Self-Hosted Variables These variables are configured in your .env file or passed directly to docker compose.
Self-hosted deployments use a .env file alongside docker-compose.yml. See the install guide for the recommended setup path. Core Variable Required Default Description GITHUB_APP_IDYes — Numeric GitHub App ID from your app settings page GITHUB_PRIVATE_KEYYes — PEM-encoded RSA private key generated for the GitHub App GITHUB_WEBHOOK_SECRETYes — HMAC secret used to validate incoming webhook payloads DATABASE_URLYes — Postgres connection string, e.g. postgresql://user:pass@postgres:5432/mergewatch LLM_PROVIDERYes anthropicLLM backend to use: anthropic, litellm, bedrock, or ollama LLM_MODELNo — Override the default model for the selected provider PORTNo 3000Port the MergeWatch server listens on inside the container GITHUB_APP_SLUGNo — GitHub App slug, used to generate the installation link GITHUB_PRIVATE_KEY_FILENo — Path to PEM file — alternative to inline GITHUB_PRIVATE_KEY DASHBOARD_BASE_URLNo — Public base URL of the dashboard (e.g., https://dashboard.example.com). Read by the server to generate deep links in PR comments. DASHBOARD_URLNo http://localhost:3001Consumed by docker-compose.yml to set NEXTAUTH_URL on the dashboard container. Set when serving the dashboard on a public domain.
Provider-specific: Anthropic Variable Required Default Description ANTHROPIC_API_KEYIf LLM_PROVIDER=anthropic — API key from console.anthropic.com
Provider-specific: LiteLLM Variable Required Default Description LITELLM_BASE_URLIf LLM_PROVIDER=litellm — Base URL of your LiteLLM proxy, e.g. http://litellm:4000 LITELLM_API_KEYNo — Optional API key if your LiteLLM proxy requires authentication
Provider-specific: Ollama Variable Required Default Description OLLAMA_BASE_URLIf LLM_PROVIDER=ollama http://localhost:11434Base URL of the Ollama server
Provider-specific: AWS Bedrock Variable Required Default Description AWS_REGIONIf LLM_PROVIDER=bedrock — AWS region for Bedrock API calls AWS_ACCESS_KEY_IDIf LLM_PROVIDER=bedrock — AWS access key (or use an instance profile instead) AWS_SECRET_ACCESS_KEYIf LLM_PROVIDER=bedrock — AWS secret key (or use an instance profile instead)
If you run MergeWatch on an EC2 instance or ECS task with an IAM instance profile or task role that has Bedrock permissions, you can omit AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY. The AWS SDK will pick up credentials automatically.
Dashboard (Self-Hosted) The dashboard container runs on port 3001 (the Express server uses 3000). These variables are set on the dashboard service in docker-compose.yml.
Variable Required Default Description GITHUB_CLIENT_IDYes — OAuth client ID from your GitHub App’s OAuth Credentials section GITHUB_CLIENT_SECRETYes — OAuth client secret from your GitHub App NEXTAUTH_SECRETYes — Random secret for session signing (generate with openssl rand -base64 32) NEXTAUTH_URLNo http://localhost:3001Public URL the dashboard is served from. Docker Compose sets this from DASHBOARD_URL. DEPLOYMENT_MODENo self-hostedSet to saas to enable the billing UI.
SaaS Lambda Variables These variables are used internally by the MergeWatch SaaS infrastructure. They are documented here for reference only and are not user-configurable .
The SaaS deployment runs on AWS Lambda and does not use LLM_PROVIDER, DATABASE_URL, or any of the self-hosted provider variables. Bedrock access is handled via the Lambda execution role.
Core Lambda Variable Description DEPLOYMENT_MODEDeployment mode — saas or self-hosted. Gates billing and SaaS-only code paths. INSTALLATIONS_TABLEDynamoDB table name for GitHub App installations REVIEWS_TABLEDynamoDB table name for review records REVIEW_AGENT_FUNCTION_NAMEName of the ReviewAgent Lambda (the WebhookHandler invokes it async) DEFAULT_BEDROCK_MODEL_IDBedrock model used by the review agents (SAM parameter)
Billing Lambda (Stripe) Configured when DeploymentMode=saas. Credentials are pulled from SSM at deploy time — see BILLING_SETUP.md for details.
Variable Description STRIPE_SECRET_KEYStripe API secret key (from /mergewatch/{stage}/stripe-secret-key) STRIPE_WEBHOOK_SECRETStripe webhook signing secret (from /mergewatch/{stage}/stripe-webhook-secret) BILLING_API_SECRETShared secret for dashboard → BillingHandler auth (from /mergewatch/{stage}/billing-api-secret)
Dashboard (Amplify) env vars for SaaS mode Variable Description DEPLOYMENT_MODEsaas — toggles the billing UI in the dashboardBILLING_API_URLBillingUrl from SAM stack outputs (e.g., https://…/dev/billing)BILLING_API_SECRETSame value as above, read from SSM and set in Amplify
Next steps
Install Guide Set up MergeWatch with Docker Compose.
Commands Reference Manage your deployment with Docker and repo scripts.
