fix: unify env var configuration -- API_KEY mismatch, missing vars (OPE-72)

[DevanshuNEU]

Problem

Env var configuration was broken for self-hosters:

1. API_KEY vs DEV_API_KEY: .env.example documented API_KEY but backend reads DEV_API_KEY. docker-compose passed API_KEY which backend silently ignored.
2. EMBEDDING_MODEL mismatch: .env.example said text-embedding-3-large but code defaults to text-embedding-3-small.
3. 5 vars missing from .env.example: DEV_API_KEY, DEBUG, LOG_LEVEL, REDIS_URL undocumented.
4. Dead vars in conftest: SUPABASE_KEY and API_KEY set but never read.

Fix

File	Change
.env.example	Replaced API_KEY with DEV_API_KEY. Fixed EMBEDDING_MODEL default. Added missing vars.
docker-compose.yml	Passes DEV_API_KEY + DEBUG + EMBEDDING_MODEL instead of unused API_KEY.
conftest.py	Removed dead SUPABASE_KEY and API_KEY.
startup_checks.py	Added GITHUB_CLIENT_ID/SECRET, DISCORD_FEEDBACK_WEBHOOK to optional vars.

4 files changed. 284 tests pass.

Closes OPE-72

Summary by CodeRabbit

• Chores
  • Restructured environment configuration with new optional variables for GitHub OAuth, Discord webhook, and Redis integration
  • Changed default embedding model to improve efficiency
  • Added debugging and log level configuration options for development environments

[vercel]

@DevanshuNEU is attempting to deploy a commit to the Dev's projects Team on Vercel.

A member of the Team first needs to authorize it.

[coderabbitai]

Warning

Rate limit exceeded

@DevanshuNEU has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 20 minutes and 4 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between efcd6a4 and 9a2a031.

📒 Files selected for processing (1)

• docker-compose.yml

📝 Walkthrough

Walkthrough

This pull request updates environment variable configuration across the project. Changes include transitioning from a generic API_KEY to a development-specific DEV_API_KEY, updating the default embedding model from text-embedding-3-large to text-embedding-3-small, adding new optional environment variables (DEBUG, LOG_LEVEL, REDIS_URL), and expanding startup checks to monitor additional GitHub and Discord-related configuration variables.

Changes

Cohort / File(s)	Summary
Environment Configuration .env.example, docker-compose.yml	Updated default embedding model to text-embedding-3-small, replaced API_KEY with DEV_API_KEY, added DEBUG and EMBEDDING_MODEL variables, introduced LOG_LEVEL and REDIS_URL. Standardized comment formatting across optional variables.
Startup Validation backend/config/startup_checks.py	Added three optional environment variables (GITHUB_CLIENT_ID, GITHUB_CLIENT_SECRET, DISCORD_FEEDBACK_WEBHOOK) to the OPTIONAL_VARS list with descriptions and fallback messages for startup warnings.
Test Configuration backend/tests/conftest.py	Removed legacy API_KEY and SUPABASE_KEY environment variables; consolidated API key testing to use DEV_API_KEY.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 ✨
Fresh configs hop along the way,
DEV_API_KEY leads the day,
Small embeddings, lighter still,
GitHub secrets bend to our will,
Redis joins the happy crew!

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main fix: unifying environment variable configuration by resolving API_KEY/DEV_API_KEY mismatch and adding missing variables, which are the core changes across all modified files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[DevanshuNEU]

@CodeRabbit review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

docker-compose.yml (2)

38-46: ⚠️ Potential issue | 🟠 Major

GITHUB_CLIENT_ID, GITHUB_CLIENT_SECRET, and LOG_LEVEL are not forwarded into the container.

Every other optional service variable (DISCORD_FEEDBACK_WEBHOOK, COHERE_API_KEY, VOYAGE_API_KEY, SENTRY_DSN) is passed through, but the GitHub OAuth pair and the log-level control are absent. A self-hoster who sets these in their .env file will have GitHub OAuth silently disabled inside Docker and no way to adjust log verbosity without editing docker-compose.yml manually.

🐛 Proposed fix

       - DISCORD_FEEDBACK_WEBHOOK=${DISCORD_FEEDBACK_WEBHOOK}
+      - GITHUB_CLIENT_ID=${GITHUB_CLIENT_ID}
+      - GITHUB_CLIENT_SECRET=${GITHUB_CLIENT_SECRET}
+      - GITHUB_REDIRECT_URI=${GITHUB_REDIRECT_URI}
+      - LOG_LEVEL=${LOG_LEVEL:-INFO}
       - COHERE_API_KEY=${COHERE_API_KEY}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docker-compose.yml` around lines 38 - 46, Add the missing environment
variable pass-throughs for GITHUB_CLIENT_ID, GITHUB_CLIENT_SECRET, and LOG_LEVEL
to the service's environment block so values from the .env are available inside
the container; specifically, add entries referencing ${GITHUB_CLIENT_ID} and
${GITHUB_CLIENT_SECRET} and a LOG_LEVEL entry (with a sensible default like
info) alongside the existing variables (DEV_API_KEY, DEBUG, EMBEDDING_MODEL,
BACKEND_API_URL, etc.) to ensure GitHub OAuth and runtime log verbosity are
configurable without editing docker-compose.yml.

---

100-102: ⚠️ Potential issue | 🟡 Minor

Stale API_KEY reference in the commented-out MCP server block.

Line 101 still reads - API_KEY=${API_KEY}, which references the old variable that this PR removes. Anyone who uncomments this service will inherit the wrong key name.

🐛 Proposed fix

-      #   - API_KEY=${API_KEY}
+      #   - DEV_API_KEY=${DEV_API_KEY}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docker-compose.yml` around lines 100 - 102, The commented-out MCP server
block still contains a stale environment variable reference "-
API_KEY=${API_KEY}"; update that commented line in the MCP server block to
either remove the stale API_KEY reference or replace it with the current
environment variable name used elsewhere (e.g., the new key name used by the MCP
service) so that uncommenting the service will not inject the wrong variable;
locate the commented line "- API_KEY=${API_KEY}" and modify or delete it
accordingly.

🧹 Nitpick comments (3)

.env.example (2)

49-54: ENVIRONMENT is stranded in the Sentry block; consider moving it near DEBUG/LOG_LEVEL.

Logically ENVIRONMENT=development belongs alongside the other runtime-mode vars (DEBUG, LOG_LEVEL). Its current placement after SENTRY_INCLUDE_LOCAL_VARS also triggers two additional UnorderedKey linter warnings (lines 53–54): SENTRY_INCLUDE_LOCAL_VARS must precede SENTRY_SEND_PII, and ENVIRONMENT must precede SENTRY_DSN, because I < S and E < S alphabetically within the group.

♻️ Proposed fix

 DEBUG=false
 DEV_API_KEY=
 LOG_LEVEL=INFO
+ENVIRONMENT=development
 
 # Backend API URL (used by MCP server and frontend)

 SENTRY_DSN=
-SENTRY_SEND_PII=false
 SENTRY_INCLUDE_LOCAL_VARS=false
-ENVIRONMENT=development
+SENTRY_SEND_PII=false

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.env.example around lines 49 - 54, ENVIRONMENT is misplaced inside the
Sentry block causing logical grouping and linter UnorderedKey warnings; move the
ENVIRONMENT variable out of the Sentry section and place it alongside the
runtime-mode vars such as DEBUG and LOG_LEVEL, and also reorder the Sentry keys
so SENTRY_INCLUDE_LOCAL_VARS precedes SENTRY_SEND_PII and ENVIRONMENT precedes
SENTRY_DSN to satisfy alphabetical ordering; update the .env.example by
relocating ENVIRONMENT next to DEBUG/LOG_LEVEL and reordering SENTRY_DSN,
SENTRY_SEND_PII, and SENTRY_INCLUDE_LOCAL_VARS accordingly.

---

24-28: DEBUG should precede DEV_API_KEY within the group to fix the linter warning.

Within a blank-line-separated group dotenv-linter expects alphabetical ordering; DEBUG (DEB…) sorts before DEV_API_KEY (DEV…).

♻️ Proposed fix

-DEV_API_KEY=
-DEBUG=false
-LOG_LEVEL=INFO
+DEBUG=false
+DEV_API_KEY=
+LOG_LEVEL=INFO

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.env.example around lines 24 - 28, The env group is out of alphabetical
order and triggers dotenv-linter; swap the two keys so that DEBUG comes before
DEV_API_KEY (i.e., reorder the variables named DEBUG and DEV_API_KEY within the
same blank-line-separated block) to satisfy the linter and maintain the intended
comment semantics.

backend/config/startup_checks.py (1)

21-32: Four new vars introduced in this PR are absent from OPTIONAL_VARS.

DEV_API_KEY, DEBUG, LOG_LEVEL, and REDIS_URL are all newly documented in .env.example and wired through docker-compose.yml by this PR, but none of them appear in OPTIONAL_VARS. Self-hosters will receive no startup warning if they forget to set them.

♻️ Proposed additions

     ("REDIS_HOST", "Redis host for caching", "Using default localhost"),
+    ("REDIS_URL", "Redis connection URL (e.g. Railway)", "Using REDIS_HOST/PORT instead"),
+    ("DEV_API_KEY", "Dev API key to bypass JWT auth when DEBUG=true", "Dev auth bypass disabled"),
+    ("DEBUG", "Enable debug mode", "Debug mode off"),
+    ("LOG_LEVEL", "Application log level", "Using default INFO"),
     ("GITHUB_CLIENT_ID", "GitHub OAuth client ID", "GitHub repo import disabled"),

Based on learnings: "Add new required/optional environment variables to config/startup_checks.py".

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@backend/config/startup_checks.py` around lines 21 - 32, OPTIONAL_VARS in
startup_checks.py is missing four newly introduced environment variables
(DEV_API_KEY, DEBUG, LOG_LEVEL, REDIS_URL); update the OPTIONAL_VARS list to
include entries for each of these with a short human-readable description and a
fallback message (e.g., "Development API key", "Debug mode", "Log level", "Redis
connection URL" and appropriate fallback notes) so startup_checks.py will warn
users if they forget to set them; edit the OPTIONAL_VARS tuple defined in
config/startup_checks.py to append these four tuples.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In `@docker-compose.yml`:
- Around line 38-46: Add the missing environment variable pass-throughs for
GITHUB_CLIENT_ID, GITHUB_CLIENT_SECRET, and LOG_LEVEL to the service's
environment block so values from the .env are available inside the container;
specifically, add entries referencing ${GITHUB_CLIENT_ID} and
${GITHUB_CLIENT_SECRET} and a LOG_LEVEL entry (with a sensible default like
info) alongside the existing variables (DEV_API_KEY, DEBUG, EMBEDDING_MODEL,
BACKEND_API_URL, etc.) to ensure GitHub OAuth and runtime log verbosity are
configurable without editing docker-compose.yml.
- Around line 100-102: The commented-out MCP server block still contains a stale
environment variable reference "- API_KEY=${API_KEY}"; update that commented
line in the MCP server block to either remove the stale API_KEY reference or
replace it with the current environment variable name used elsewhere (e.g., the
new key name used by the MCP service) so that uncommenting the service will not
inject the wrong variable; locate the commented line "- API_KEY=${API_KEY}" and
modify or delete it accordingly.

---

Nitpick comments:
In @.env.example:
- Around line 49-54: ENVIRONMENT is misplaced inside the Sentry block causing
logical grouping and linter UnorderedKey warnings; move the ENVIRONMENT variable
out of the Sentry section and place it alongside the runtime-mode vars such as
DEBUG and LOG_LEVEL, and also reorder the Sentry keys so
SENTRY_INCLUDE_LOCAL_VARS precedes SENTRY_SEND_PII and ENVIRONMENT precedes
SENTRY_DSN to satisfy alphabetical ordering; update the .env.example by
relocating ENVIRONMENT next to DEBUG/LOG_LEVEL and reordering SENTRY_DSN,
SENTRY_SEND_PII, and SENTRY_INCLUDE_LOCAL_VARS accordingly.
- Around line 24-28: The env group is out of alphabetical order and triggers
dotenv-linter; swap the two keys so that DEBUG comes before DEV_API_KEY (i.e.,
reorder the variables named DEBUG and DEV_API_KEY within the same
blank-line-separated block) to satisfy the linter and maintain the intended
comment semantics.

In `@backend/config/startup_checks.py`:
- Around line 21-32: OPTIONAL_VARS in startup_checks.py is missing four newly
introduced environment variables (DEV_API_KEY, DEBUG, LOG_LEVEL, REDIS_URL);
update the OPTIONAL_VARS list to include entries for each of these with a short
human-readable description and a fallback message (e.g., "Development API key",
"Debug mode", "Log level", "Redis connection URL" and appropriate fallback
notes) so startup_checks.py will warn users if they forget to set them; edit the
OPTIONAL_VARS tuple defined in config/startup_checks.py to append these four
tuples.

---

ℹ️ Review info

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a69f505 and efcd6a4.

📒 Files selected for processing (4)

• .env.example
• backend/config/startup_checks.py
• backend/tests/conftest.py
• docker-compose.yml

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

.env.example (1)

44-47: Consider adding REDIS_URL to startup checks.

Since REDIS_URL is now documented for hosted deployments, consider including it in backend/config/startup_checks.py optional warnings for parity.

➕ Optional startup_checks addition

 OPTIONAL_VARS: List[Tuple[str, str, str]] = [
     ("SUPABASE_SERVICE_ROLE_KEY", "Supabase service role key", "Using anon key as fallback"),
     ("COHERE_API_KEY", "Cohere API key for reranking", "Search reranking disabled"),
     ("VOYAGE_API_KEY", "Voyage AI key for code embeddings", "Using OpenAI embeddings"),
     ("SENTRY_DSN", "Sentry DSN for error tracking", "Error tracking disabled"),
     ("SENTRY_SEND_PII", "Send user emails to Sentry", "PII disabled (privacy safe)"),
     ("SENTRY_INCLUDE_LOCAL_VARS", "Include local vars in Sentry traces", "Local vars excluded"),
     ("REDIS_HOST", "Redis host for caching", "Using default localhost"),
+    ("REDIS_URL", "Redis URL for hosted deployments", "Using REDIS_HOST/REDIS_PORT"),
     ("GITHUB_CLIENT_ID", "GitHub OAuth client ID", "GitHub repo import disabled"),
     ("GITHUB_CLIENT_SECRET", "GitHub OAuth client secret", "GitHub repo import disabled"),
     ("DISCORD_FEEDBACK_WEBHOOK", "Discord webhook for feedback", "Feedback notifications disabled"),
 ]

Based on learnings: Add new required/optional environment variables to `config/startup_checks.py`.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.env.example around lines 44 - 47, The startup checks are missing REDIS_URL
as an optional environment variable; update the startup_checks module to include
REDIS_URL in the optional checks list and warning logic. Locate the function or
constant that defines optional env vars/warnings (e.g., OPTIONAL_ENV_VARS,
get_optional_env_warnings, or register_optional_checks) and add an entry for
REDIS_URL with a concise message recommending setting it for hosted deployments
(parity with .env.example); ensure the new check reads from os.environ and
surfaces a non-fatal warning rather than failing startup.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.env.example:
- Around line 24-28: Reorder keys in .env.example to satisfy dotenv-linter: move
DEBUG so it appears before DEV_API_KEY (i.e., put DEBUG line above DEV_API_KEY)
and ensure ENVIRONMENT is placed before any Sentry-related keys (e.g.,
SENTRY_DSN, SENTRY_ENVIRONMENT) so ENVIRONMENT precedes those; make the same
ordering change at the second occurrence mentioned (around the other block at
line ~54). Update only the key order, preserving values/comments.

In `@docker-compose.yml`:
- Around line 38-40: The backend docker-compose service is not passing LOG_LEVEL
through to the container even though backend/services/observability.py reads
LOG_LEVEL; update the service's environment block (the same block that contains
DEV_API_KEY, DEBUG and EMBEDDING_MODEL) to include LOG_LEVEL with a sensible
default (e.g. LOG_LEVEL=${LOG_LEVEL:-info}) so the container receives the
variable.

---

Nitpick comments:
In @.env.example:
- Around line 44-47: The startup checks are missing REDIS_URL as an optional
environment variable; update the startup_checks module to include REDIS_URL in
the optional checks list and warning logic. Locate the function or constant that
defines optional env vars/warnings (e.g., OPTIONAL_ENV_VARS,
get_optional_env_warnings, or register_optional_checks) and add an entry for
REDIS_URL with a concise message recommending setting it for hosted deployments
(parity with .env.example); ensure the new check reads from os.environ and
surfaces a non-fatal warning rather than failing startup.

---

ℹ️ Review info

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a69f505 and efcd6a4.

📒 Files selected for processing (4)

• .env.example
• backend/config/startup_checks.py
• backend/tests/conftest.py
• docker-compose.yml

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
opencodeintel	Ignored	Preview	Feb 24, 2026 1:55am