diff --git a/.vitepress/data/env.reference.yaml b/.vitepress/data/env.reference.yaml index f19da23..3d8668c 100644 --- a/.vitepress/data/env.reference.yaml +++ b/.vitepress/data/env.reference.yaml @@ -90,6 +90,23 @@ envs: - A **space-delimited** list of repository names *(`debian`, `additional`, `trixie`)*. - A boolean `true` or `*` value to disable all repositories. + disable_restrictions: + type: string + default: null + since: 0.2.2 + reference: /tools/apt + example: x11 mail + description: Disables specified APT install restrictions or all restrictions. + longDescription: | + The workspace ships with a set of preference files that block + GUI/desktop and other packages that have no use inside a headless + container *(`x11`, `desktop`, `mail`, `printing`, `daemons`, + `language-pack`, `obsolete`)*. + + Accepts either: + - A **space-delimited** list of restriction names. + - A boolean `true` or `*` value to disable all restrictions. + update_cache: type: boolean default: false @@ -105,6 +122,35 @@ envs: since: 0.0.20 description: Disables password-less `sudo`. + github_token: + type: string + default: null + since: 0.2.2 + example: ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx + description: GitHub personal access token for the workspace and `gh`. + reference: /editor/authentication + longDescription: | + Authenticates the workspace's GitHub provider and, when the + opt-in `gh` feature is installed, runs `gh auth login --with-token`. + Terminal `git` HTTPS auth is not wired — use SSH or a credential + helper. + + For vault entries, prefer `type: file` over `type: env`. The + latter writes to `~/.zshenv` and leaks the token to interactive + shells. + + github_token_file: + type: string + default: /run/secrets/workspace/auth_github_token + since: 0.2.2 + description: Path to a file containing the GitHub personal access token. + reference: /editor/authentication + longDescription: | + **GitHub token lookup precedence:** + + 1. `WS_AUTH_GITHUB_TOKEN_FILE` *(this variable)*. + 2. `WS_AUTH_GITHUB_TOKEN` *(env var)*. + password: type: string default: null @@ -119,7 +165,7 @@ envs: password_file: type: string default: /run/secrets/workspace/auth_password - since: 0.1.3 + since: 0.2.0 description: Path to a file containing the plaintext password. reference: /editor/authentication longDescription: | @@ -144,7 +190,7 @@ envs: password_hashed_file: type: string default: /run/secrets/workspace/auth_password_hashed - since: 0.1.3 + since: 0.2.0 description: Path to a file containing the Argon2 hashed password. reference: /editor/authentication longDescription: | @@ -190,49 +236,49 @@ envs: statusline_disable: type: boolean default: false - since: 0.1.3 + since: 0.2.0 reference: /tools/claude description: Disables the Claude Code statusline. statusline_hide_context_bar: type: boolean default: false - since: 0.1.3 + since: 0.2.0 reference: /tools/claude description: Hides the context usage bar in the Claude statusline. statusline_hide_git: type: boolean default: false - since: 0.1.3 + since: 0.2.0 reference: /tools/claude description: Hides git branch and status in the Claude statusline. statusline_hide_lines_changed: type: boolean default: false - since: 0.1.3 + since: 0.2.0 reference: /tools/claude description: Hides lines added/removed in the Claude statusline. statusline_hide_model: type: boolean default: false - since: 0.1.3 + since: 0.2.0 reference: /tools/claude description: Hides the model name in the Claude statusline. statusline_script: type: string default: /etc/claude-code/statusline.zsh - since: 0.1.3 + since: 0.2.0 reference: /tools/claude description: Path to the statusline script. statusline_shell: type: string default: zsh - since: 0.1.3 + since: 0.2.0 reference: /tools/claude description: Shell used to execute the statusline script. @@ -332,7 +378,7 @@ envs: trusted_domains: type: string default: null - since: 0.1.3 + since: 0.2.0 example: >- https://github.com,https://stackoverflow.com description: >- @@ -373,7 +419,7 @@ envs: store_url: type: string default: null - since: 0.1.3 + since: 0.2.0 example: http://feature-store.local:8080 reference: /editor/features#feature-store description: URL of a ws-feature-store instance used as a local mirror. @@ -746,43 +792,11 @@ envs: type: string default: >- 1password auto-venv docker encode64 fzf-history git - golang helm kubectl npm python pip safe-history + golang helm kubectl npm python pip ssh-agent yarn zsh-autosuggestions example: kubectl npm python pip description: Enables built-in `oh-my-zsh` plugins. - safe_history_ignore_failed: - type: boolean - default: true - reference: /editor/terminal - description: Prevents failed commands from being persisted to history file. - longDescription: | - When `true`, commands that exit with a non-zero status are kept in the - current session's history *(accessible via up-arrow)* but are **not** - written to `$HISTFILE`. - - Only successful commands are persisted across sessions. - - safe_history_ignore_secrets: - type: boolean - default: true - reference: /editor/terminal - description: Prevents commands containing secrets from entering history. - longDescription: | - When `true`, commands matching built-in secret patterns - *(e.g. `TOKEN=...`, `--password=...`, `Authorization:` headers, `curl -u`)* - are blocked entirely, they don't appear in the session history or on disk. - - safe_history_secret_patterns: - type: string - default: null - reference: /editor/terminal - description: Additional pipe-delimited regex patterns treated as secrets. - longDescription: | - Accepts a **pipe-delimited** list of regex patterns appended to the - built-in secret patterns. Commands matching any pattern are excluded - from history entirely. - example: my-corp-token|INTERNAL_KEY= deprecated: WS_APT_UPDATE_REPOS: