Skip to main content
Scopy is configured through environment variables. The API and web app have separate environment files in local setup, and production deployments should provide equivalent values through the host platform or container runtime.

API variables

The API validates configuration when the process starts.

Web variables

The web app reads Vite environment variables at build and runtime.

GitHub App settings

Your GitHub App should be configured with:
  • A callback URL that points back to the Scopy API auth flow.
  • A webhook URL that points to your public API.
  • A webhook secret matching GITHUB_APP_WEBHOOK_SECRET.
  • Repository access permissions needed to read pull request metadata, read changed files, and publish pull request feedback.
After installing the app on an account or organization, Scopy can only see repositories granted to that installation.

Model settings

Set either OPENROUTER_API_KEY or AI_GATEWAY_API_KEY before expecting reviews to run. If both are present, Scopy uses OpenRouter. If OpenRouter is absent, Scopy uses Vercel AI Gateway. REVIEW_MODEL controls the main reviewer model and REVIEW_VERIFIER_MODEL controls the verification pass used before findings are published. These keys are the platform default used for every workspace.

Bring-your-own-key storage

Workspaces can also supply their own OpenRouter or Vercel AI Gateway key (see Billing). To allow this on a self-hosted instance, set MASTER_ENCRYPTION_KEY, a base64 string of 32 random bytes used to encrypt stored keys at rest:
Treat this as a critical secret. If you lose it, stored keys become unreadable; if it leaks together with the database, they can be decrypted. Leave MASTER_ENCRYPTION_KEY unset if you don’t need per-workspace keys; reviews still run on the platform keys above. Set QDRANT_URL to enable semantic code search. When Qdrant is configured, Scopy can index repository chunks and retrieve related code during review. Leave it unset for a simpler deployment.

Documentation references

The worker crawls a built-in catalog of library documentation sources (plus any workspace custom sources) so reviews can cite official docs (see Documentation references). No configuration is required: the worker seeds and crawls the catalog on startup and re-checks daily, refreshing each source after DOCS_RECRAWL_INTERVAL_HOURS. Custom source URLs are validated before crawling: only public http(s) URLs are accepted, and hostnames that resolve to private or internal addresses are rejected. Documentation lookups during review run on DOCS_LIBRARIAN_MODEL and fall back to the verifier model when unset.