-tools.json |
Optional helper tool config. |
REPO_CHECKOUT_PATH |
repo_checkout_path |
Action: github.workspace; env: empty |
Local checkout root for read-only tools. Empty disables tools. |
TOOL_MAX_ITERATIONS |
tool_max_iterations |
env default 30, Action default 8 |
Maximum tool-calling rounds. Set 0 to disable the cap. |
GitHub App
| Env var |
Required for |
Description |
GITHUB_APP_ID |
App/web publish |
Numeric GitHub App ID. |
GITHUB_PRIVATE_KEY |
App/web publish |
Inline PEM private key. Literal \n sequences are expanded. |
GITHUB_PRIVATE_KEY_PATH |
App/web publish |
Path to the PEM private key. |
GITHUB_WEBHOOK_SECRET |
Webhook mode |
Webhook signing secret. |
WEBHOOK_MAX_WORKERS |
reviewbot-app |
Concurrent webhook review workers. Default 2. |
Web App
| Env var |
Default |
Description |
GITHUB_OAUTH_CLIENT_ID |
required unless DEV_NO_AUTH=1 |
GitHub OAuth client ID. |
GITHUB_OAUTH_CLIENT_SECRET |
required unless DEV_NO_AUTH=1 |
GitHub OAuth client secret. |
GITHUB_OAUTH_CALLBACK_URL |
optional |
Callback URL registered on the OAuth App. |
WEB_SESSION_SECRET |
required unless DEV_NO_AUTH=1 |
Secret for signed session cookies. |
WEB_ALLOWED_USERS |
unset |
Comma-separated GitHub logins allowed into the UI. |
WEB_ALLOWED_ORG |
unset |
Comma-separated GitHub orgs allowed into the UI. |
WEB_STORE_PATH |
jobs.db |
SQLite path. |
WEB_JOB_RETENTION |
25 |
Number of recent jobs to retain. |
DEV_NO_AUTH |
false |
Disables OAuth for local development only. |
WEB_INSECURE_COOKIES |
false |
Drops the Secure flag from session cookies. |
WEB_CLONE_CACHE_DIR |
temp directory |
Shared clone cache path. |
WEB_CLONE_CACHE_TTL_SECONDS |
604800 |
Clone cache TTL. |
WEB_CLONE_DEPTH |
50 |
Shallow fetch depth. |
WEB_GITHUB_APP_URL |
project default |
Install/configure URL shown in the web help page. Set this to your GitHub App URL for public deployments. |
Tasks (write-capable)
The tasks flow is off by default. When enabled, it also needs
the GitHub App to hold Contents: write + Pull Requests: write and a per-repo
opt-in flag on the provider config.
| Env var |
Default |
Description |
TASK_API_ENABLED |
false |
Master switch for POST /tasks. |
TASK_OIDC_ISSUER |
https://token.actions.githubusercontent.com |
OIDC issuer (override for GHES / self-hosted). |
TASK_OIDC_AUDIENCE |
serge |
aud value the OIDC token must carry. |
TASK_LLM_MAX_TOKENS |
unset |
Task-only completion-token cap. Unset means tasks use LLM_MAX_TOKENS; normal reviews are unchanged. |
TASK_LLM_MAX_INPUT_TOKENS |
unset |
Task-only cumulative input-token cap. Unset means tasks use LLM_MAX_INPUT_TOKENS; normal reviews are unchanged. |
TASK_TOOL_MAX_ITERATIONS |
unset |
Task-only tool-loop cap. Unset means tasks use TOOL_MAX_ITERATIONS; normal reviews are unchanged. |
TASK_MAX_FOLLOWUPS |
5 |
Max serge-authored commits per fix branch. 0 disables the cap. |
TASK_MAX_WORKERS |
2 |
Concurrent task workers (separate pool from reviews). |
Normalize validation (in-loop)
Optionally validate each patch against the target repo’s own normalizer (e.g.
make style && make fix-repo) inside the LLM loop: serge applies the patch
to the worktree and runs the normalizer; if it fails, the error is fed back to
the model so it corrects the patch (up to TASK_NORMALIZE_MAX_RETRIES times).
On success the worktree already holds the applied + normalized result, so the
opened PR is conformant at creation (no red repo-consistency CI, no follow-up
commit). Opt-in — unset TASK_NORMALIZE_COMMAND and serge behaves exactly as
before. See normalize validation for the full setup.
| Env var |
Default |
Description |
TASK_NORMALIZE_COMMAND |
unset |
Argv to run (shell-quoted, e.g. bash -lc 'make style && make fix-repo'). Unset disables validation. Operator/repo config — never request-supplied. |
TASK_NORMALIZE_IMAGE |
unset |
Docker image (repo toolchain baked in) for the docker backend. |
TASK_SANDBOX_BACKEND |
auto |
bwrap | docker | kubernetes | auto. auto = docker when an image is set and the docker CLI is present, else bwrap. |
TASK_NORMALIZE_TIMEOUT |
1800 |
Per-run timeout (seconds). |
TASK_NORMALIZE_MEMORY |
unset |
Optional docker --memory cap (e.g. 4g). |
TASK_NORMALIZE_MAX_RETRIES |
2 |
How many times a normalizer rejection is fed back to the model for correction. 0 = validate once, no corrective re-prompts. |
TASK_NORMALIZE_GUIDANCE |
unset |
Free-text policy injected into the task system prompt and the normalize-failure feedback (e.g. “prefer root-cause fixes over # noqa”). For anything the command itself can’t express. |
Task fixes also read the repo’s own conventions file (REVIEW_RULES_PATH,
default .ai/review-rules.md) straight from the checked-out branch and inject
it into the patch-writing prompt — the same file the review flow uses. Point it
at AGENTS.md (or any committed path) if that’s where your conventions live.
The model is told, regardless of config, to fix root causes and use
suppressions (# noqa, # type: ignore) only as a last resort.
Server
| Env var |
Default |
Description |
PORT |
8080 |
Development server port. |
LOG_LEVEL |
INFO |
Logging level. |