Site configuration
Site configuration defines how various Sourcegraph features behave. See the full reference below for a comprehensive list of site configuration options.
Configuration overview
Go here for an overview of configuring Sourcegraph.
View and edit site configuration
Site admins can view and edit site configuration on a Sourcegraph instance:
- Go to User menu > Site admin.
- Open the Configuration page. (The URL is
https://sourcegraph.example.com/site-admin/configuration.)
Reference
All site configuration options and their default values are shown below.
admin/config/site.schema.json
JSON{ "$schema": "http://json-schema.org/draft-07/schema#", "$id": "site.schema.json#", "title": "Site configuration", "description": "Configuration for a Sourcegraph site.", "allowComments": true, "type": "object", "additionalProperties": true, "properties": { "inventory": { "description": "Settings for repository language stats inventory", "type": "object", "additionalProperties": false, "properties": { "disableEnhancedLanguageDetection": { "description": "Disable more accurate but slower language detection that uses file contents.", "type": "boolean", "default": false }, "gitServerConcurrency": { "description": "Number of concurrent requests against the gitserver for getInventory requests. Higher concurrency means faster inventory, but more strain on gitserver.", "type": "integer", "minimum": 1, "maximum": 1000, "default": 4 }, "redisConcurrency": { "description": "Number of concurrent requests against the redis cache for getInventory requests. Higher concurrency means faster inventory, but more strain on redis cache.", "type": "integer", "minimum": 1, "maximum": 1000, "default": 20 }, "maxInventoryInMemory": { "description": "When computing the language stats, every nth iteration all loaded files are aggregated into the inventory to reduce the memory footprint. Increasing this value may make the computation run faster, but will require more memory.", "type": "integer", "minimum": 100, "maximum": 1000000, "default": 1000 }, "timeoutInMinutes": { "description": "Time in minutes before cancelling getInventory requests. Raise this if your repositories are large and need a long time to process.", "type": "integer", "minimum": 1, "maximum": 1440, "default": 5 } }, "examples": [ { "disableEnhancedLanguageDetection": false, "gitServerConcurrency": 4, "redisConcurrency": 20, "maxInventoryInMemory": 1000, "timeoutInMinutes": 5 } ] }, "ssc.apiBaseUrl": { "type": "string", "default": "https://accounts.sourcegraph.com/cody/api", "description": "The base URL of the Self-Serve Cody API." }, "ssc.samsHostName": { "type": "string", "default": "accounts.sourcegraph.com", "description": "The hostname of SAMS instance to connect." }, "search.index.symbols.enabled": { "description": "Whether indexed symbol search is enabled. This is contingent on the indexed search configuration, and is true by default for instances with indexed search enabled. Enabling this will cause every repository to re-index, which is a time consuming (several hours) operation. Additionally, it requires more storage and ram to accommodate the added symbols information in the search index.", "type": "boolean", "!go": { "pointer": true }, "group": "Search", "examples": [true] }, "search.index.shardConcurrency": { "description": "The number of threads each indexserver should use to index shards. If not set, indexserver will use the number of available CPUs. This is exposed as a safeguard and should usually not require being set.", "type": "integer", "group": "Search", "examples": ["10"] }, "search.largeFiles": { "description": "A list of file glob patterns where matching files will be indexed and searched regardless of their size. Files still need to be valid utf-8 to be indexed. The glob pattern syntax can be found here: https://github.com/bmatcuk/doublestar#patterns.", "type": "array", "items": { "type": "string" }, "group": "Search", "examples": [["go.sum", "package-lock.json", "**/*.thrift"]] }, "debug.search.symbolsParallelism": { "description": "(debug) controls the amount of symbol search parallelism. Defaults to 20. It is not recommended to change this outside of debugging scenarios. This option will be removed in a future version.", "type": "integer", "group": "Debug", "examples": ["20"] }, "cloneProgress.log": { "description": "Whether clone progress should be logged to a file. If enabled, logs are written to files in the OS default path for temporary files.", "type": "boolean", "default": false }, "defaultRateLimit": { "description": "The rate limit (in requests per hour) for the default rate limiter in the rate limiters registry. By default this is disabled and the default rate limit is infinity.", "type": "integer", "!go": { "pointer": true }, "default": -1 }, "RedirectUnsupportedBrowser": { "description": "Prompts user to install new browser for non es5", "type": "boolean", "default": false }, "rateLimits": { "type": "object", "additionalProperties": false, "properties": { "graphQLMaxDepth": { "description": "Maximum depth of nested objects allowed for GraphQL queries. Changes to this setting require a restart.", "type": "integer", "default": 30 }, "graphQLMaxAliases": { "description": "Maximum number of aliases allowed in a GraphQL query", "type": "integer", "default": 500 }, "graphQLMaxFieldCount": { "description": "Maximum number of estimated fields allowed in a GraphQL response", "type": "integer", "default": 500000 }, "graphQLMaxDuplicateFieldCount": { "description": "Maximum number of duplicate fields allowed in a GraphQL request", "type": "integer", "default": 500 }, "graphQLMaxUniqueFieldCount": { "description": "Maximum number of unique fields allowed in a GraphQL request", "type": "integer", "default": 500 } } }, "auth.passwordPolicy": { "type": "object", "additionalProperties": false, "description": "Enables and configures password policy. This will allow admins to enforce password complexity and length requirements.", "properties": { "enabled": { "description": "Enables password policy", "type": "boolean", "default": false }, "numberOfSpecialCharacters": { "description": "The required number of special characters", "type": "integer", "length": 2 }, "requireAtLeastOneNumber": { "description": "Does the password require a number", "type": "boolean", "default": true }, "requireUpperandLowerCase": { "description": "Require Mixed characters", "type": "boolean", "default": true } }, "examples": [ { "enabled": true, "numberOfSpecialCharacters": 1, "requireAtLeastOneNumber": true, "requireUpperandLowerCase": true } ] }, "experimentalFeatures": { "description": "Experimental features and settings.", "type": "object", "additionalProperties": true, "properties": { "commitGraphUpdates": { "description": "Customize strategy used for commit graph updates", "type": "object", "additionalProperties": false, "properties": { "defaultBranchOnly": { "description": "Disables precise code nav on non-default branches. Specify repo names using regex syntax.", "type": "array", "items": { "type": "string", "examples": ["github.com/myorg/huge-monorepo", "github.com/other-org/.*"] } } } }, "scipBasedAPIs": { "description": "Enable usage of new CodeGraph and usagesForSymbol APIs", "type": "boolean", "default": true, "_comment": "Keep default above in sync with NOTE(id: scip-based-apis-feature-flag)", "!go": { "pointer": true } }, "codyContextIgnore": { "description": "Enabled filtering of remote Cody context based on repositories ./cody/ignore file", "type": "boolean", "default": false, "!go": { "pointer": true } }, "searchJobs": { "description": "DEPRECATED. This setting is no longer read. To disable search jobs, set DISABLE_SEARCH_JOBS=true for the \"frontend\" and \"worker\" services", "type": "boolean", "default": false, "!go": { "pointer": true } }, "rateLimitAnonymous": { "description": "DEPRECATED: this setting was targeted at a specific incident is no longer read.", "type": "integer", "default": 500 }, "eventLogging": { "description": "Enables user event logging inside of the Sourcegraph instance. This will allow admins to have greater visibility of user activity, such as frequently viewed pages, frequent searches, and more. These event logs (and any specific user actions) are only stored locally, and never leave this Sourcegraph instance.", "type": "string", "enum": ["enabled", "disabled"], "default": "enabled" }, "passwordPolicy": { "description": "DEPRECATED: this is now a standard feature see: auth.passwordPolicy", "type": "object", "additionalProperties": false, "properties": { "enabled": { "description": "Enables password policy", "type": "boolean", "default": true }, "minimumLength": { "description": "DEPRECATED: replaced by auth.minPasswordLength", "type": "integer", "default": 12 }, "numberOfSpecialCharacters": { "description": "The required number of special characters", "type": "integer", "default": 2 }, "requireAtLeastOneNumber": { "description": "Does the password require a number", "type": "boolean", "default": true }, "requireUpperandLowerCase": { "description": "Require Mixed characters", "type": "boolean", "default": true } } }, "debug.log": { "description": "Turns on debug logging for specific debugging scenarios.", "type": "object", "additionalProperties": false, "properties": { "extsvc.gitlab": { "description": "Log GitLab API requests.", "type": "boolean", "default": false } }, "deprecationMessage": "Deprecated in favor of internal debug logging." }, "structuralSearch": { "description": "Enables structural search.", "type": "string", "enum": ["enabled", "disabled"], "default": "disabled" }, "perforceChangelistMapping": { "description": "Allow mapping of Perforce changelists to their commit SHAs in the DB", "type": "string", "enum": ["enabled", "disabled"], "default": "enabled" }, "goPackages": { "description": "Allow adding Go package host connections", "type": "string", "enum": ["enabled", "disabled"], "default": "disabled" }, "jvmPackages": { "description": "Allow adding JVM package host connections", "type": "string", "enum": ["enabled", "disabled"], "default": "disabled" }, "npmPackages": { "description": "Allow adding npm package code host connections", "type": "string", "enum": ["enabled", "disabled"], "default": "disabled" }, "pythonPackages": { "description": "Allow adding Python package code host connections", "type": "string", "enum": ["enabled", "disabled"], "default": "disabled" }, "rustPackages": { "description": "Allow adding Rust package code host connections", "type": "string", "enum": ["enabled", "disabled"], "default": "disabled" }, "rubyPackages": { "description": "Allow adding Ruby package host connections", "type": "string", "enum": ["enabled", "disabled"], "default": "disabled" }, "pagure": { "description": "Allow adding Pagure code host connections", "type": "string", "enum": ["enabled", "disabled"], "default": "disabled" }, "subRepoPermissions": { "type": "object", "additionalProperties": false, "if": { "properties": { "enforceIPRestrictions": { "const": true } }, "required": ["enforceIPRestrictions"] }, "then": { "properties": { "enabled": { "const": true } }, "required": ["enabled"] }, "properties": { "enabled": { "description": "Enables sub-repo permission checking", "type": "boolean", "default": false }, "redactInaccessibleCommits": { "description": "Redacts commits in the history that the user does not have access to instead of removing them from history. DO NOT USE THIS UNLESS EXPLICITLY ASKED FOR BY THE SOURCEGRAPH TEAM.", "type": "boolean", "default": false }, "userCacheSize": { "description": "The number of user permissions to cache", "type": "integer", "default": 1000, "minimum": 1 }, "userCacheTTLSeconds": { "description": "The TTL in seconds for cached user permissions", "type": "integer", "default": 10, "minimum": 1 }, "rulesInterpretationMode": { "description": "Controls how Perforce IP-based protection rules are interpreted. 'unified' (default) applies all rules regardless of proxy-prefix. 'directOnly' only applies rules without proxy- prefix. 'proxyOnly' only applies rules with proxy- prefix. Use this to align with your Perforce deployment model.", "type": "string", "enum": ["unified", "directOnly", "proxyOnly"], "default": "unified" }, "enforceIPRestrictions": { "description": "Enforces IP restrictions on sub-repo permissions. If true, relies on rightmost value X-FORWARDED-FOR header to determine the client IP address. You must configure your reverse proxy to set this header securely. Also incompoitable with the perforce ignoreRulesWithHost option.", "type": "boolean", "default": false }, "ipParseCacheSize": { "description": "The number of Perforce \"Host\" to IP addresses translations to cache", "type": "integer", "default": 1000, "minimum": 1 }, "allowCodeInsights": { "description": "Allow Code Insights to run on repositories that use sub-repo permissions", "type": "boolean", "default": false } } }, "tls.external": { "description": "Global TLS/SSL settings for Sourcegraph to use when communicating with code hosts.", "type": "object", "additionalProperties": false, "properties": { "insecureSkipVerify": { "description": "insecureSkipVerify controls whether a client verifies the server's certificate chain and host name.\nIf InsecureSkipVerify is true, TLS accepts any certificate presented by the server and any host name in that certificate. In this mode, TLS is susceptible to man-in-the-middle attacks.", "type": "boolean", "default": false }, "certificates": { "description": "TLS certificates to accept. This is only necessary if you are using self-signed certificates or an internal CA. Can be an internal CA certificate or a self-signed certificate. To get the certificate of a webserver run `openssl s_client -connect HOST:443 -showcerts < /dev/null 2> /dev/null | openssl x509 -outform PEM`. To escape the value into a JSON string, you may want to use a tool like https://json-escape-text.now.sh. NOTE: System Certificate Authorities are automatically included.", "type": "array", "items": { "type": "string", "pattern": "^-----BEGIN CERTIFICATE-----\n", "examples": ["-----BEGIN CERTIFICATE-----\n..."] } } } }, "customGitFetch": { "description": "JSON array of configuration that maps from Git clone URL domain/path to custom git fetch command. To enable this feature set environment variable `ENABLE_CUSTOM_GIT_FETCH` as `true` on gitserver.", "type": "array", "items": { "title": "CustomGitFetchMapping", "description": "Mapping from Git clone URl domain/path to git fetch command. The `domainPath` field contains the Git clone URL domain/path part. The `fetch` field contains the custom git fetch command.", "type": "object", "additionalProperties": false, "required": ["domainPath", "fetch"], "properties": { "domainPath": { "description": "Git clone URL domain/path", "type": "string" }, "fetch": { "description": "Git fetch command", "type": "string", "minLength": 1 } } }, "examples": [ [ { "domainPath": "somecodehost.com/path/to/repo", "fetch": "customgitbinary someflag" }, { "domainPath": "somecodehost.com/path/to/anotherrepo", "fetch": "customgitbinary someflag anotherflag" } ] ] }, "search.index.revisions": { "description": "An array of objects describing rules for extra revisions (branch, ref, tag, commit sha, etc) to be indexed for all repositories that match them. We always index the default branch (\"HEAD\") and revisions in version contexts. This allows specifying additional revisions. Sourcegraph can index up to 64 branches per repository.", "type": "array", "items": { "type": "object", "title": "SearchIndexRevisionsRule", "additionalProperties": false, "required": ["revisions"], "anyOf": [ { "required": ["name"] } ], "properties": { "name": { "description": "Regular expression which matches against the name of a repository (e.g. \"^github\\.com/owner/name$\").", "type": "string", "format": "regex" }, "revisions": { "description": "Revisions to index", "type": "array", "items": { "type": "string", "minLength": 1 } } } }, "examples": [ [ { "name": "^github.com/org/.*", "revisions": ["3.17", "f6ca985c27486c2df5231ea3526caa4a4108ffb6", "v3.17.1"] } ] ] }, "search.index.branches": { "description": "A map from repository name to a list of extra revs (branch, ref, tag, commit sha, etc) to index for a repository. We always index the default branch (\"HEAD\") and revisions in version contexts. This allows specifying additional revisions. Sourcegraph can index up to 64 branches per repository.", "type": "object", "additionalProperties": { "type": "array", "items": { "type": "string" }, "maxItems": 64 }, "examples": [ { "github.com/sourcegraph/sourcegraph": ["3.17", "f6ca985c27486c2df5231ea3526caa4a4108ffb6", "v3.17.1"], "name/of/repo": ["develop"] } ] }, "search.index.query.contexts": { "description": "Enables indexing of revisions of repos matching any query defined in search contexts.", "type": "boolean", "default": false }, "enablePermissionsWebhooks": { "description": "DEPRECATED: No longer has any effect.", "type": "boolean", "default": false, "!go": { "pointer": false } }, "enableStorm": { "description": "Enables the Storm frontend architecture changes.", "type": "boolean", "default": false, "!go": { "pointer": false } }, "ranking": { "description": "Experimental search result ranking options.", "type": "object", "properties": { "repoScores": { "description": "a map of URI directories to numeric scores for specifying search result importance, like {\"github.com\": 500, \"github.com/sourcegraph\": 300, \"github.com/sourcegraph/sourcegraph\": 100}. Would rank \"github.com/sourcegraph/sourcegraph\" as 500+300+100=900, and \"github.com/other/foo\" as 500.", "type": "object", "default": {}, "group": "Search", "additionalProperties": { "type": "number" } }, "maxReorderQueueSize": { "description": "DEPRECATED: This setting has no effect.", "default": 24, "type": "integer", "group": "Search", "!go": { "pointer": true } }, "maxQueueMatchCount": { "description": "DEPRECATED: This setting has no effect.", "default": -1, "type": "integer", "group": "Search", "!go": { "pointer": true } }, "maxQueueSizeBytes": { "description": "The maximum number of bytes that can be buffered to sort results. The default is -1 (unbounded). Setting this to a positive integer protects frontend against OOMs.", "default": -1, "type": "integer", "group": "Search", "!go": { "pointer": true } }, "maxReorderDurationMS": { "description": "DEPRECATED: This setting has no effect.", "type": "integer", "default": 0, "group": "Search" }, "flushWallTimeMS": { "description": "Controls the amount of time that Zoekt shards collect and rank results. Larger values give a more stable ranking, but searches can take longer to return an initial result.", "type": "integer", "default": 500, "group": "Search" } } }, "search.sanitization": { "description": "Allows site admins to specify a list of regular expressions representing matched content that should be omitted from search results. Also allows admins to specify the name of an organization within their Sourcegraph instance whose members are trusted and will not have their search results sanitized. Enable this feature by adding at least one valid regular expression to the value of the `sanitizePatterns` field on this object. Site admins will not have their searches sanitized.", "type": "object", "properties": { "sanitizePatterns": { "description": "An array of regular expressions representing matched content that should be omitted from search result events. This does not prevent users from accessing file contents through other means if they have read access. Values added to this array must be valid Go regular expressions. Site admins will not have their search results sanitized.", "type": "array", "items": { "type": "string", "format": "regex" } }, "orgName": { "description": "Optionally specify the name of an organization within this Sourcegraph instance containing users whose searches should not be sanitized. Admins: ensure that ALL members of this org are trusted users. If no org exists with the given name then there will be no effect. If no org name is specified then all non-admin users will have their searches sanitized if this feature is enabled.", "type": "string" } } }, "enableGithubInternalRepoVisibility": { "description": "Enable support for visibility of internal Github repositories", "type": "boolean", "default": false }, "gitServerPinnedRepos": { "description": "List of repositories pinned to specific gitserver instances. The specified repositories will remain at their pinned servers on scaling the cluster. If the specified pinned server differs from the current server that stores the repository, then it must be re-cloned to the specified server.", "type": "object", "additionalProperties": { "type": "string" }, "examples": [ { "github.com/foo/bar": "gitserverHostname", "github.com/foo/bar2": "gitserverHostname2" } ] }, "insightsAlternateLoadingStrategy": { "description": "Use an in-memory strategy of loading Code Insights. Should only be used for benchmarking on large instances, not for customer use currently.", "type": "boolean", "default": false }, "insightsBackfillerV2": { "description": "DEPRECATED: Setting any value to this flag has no effect.", "type": "boolean", "default": true, "!go": { "pointer": true } }, "insightsDataRetention": { "description": "Code insights data points beyond the sample size defined in the site configuration will be periodically archived", "type": "boolean", "default": true, "!go": { "pointer": true } }, "batchChanges.enablePerforce": { "description": "When enabled, batch changes will be executable on Perforce depots.", "type": "boolean", "group": "BatchChanges", "default": false }, "batchChanges.enableForkNameSuffix": { "description": "When enabled, batch changes will append a sequence of characters to new fork names to avoid name collisions. The sequence is unique per batch change. This does not apply to existing batch changes.", "type": "boolean", "group": "BatchChanges", "default": false }, "languageDetection": { "description": "Setting for customizing language detection behavior", "type": "object", "required": ["graphQL"], "additionalProperties": false, "properties": { "graphQL": { "description": "What to take into account for computing 'languages' for the GraphQL API. This setting indirectly affects client-side code attempting to determine languages, such as search-based code navigation and the files sidebar.", "type": "string", "enum": ["useFileContents", "useFileNamesOnly"], "default": "useFileContents" } } }, "codeintelSyntacticIndexing.enabled": { "description": "When enabled, syntactic indexing jobs will be scheduled for all enabled repos", "type": "boolean", "default": false }, "cody.auditLog": { "description": "Configuration for the Cody Audit Log", "type": "object", "properties": { "enabled": { "description": "Whether to enable the Cody Audit Log", "type": "boolean", "default": false } } }, "deepSearch.enabled": { "description": "Enable/disable the Deep Search feature", "type": "boolean", "!go": { "pointer": true }, "default": false }, "deepSearch.model": { "description": "The model reference to use for Deep Search.", "type": "string", "default": "anthropic::2024-10-22::claude-sonnet-4-latest", "deprecationMessage": "Configuring a custom model (BYOK) for Deep Search is deprecated." }, "deepSearch.sharing.enabled": { "description": "Enable/disable sharing of Deep Search conversations via read tokens", "type": "boolean", "!go": { "pointer": true }, "default": false } }, "examples": [ { "customGitFetch": [ { "domainPath": "somecodehost.com/path/to/repo", "fetch": "customgitbinary someflag" }, { "domainPath": "somecodehost.com/path/to/anotherrepo", "fetch": "customgitbinary someflag anotherflag" } ] }, { "tls.external": { "certificates": ["-----BEGIN CERTIFICATE-----\n..."], "insecureSkipVerify": true } } ], "group": "Experimental" }, "batchChanges.enabled": { "description": "Enables/disables the Batch Changes feature.", "type": "boolean", "!go": { "pointer": true }, "group": "BatchChanges", "default": true }, "batchChanges.enforceForks": { "description": "When enabled, all branches created by batch changes will be pushed to forks of the original repository.", "type": "boolean", "group": "BatchChanges", "default": false }, "batchChanges.restrictToAdmins": { "description": "When enabled, only site admins can create and apply batch changes.", "type": "boolean", "!go": { "pointer": true }, "group": "BatchChanges", "default": false }, "batchChanges.autoDeleteBranch": { "description": "Automatically delete branches created for Batch Changes changesets when the changeset is merged or closed, for supported code hosts. Overrides any setting on the repository on the code host itself.", "type": "boolean", "group": "BatchChanges", "default": false }, "batchChanges.rolloutWindows": { "description": "Specifies specific windows, which can have associated rate limits, to be used when reconciling published changesets (creating or updating). All days and times are handled in UTC.", "type": "array", "!go": { "pointer": true }, "group": "BatchChanges", "items": { "title": "BatchChangeRolloutWindow", "type": "object", "required": ["rate"], "additionalProperties": false, "properties": { "rate": { "description": "The rate changesets will be published at.", "oneOf": [ { "type": "number", "minimum": 0, "maximum": 0 }, { "type": "string", "pattern": "^(unlimited|[0-9]+/(sec|secs|second|seconds|min|mins|minute|minutes|hr|hrs|hour|hours))$" } ] }, "start": { "description": "Window start time. If omitted, no time window is applied to the day(s) that match this rule.", "type": "string", "pattern": "^[0-9]?[0-9]:[0-9]{2}$" }, "end": { "description": "Window end time. If omitted, no time window is applied to the day(s) that match this rule.", "type": "string", "pattern": "^[0-9]?[0-9]:[0-9]{2}$" }, "days": { "description": "Day(s) the window applies to. If omitted, this rule applies to all days of the week.", "type": "array", "items": { "type": "string", "pattern": "^([mM]on(day)?|[tT]ue(s|sday)?|[wW]ed(nesday)?|[tT]hu(r|rs|rsday)?|[fF]ri(day)?|[sS]at(urday)?|[sS]un(day)?)$" } } }, "dependencies": { "start": ["end"] } }, "examples": [ { "rate": "10/hour", "days": ["saturday", "sunday"], "start": "06:00", "end": "20:00" } ] }, "batchChanges.disableWebhooksWarning": { "description": "Hides Batch Changes warnings about webhooks not being configured.", "type": "boolean", "group": "BatchChanges", "default": false }, "batchChanges.templateLibrary.displayLimit": { "description": "Maximum number of batch spec templates to display in the template library UI. Default is 20.", "type": "integer", "minimum": 1, "maximum": 1000, "default": 20, "group": "BatchChanges" }, "batchChanges.changesetsRetention": { "description": "How long changesets will be retained after they have been detached from a batch change.", "type": "string", "group": "BatchChanges", "examples": ["336h", "48h", "5h30m40s"] }, "batchChanges.containerRegistryAllowlist": { "description": "A list of permitted container registries for use in batch changes, e.g., docker.io. If empty, all container registries are allowed. It cannot be used together with 'batchChanges.containerRegistryDenylist'", "type": "array", "items": { "type": "string" }, "examples": ["docker.io", "artifactory.acme.com"] }, "batchChanges.containerRegistryDenylist": { "description": "A list of forbidden container registries for use in batch changes, e.g., docker.io. If empty, all container registries are allowed. It cannot be used together with 'batchChanges.containerRegistryAllowlist'", "type": "array", "items": { "type": "string" }, "examples": ["docker.io", "artifactory.acme.com"] }, "codeIntelAutoIndexing.enabled": { "description": "Enables/disables the code intel auto-indexing feature. Currently experimental.", "type": "boolean", "!go": { "pointer": true }, "group": "Code intelligence", "default": false }, "codeIntelAutoIndexing.indexerMap": { "description": "Overrides the default Docker images used by auto-indexing.", "type": "object", "additionalProperties": { "type": "string" }, "group": "Code intelligence", "default": null, "examples": [ { "go": "sourcegraph/lsif-go:latest", "java": "sourcegraph/lsif-java:latest" } ] }, "codeIntelAutoIndexing.policyRepositoryMatchLimit": { "description": "The maximum number of repositories to which a single auto-indexing policy can apply. Default is -1, which is unlimited.", "type": "integer", "!go": { "pointer": true }, "group": "Code intelligence", "default": -1 }, "codeIntelAutoIndexing.allowGlobalPolicies": { "description": "Whether auto-indexing policies may apply to all repositories on the Sourcegraph instance. Default is false. The policyRepositoryMatchLimit setting still applies to such auto-indexing policies.", "type": "boolean", "!go": { "pointer": true }, "group": "Code intelligence", "default": false }, "corsOrigin": { "description": "Required when using any of the native code host integrations for Phabricator, GitLab, or Bitbucket Server. It is a space-separated list of allowed origins for cross-origin HTTP requests which should be the base URL for your Phabricator, GitLab, or Bitbucket Server instance.", "type": "string", "examples": ["https://my-phabricator.example.com https://my-bitbucket.example.com https://my-gitlab.example.com"], "pattern": "^((https?://[\\w-.]+)( https?://[\\w-.]+)*)|\\*$", "group": "Security" }, "lsifEnforceAuth": { "description": "Whether or not LSIF uploads will be blocked unless a valid LSIF upload token is provided.", "type": "boolean", "default": false, "group": "Security" }, "disableNonCriticalTelemetry": { "description": "DEPRECATED. Has no effect.", "type": "boolean", "default": false, "group": "Misc." }, "disableFeedbackSurvey": { "description": "Disable the feedback survey", "type": "boolean", "default": false, "group": "Misc." }, "disableAutoGitUpdates": { "description": "Disable periodically fetching git contents for existing repositories.", "type": "boolean", "default": false, "group": "External services" }, "disableAutoCodeHostSyncs": { "description": "Disable periodic syncs of configured code host connections (repository metadata, permissions, batch changes changesets, etc)", "type": "boolean", "default": false, "group": "External services" }, "gitUpdateInterval": { "description": "DEPRECATED: As of Sourcegraph 5.10, this option is no longer in use. Remove this block.", "deprecated": true, "deprecationMessage": "Deprecated because it's no longer supported. Sourcegraph relies on user traffic, webhooks, and heuristics now.", "type": "array", "items": { "title": "UpdateIntervalRule", "type": "object", "required": ["pattern", "interval"], "additionalProperties": false, "properties": { "pattern": { "description": "A regular expression matching a repo name", "type": "string", "minLength": 1 }, "interval": { "description": "An integer representing the number of minutes to wait until the next update", "type": "integer", "minimum": 1 } } }, "group": "External services", "examples": [ [ { "pattern": "^github.com/sourcegraph/.*", "interval": 5 }, { "pattern": "^bitbucket.org/.*", "interval": 10 } ] ] }, "disablePublicRepoRedirects": { "description": "DEPRECATED! Disable redirects to sourcegraph.com when visiting public repositories that can't exist on this server.", "type": "boolean", "group": "External services", "examples": [true], "deprecationMessage": "Deprecated because it's no longer supported and hasn't been working for a while." }, "git.cloneURLToRepositoryName": { "description": "JSON array of configuration that maps from Git clone URL to repository name. Sourcegraph automatically resolves remote clone URLs to their proper code host. However, there may be non-remote clone URLs (e.g., in submodule declarations) that Sourcegraph cannot automatically map to a code host. In this case, use this field to specify the mapping. The mappings are tried in the order they are specified and take precedence over automatic mappings.", "type": "array", "items": { "title": "CloneURLToRepositoryName", "description": "Describes a mapping from clone URL to repository name. The `from` field contains a regular expression with named capturing groups. The `to` field contains a template string that references capturing group names. For instance, if `from` is \"^../(?P<name>\\w+)$\" and `to` is \"github.com/user/{name}\", the clone URL \"../myRepository\" would be mapped to the repository name \"github.com/user/myRepository\".", "type": "object", "additionalProperties": false, "required": ["from", "to"], "properties": { "from": { "description": "A regular expression that matches a set of clone URLs. The regular expression should use the Go regular expression syntax (https://golang.org/pkg/regexp/) and contain at least one named capturing group. The regular expression matches partially by default, so use \"^...$\" if whole-string matching is desired.", "type": "string" }, "to": { "description": "The repository name output pattern. This should use `{matchGroup}` syntax to reference the capturing groups from the `from` field.", "type": "string" } } }, "group": "External services", "examples": [ [ { "from": "^../(?P<name>\\w+)$", "to": "github.com/user/{name}" } ] ] }, "gitLongCommandTimeout": { "description": "Maximum number of seconds that a long Git command (e.g. clone or remote update) is allowed to execute. The default is 7200 seconds, or 2 hours.", "type": "integer", "default": 7200, "group": "External services" }, "gitMaxConcurrentClones": { "description": "Maximum number of git clone processes that will be run concurrently per gitserver to update repositories. Note: the global git update scheduler respects gitMaxConcurrentClones. However, we allow each gitserver to run upto gitMaxConcurrentClones to allow for urgent fetches. Urgent fetches are used when a user is browsing a PR and we do not have the commit yet.", "type": "integer", "default": 5, "group": "External services" }, "gitMaxConcurrentCleanups": { "description": "Maximum number of git clone processes that will be run concurrently per gitserver to update repositories. <= 0 means disabled.", "type": "integer", "default": 5, "!go": { "pointer": true }, "group": "External services" }, "gitMaxCodehostRequestsPerSecond": { "description": "Maximum number of remote code host git operations (e.g. clone or ls-remote) to be run per second per gitserver. Default is -1, which is unlimited.", "type": "integer", "!go": { "pointer": true }, "default": -1, "group": "External services" }, "codeMonitors": { "description": "Configuration options for code monitors", "type": "object", "properties": { "pollInterval": { "description": "The interval at which a monitor checks for new changes. Increase to reduce average load.", "type": "string", "default": "5m" }, "concurrency": { "description": "The number of code monitor jobs allowed to run concurrently. Decrease to reduce peak load.", "type": "integer", "default": 4 }, "maxRuntime": { "description": "The maximum runtime in minutes per code monitor jobs. Increase if jobs time out consistently", "type": "integer", "default": 1 } } }, "syntaxHighlighting": { "title": "SyntaxHighlighting", "description": "Syntax highlighting configuration", "type": "object", "properties": { "engine": { "title": "SyntaxHighlightingEngine", "type": "object", "properties": { "default": { "description": "The default syntax highlighting engine to use", "type": "string", "enum": ["tree-sitter", "syntect", "scip-syntax"] }, "overrides": { "description": "Manually specify overrides for syntax highlighting engine per language", "type": "object", "additionalProperties": { "type": "string", "enum": ["tree-sitter", "syntect", "scip-syntax"] } } } }, "languages": { "title": "SyntaxHighlightingLanguage", "type": "object", "properties": { "extensions": { "description": "Map of extension to language", "type": "object", "additionalProperties": { "type": "string" } }, "patterns": { "description": "Map of patterns to language. Will return after first match, if any.", "type": "array", "items": { "title": "SyntaxHighlightingLanguagePatterns", "type": "object", "required": ["pattern", "language"], "properties": { "pattern": { "description": "Regular expression which matches the filepath", "type": "string", "format": "regex" }, "language": { "description": "Name of the language if pattern matches", "type": "string" } } } } } }, "symbols": { "title": "SymbolConfiguration", "description": "Configure symbol generation", "type": "object", "required": ["engine"], "properties": { "engine": { "description": "Manually specify overrides for symbol generation engine per language", "type": "object", "additionalProperties": { "type": "string", "enum": ["universal-ctags", "scip-ctags", "off"] } } } } }, "examples": [ { "engine": { "default": "tree-sitter", "overrides": { "go": "syntect" } }, "languages": { "extensions": { "go": "go", "ts": "typescript" }, "patterns": [ { "match": "cobol_.*\\.txt", "language": "cobol" } ] } } ] }, "repoListUpdateInterval": { "description": "Interval (in minutes) for checking code hosts (such as GitHub, Gitolite, etc.) for new repositories.", "type": "integer", "default": 1, "group": "External services" }, "repoConcurrentExternalServiceSyncers": { "description": "The number of concurrent external service syncers that can run.", "type": "integer", "default": 3, "group": "External services" }, "repoPurgeWorker": { "description": "Configuration for repository purge worker.", "type": "object", "group": "External services", "additionalProperties": false, "default": { "intervalMinutes": 15, "deletedTTLMinutes": 60 }, "properties": { "intervalMinutes": { "type": "integer", "description": "Interval in minutes at which to run purge jobs. Set to 0 to disable.", "default": "15", "minimum": 0 }, "deletedTTLMinutes": { "type": "integer", "description": "Repository TTL in minutes after deletion before it becomes eligible to be purged. A migration or admin could accidentally remove all or a significant number of repositories - recloning all of them is slow, so a TTL acts as a grace period so that admins can recover from accidental deletions", "default": "60", "minimum": 0 } } }, "scim.authToken": { "type": "string", "description": "The SCIM auth token is used to authenticate SCIM requests. If not set, SCIM is disabled.", "default": "", "group": "External services" }, "scim.identityProvider": { "type": "string", "enum": ["STANDARD", "Azure AD"], "description": "Identity provider used for SCIM support. \"STANDARD\" should be used unless a more specific value is available", "default": "STANDARD", "group": "External services" }, "maxReposToSearch": { "description": "DEPRECATED: Configure maxRepos in search.limits. The maximum number of repositories to search across. The user is prompted to narrow their query if exceeded. Any value less than or equal to zero means unlimited.", "type": "integer", "default": -1, "group": "Search" }, "search.limits": { "description": "Limits that search applies for number of repositories searched and timeouts.", "type": "object", "group": "Search", "additionalProperties": false, "properties": { "maxTimeoutSeconds": { "description": "The maximum value for \"timeout:\" that search will respect. \"timeout:\" values larger than maxTimeoutSeconds are capped at maxTimeoutSeconds. Note: You need to ensure your load balancer / reverse proxy in front of Sourcegraph won't timeout the request for larger values. Note: Too many large rearch requests may harm Soucregraph for other users. Note: Experimental search jobs do not respect this limit. Defaults to 1 minute.", "type": "integer", "default": "60", "minimum": 1 }, "maxRepos": { "description": "The maximum number of repositories to search across. The user is prompted to narrow their query if exceeded. Any value less than or equal to zero means unlimited.", "type": "integer", "default": -1 }, "commitDiffMaxRepos": { "description": "The maximum number of repositories to search across when doing a \"type:diff\" or \"type:commit\". The user is prompted to narrow their query if the limit is exceeded. There is a separate limit (commitDiffWithTimeFilterMaxRepos) when \"after:\" or \"before:\" is specified because those queries are faster. Defaults to 50.", "type": "integer", "default": 50, "minimum": 1 }, "commitDiffWithTimeFilterMaxRepos": { "description": "The maximum number of repositories to search across when doing a \"type:diff\" or \"type:commit\" with a \"after:\" or \"before:\" filter. The user is prompted to narrow their query if the limit is exceeded. There is a separate limit (commitDiffMaxRepos) when \"after:\" or \"before:\" is not specified because those queries are slower. Defaults to 10000.", "type": "integer", "default": 10000, "minimum": 1 } }, "examples": [ { "maxTimeoutSeconds": 60, "maxRepos": 200, "commitDiffMaxRepos": 50, "commitDiffWithTimeFilterMaxRepos": 5000 } ] }, "parentSourcegraph": { "description": "URL to fetch unreachable repository details from. Defaults to \"https://sourcegraph.com\"", "type": "object", "additionalProperties": false, "properties": { "url": { "type": "string", "default": "https://sourcegraph.com" } }, "group": "External services", "examples": [ { "url": "https://sourcegraph.example.com" } ] }, "auth.accessTokens": { "description": "Settings for access tokens, which enable external tools to access the Sourcegraph API with the privileges of the user.", "type": "object", "additionalProperties": false, "properties": { "allow": { "description": "Allow or restrict the use of access tokens. The default is \"all-users-create\", which enables all users to create access tokens. Use \"none\" to disable access tokens entirely. Use \"site-admin-create\" to restrict creation of new tokens to admin users (existing tokens will still work until revoked).", "type": "string", "enum": ["all-users-create", "site-admin-create", "none"], "default": "all-users-create" }, "allowNoExpiration": { "description": "Allows new tokens to be created without specifying an expiration.", "type": "boolean", "!go": { "pointer": true }, "default": true }, "expirationOptionDays": { "description": "Options users will see for the number of days until token expiration. The defaultExpirationDays will be added to the list if not already present.", "type": "array", "default": [7, 14, 30, 60, 90], "items": { "type": "integer", "maximum": 365, "minimum": 1 }, "examples": [[7, 14, 30, 60, 90]] }, "defaultExpirationDays": { "description": "The default duration selection when creating a new access token. This value will be added to the expirationOptionDays if it is not already present", "type": "integer", "!go": { "pointer": true }, "default": 90, "maximum": 365, "minimum": 1 }, "maxTokensPerUser": { "description": "The maximum number of active access tokens a user may have.", "type": "integer", "!go": { "pointer": true }, "default": 25, "maximum": 100, "minimum": 1 } }, "default": { "allow": "all-users-create", "allowNoExpiration": false, "expirationOptionDays": [7, 14, 30, 60, 90], "defaultExpirationDays": 90 }, "examples": [ { "allow": "site-admin-create", "allowNoExpiration": true, "expirationOptionDays": [7, 14, 30, 60, 90], "defaultExpirationDays": 90 }, { "allow": "none", "allowNoExpiration": false, "expirationOptionDays": [7, 14, 30, 60, 90], "defaultExpirationDays": 45 } ], "group": "Security" }, "auth.allowedIpAddress": { "description": "IP allowlist for access to the Sourcegraph instance. If set, only requests from these IP addresses will be allowed. By default client IP is infered connected client IP address, and you may configure to use a request header to determine the user IP.", "type": "object", "properties": { "enabled": { "description": "Whether to enable the IP allowlist.", "type": "boolean", "default": false }, "clientIpAddress": { "description": "List of client IP addresses to allow. If empty, all IP addresses are allowed. This is useful to restrict who can open connection with the Sorcegraph instance, e.g., the request source range of the upsteam application load balancer.", "type": "array", "items": { "type": "string" }, "examples": ["100.100.100.0/25", "23.34.56.21"] }, "trustedClientIpAddress": { "description": "List of trusted client IP addresses that will bypass user IP address check. If empty, nothing can be bypass. This is useful to support access from trusted internal services. It will always permit connection from `127.0.0.1`. You must include the IP range allocated for the Sourcegraph deployment services to allow inter-service communication, e.g., kubernetes pod ip range.", "type": "array", "items": { "type": "string" }, "examples": ["100.100.100.0/25", "23.34.56.21"] }, "userIpAddress": { "description": "List of user IP addresses to allow. If empty, all IP addresses are allowed.", "type": "array", "items": { "type": "string" }, "examples": ["100.100.100.0/25", "23.34.56.21"] }, "userIpRequestHeaders": { "description": "An optional list of case-insensitive request header names to use for resolving the callers user IP address. You must ensure that the header is coming from a trusted source. If the header contains multiple IP addresses, the right-most is used. If no IP is found from provided headers, the connected client IP address is used.", "type": "array", "items": { "type": "string" }, "examples": ["X-Forwarded-For", "X-Real-IP", "CF-Connecting-IP"] }, "errorMessageTemplate": { "description": "A template to customize the error message display to users on unauthorized access. Available template variables: `{{.Error}}`, `{{.UserIP}}`", "type": "string", "default": "Access from your IP address is not allowed.", "examples": [ "Please reach out to your Sourcegraph instance admin at admin@acme.com to unblock your IP address: {{.UserIP}}.", "{{.Error}}. Please reach out to your Sourcegraph instance admin at admin@acme.com to request access." ] } }, "group": "Security" }, "authz.enforceForSiteAdmins": { "description": "When true, site admins will only be able to see private code they have access to via our authz system.", "type": "boolean", "default": false }, "permissions.userMapping": { "description": "Settings for Sourcegraph explicit permissions, which allow the site admin to explicitly manage repository permissions via the GraphQL API. This will mark repositories as restricted by default.", "type": "object", "additionalProperties": false, "properties": { "enabled": { "description": "Whether permissions user mapping is enabled.", "type": "boolean", "default": false }, "bindID": { "description": "The type of identifier to identify a user. The default is \"email\", which uses the email address to identify a user. Use \"username\" to identify a user by their username. Changing this setting will erase any permissions created for users that do not yet exist.", "type": "string", "enum": ["email", "username"], "default": "email" } }, "default": { "enabled": true, "bindID": "email" }, "examples": [ { "bindID": "email" }, { "bindID": "username" } ], "group": "Security" }, "permissions.syncScheduleInterval": { "description": "Time interval (in seconds) of how often each component picks up authorization changes in external services.", "type": "integer", "default": 60 }, "permissions.syncOldestUsers": { "description": "Number of user permissions to schedule for syncing in single scheduler iteration.", "type": "integer", "default": 100, "!go": { "pointer": true } }, "permissions.syncOldestRepos": { "description": "Number of repo permissions to schedule for syncing in single scheduler iteration.", "type": "integer", "default": 100, "!go": { "pointer": true } }, "permissions.syncUsersBackoffSeconds": { "description": "Don't sync a user's permissions if they have synced within the last n seconds.", "type": "integer", "default": 900 }, "permissions.syncReposBackoffSeconds": { "description": "Don't sync a repo's permissions if it has synced within the last n seconds.", "type": "integer", "default": 900 }, "permissions.syncUsersMaxConcurrency": { "description": "The maximum number of user-centric permissions syncing jobs that can be spawned concurrently. Service restart is required to take effect for changes.", "type": "integer", "default": 5 }, "permissions.syncReposMaxConcurrency": { "description": "The maximum number of repo-centric permissions syncing jobs that can be spawned concurrently. Service restart is required to take effect for changes.", "type": "integer", "default": 5 }, "permissions.syncJobsHistorySize": { "description": "The number of last repo/user permission jobs to keep for history. Will be cleaned up occasionally to only keep the most recent N jobs.", "type": "integer", "default": 5, "minimum": 5, "!go": { "pointer": true } }, "permissions.syncJobCleanupInterval": { "description": "Time interval (in seconds) of how often cleanup worker should remove old jobs from permissions sync jobs table.", "type": "integer", "default": 3600, "minimum": 1 }, "contributorsDataEnabled": { "description": "Enables the computation of contributor statistics per author and repository. Will all commits of each repository initially, and then work on deltas.", "type": "boolean", "default": true, "!go": { "pointer": true }, "examples": [true] }, "branding": { "description": "Customize Sourcegraph homepage logo and search icon.", "type": "object", "additionalProperties": false, "properties": { "light": { "$ref": "#/definitions/BrandAssets" }, "dark": { "$ref": "#/definitions/BrandAssets" }, "favicon": { "description": "The URL of the favicon to be used for your instance. We recommend using the following file format: ICO", "type": "string", "format": "uri" }, "disableSymbolSpin": { "deprecationMessage": "No effect, symbol does not spin anymore.", "description": "Prevents the icon in the top-left corner of the screen from spinning on hover.", "type": "boolean", "default": false }, "brandName": { "description": "String to display everywhere the brand name should be displayed. Defaults to \"Sourcegraph\"", "type": "string", "default": "Sourcegraph" } }, "examples": [ { "favicon": "https://example.com/favicon.ico", "light": { "logo": "https://example.com/logo_light.png", "symbol": "https://example.com/search_symbol_light_24x24.png" }, "dark": { "logo": "https://example.com/logo_dark.png", "symbol": "https://example.com/search_symbol_dark_24x24.png" }, "disableSymbolSpin": true } ] }, "email.smtp": { "title": "SMTPServerConfig", "description": "The SMTP server used to send transactional emails.\nPlease see https://sourcegraph.com/docs/admin/config/email", "type": "object", "additionalProperties": false, "required": ["host", "port", "authentication"], "properties": { "host": { "description": "The SMTP server host.", "type": "string" }, "port": { "description": "The SMTP server port.", "type": "integer" }, "username": { "description": "The username to use when communicating with the SMTP server.", "type": "string" }, "password": { "description": "The password to use when communicating with the SMTP server.", "type": "string" }, "authentication": { "description": "The type of authentication to use for the SMTP server.", "type": "string", "enum": ["none", "PLAIN", "CRAM-MD5"] }, "domain": { "description": "The HELO domain to provide to the SMTP server (if needed).", "type": "string" }, "noVerifyTLS": { "description": "Disable TLS verification", "type": "boolean" }, "additionalHeaders": { "description": "Additional headers to include on SMTP messages that cannot be configured with other 'email.smtp' fields.", "type": "array", "items": { "title": "Header", "type": "object", "required": ["key", "value"], "additionalProperties": false, "properties": { "key": { "type": "string" }, "value": { "type": "string" }, "sensitive": { "type": "boolean" } }, "examples": [ { "key": "", "value": "" } ] } } }, "default": null, "examples": [ { "host": "smtp.example.com", "port": 465, "username": "alice", "password": "mypassword", "authentication": "PLAIN" } ], "group": "Email" }, "email.address": { "description": "The \"from\" address for emails sent by this server.\nPlease see https://sourcegraph.com/docs/admin/config/email", "type": "string", "format": "email", "group": "Email", "examples": ["noreply@sourcegraph.example.com"] }, "email.senderName": { "description": "The name to use in the \"from\" address for emails sent by this server.", "type": "string", "group": "Email", "default": "Sourcegraph", "examples": ["Our Company Sourcegraph", "Example Inc Sourcegraph"] }, "email.templates": { "description": "Configurable templates for some email types sent by Sourcegraph.", "type": "object", "properties": { "resetPassword": { "description": "Email sent on password resets. Available template variables: {{.Host}}, {{.Username}}, {{.URL}}", "$ref": "#/definitions/EmailTemplate" }, "setPassword": { "description": "Email sent on account creation, if a password reset URL is created. Available template variables: {{.Host}}, {{.Username}}, {{.URL}}", "$ref": "#/definitions/EmailTemplate" } }, "group": "Email", "examples": [ { "resetPassword": { "subject": "Reset your password on {{.Host}}", "body": "To reset your password on {{.Host}}, please click the link below:\n\n{{.URL}}\n\nIf you did not request a password reset, please ignore this email. Your password will not change until you click the link and set a new password." }, "setPassword": { "subject": "Set your password on {{.Host}}", "body": "To set your password on {{.Host}} and complete your account registration, please click the link below:\n\n{{.URL}}\n\nYour username is: {{.Username}}\n\nIf you did not sign up for an account on {{.Host}}, please ignore this email." } } ] }, "executors.frontendURL": { "description": "The URL where Sourcegraph executors can reach the Sourcegraph instance. If not set, defaults to externalURL. URLs with a path (other than `/`) are not allowed. For Docker executors, the special hostname `host.docker.internal` can be used to refer to the Docker container's host.", "type": "string", "examples": ["https://sourcegraph.example.com"] }, "executors.srcCLIImage": { "description": "The image to use for src-cli in executors. Use this value to pull from a custom image registry.", "type": "string", "default": "sourcegraph/src-cli" }, "executors.srcCLIImageTag": { "description": "The tag to use for the src-cli image in executors. Use this value to use a custom tag. Sourcegraph by default uses the best match, so use this setting only if you really need to overwrite it and make sure to keep it updated.", "type": "string", "examples": ["4.1.0"] }, "executors.lsifGoImage": { "description": "The tag to use for the lsif-go image in executors. Use this value to use a custom tag. Sourcegraph by default uses the best match, so use this setting only if you really need to overwrite it and make sure to keep it updated.", "type": "string", "examples": ["sourcegraph/lsif-go"] }, "executors.batcheshelperImage": { "description": "The image to use for batch changes in executors when using native execution. Use this value to pull from a custom image registry.", "type": "string", "default": "sourcegraph/batcheshelper" }, "executors.batcheshelperImageTag": { "description": "The tag to use for the batcheshelper image in executors when using native execution. Use this value to use a custom tag. Sourcegraph by default uses the best match, so use this setting only if you really need to overwrite it and make sure to keep it updated.", "type": "string", "examples": ["4.1.0"] }, "executors.accessToken": { "description": "The shared secret between Sourcegraph and executors. The value must contain at least 20 characters.", "type": "string", "pattern": "^(.{20,}|REDACTED)$", "examples": ["my-super-secret-access-token"] }, "executors.multiqueue": { "description": "The configuration for multiqueue executors.", "type": "object", "properties": { "dequeueCacheConfig": { "description": "The configuration for the dequeue cache of multiqueue executors. Each queue defines a limit of dequeues in the expiration window as well as a weight, indicating how frequently a queue is picked at random. For example, a weight of 4 for batches and 1 for codeintel means out of 5 dequeues, statistically batches will be picked 4 times and codeintel 1 time (unless one of those queues is at its limit).", "type": "object", "properties": { "batches": { "description": "The configuration for the batches queue.", "type": "object", "required": ["limit", "weight"], "properties": { "limit": { "description": "The maximum number of dequeues allowed within the expiration window.", "type": "integer", "default": 50 }, "weight": { "description": "The relative weight of this queue. Higher weights mean a higher chance of being picked at random.", "type": "integer", "default": 4 } } }, "codeintel": { "description": "The configuration for the codeintel queue.", "type": "object", "required": ["limit", "weight"], "properties": { "limit": { "description": "The maximum number of dequeues allowed within the expiration window.", "type": "integer", "default": 250 }, "weight": { "description": "The relative weight of this queue. Higher weights mean a higher chance of being picked at random.", "type": "integer", "default": 1 } } } } } } }, "auth.userOrgMap": { "description": "Ensure that matching users are members of the specified orgs (auto-joining users to the orgs if they are not already a member). Provide a JSON object of the form `{\"*\": [\"org1\", \"org2\"]}`, where org1 and org2 are orgs that all users are automatically joined to. Currently the only supported key is `\"*\"`.", "type": "object", "additionalProperties": { "type": "array", "items": { "type": "string" } }, "examples": [ { "*": ["myorg1"] } ], "hide": true }, "telemetry": { "description": "Configuration for application user telemetry.", "type": "object", "additionalProperties": false, "properties": { "disableLocalEventLogs": { "description": "Disable long-term local retention of user telemetry as 'event logs' entirely.", "type": "boolean", "default": false } } }, "log": { "description": "Configuration for logging and alerting, including to external services.", "type": "object", "additionalProperties": false, "properties": { "sentry": { "description": "Configuration for Sentry", "type": "object", "additionalProperties": false, "properties": { "dsn": { "description": "Sentry Data Source Name (DSN). Per the Sentry docs (https://docs.sentry.io/quickstart/#about-the-dsn), it should match the following pattern: '{PROTOCOL}://{PUBLIC_KEY}@{HOST}/{PATH}{PROJECT_ID}'.", "type": "string", "pattern": "^https?://" }, "backendDSN": { "description": "Sentry Data Source Name (DSN) for backend errors. Per the Sentry docs (https://docs.sentry.io/quickstart/#about-the-dsn), it should match the following pattern: '{PROTOCOL}://{PUBLIC_KEY}@{HOST}/{PATH}{PROJECT_ID}'.", "type": "string", "pattern": "^https?://" }, "codeIntelDSN": { "description": "Sentry Data Source Name (DSN) for code intel errors. Per the Sentry docs (https://docs.sentry.io/quickstart/#about-the-dsn), it should match the following pattern: '{PROTOCOL}://{PUBLIC_KEY}@{HOST}/{PATH}{PROJECT_ID}'.", "type": "string", "pattern": "^https?://" } }, "examples": [ { "sentry": { "dsn": "https://public_key@sentry.example.com/project_id", "backendDSN": "https://public_key@sentry.example.com/backend_project_id", "codeIntelDSN": "https://public_key@sentry.example.com/codeintel_project_id" } } ] }, "auditLog": { "description": "EXPERIMENTAL: Configuration for audit logging (specially formatted log entries for tracking sensitive events)", "type": "object", "additionalProperties": false, "properties": { "internalTraffic": { "description": "Capture security events performed by the internal traffic (adds significant noise).", "type": "boolean", "default": false }, "graphQL": { "description": "Capture GraphQL requests and responses as part of the audit log.", "type": "boolean", "default": false }, "gitserverAccess": { "description": "Capture gitserver access logs as part of the audit log.", "type": "boolean", "default": false }, "severityLevel": { "deprecationMessage": "No effect, audit logs are always set to SRC_LOG_LEVEL", "description": "DEPRECATED: No effect, audit logs are always set to SRC_LOG_LEVEL", "type": "string", "enum": ["DEBUG", "INFO", "WARN", "ERROR"] } }, "required": ["internalTraffic", "graphQL", "gitserverAccess"], "examples": [ { "internalTraffic": false, "graphQL": false, "gitserverAccess": false } ] } } }, "externalURL": { "description": "The externally accessible URL for Sourcegraph (i.e., what you type into your browser). Previously called `appURL`. Only root URLs are allowed.", "type": "string", "examples": ["https://sourcegraph.example.com"] }, "observability.client": { "description": "EXPERIMENTAL: Configuration for client observability", "type": "object", "additionalProperties": false, "properties": { "openTelemetry": { "description": "Configuration for the client OpenTelemetry exporter", "type": "object", "properties": { "endpoint": { "description": "OpenTelemetry tracing collector endpoint. By default, Sourcegraph's \"/-/debug/otlp\" endpoint forwards data to the configured collector backend.", "type": "string", "examples": ["/-/debug/otlp", "https://COLLECTOR_ENDPOINT"], "default": "/-/debug/otlp" }, "webVitalsInstrumentation": { "description": "Enable web vitals instrumentation.", "type": "boolean", "default": false } } } }, "examples": [ { "openTelemetry": { "endpoint": "/-/debug/otlp" } }, { "openTelemetry": { "endpoint": "https://opentelemetry.example.com" } } ] }, "observability.tracing": { "description": "Configures distributed tracing within Sourcegraph. To learn more, refer to https://sourcegraph.com/docs/admin/observability/tracing", "type": "object", "properties": { "sampling": { "description": "Determines the conditions under which distributed traces are recorded. \"none\" turns off tracing entirely. \"selective\" (default) sends traces whenever `?trace=1` is present in the URL (though background jobs may still emit traces). \"all\" sends traces on every request. Note that this only affects the behavior of the distributed tracing client. To learn more about additional sampling and traace export configuration with the default tracing type \"opentelemetry\", refer to https://sourcegraph.com/docs/admin/observability/opentelemetry#tracing ", "type": "string", "enum": ["selective", "all", "none"], "default": "selective" }, "type": { "description": "Determines what tracing provider to enable. For \"opentelemetry\", the required backend is an OpenTelemetry collector instance (deployed by default with Sourcegraph). For \"jaeger\", a Jaeger instance is required to be configured via Jaeger client environment variables: https://github.com/jaegertracing/jaeger-client-go#environment-variables", "type": "string", "enum": ["opentelemetry", "jaeger"], "default": "opentelemetry" }, "debug": { "description": "Turns on debug logging of tracing client requests. This can be useful for debugging connectivity issues between the tracing client and tracing backend, the performance overhead of tracing, and other issues related to the use of distributed tracing. May have performance implications in production.", "type": "boolean", "default": false }, "urlTemplate": { "description": "Template for linking to trace URLs - '{{ .TraceID }}' is replaced with the trace ID, and {{ .ExternalURL }} is replaced with the value of 'externalURL'. If none is set, no links are generated.", "type": "string", "examples": [ "https://ui.honeycomb.io/$ORG/environments/$DATASET/trace?trace_id={{ .TraceID }}", "https://console.cloud.google.com/traces/list?tid={{ .TraceID }}&project=$PROJECT", "https://$ORGANIZATION.grafana.net/explore?orgId=1&left=[\"now-1h\",\"now\",\"$DATASOURCE\",{\"query\":\"{{ .TraceID }}\",\"queryType\":\"traceId\"}]", "{{ .ExternalURL }}/-/debug/jaeger/trace/{{ .TraceID }}" ] } }, "examples": [ { "sampling": "selective", "type": "opentelemetry", "debug": false, "urlTemplate": "https://ui.honeycomb.io/$ORG/environments/$DATASET/trace?trace_id={{ .TraceID }}" }, { "sampling": "all", "type": "jaeger", "debug": true, "urlTemplate": "{{ .ExternalURL }}/-/debug/jaeger/trace/{{ .TraceID }}" } ] }, "observability.alerts": { "description": "Configure notifications for Sourcegraph's built-in alerts.", "type": "array", "items": { "type": "object", "required": ["level", "notifier"], "properties": { "level": { "description": "Sourcegraph alert level to subscribe to notifications for.", "type": "string", "enum": ["warning", "critical"] }, "notifier": { "type": "object", "properties": { "type": { "type": "string", "enum": ["slack", "pagerduty", "webhook", "email", "opsgenie"] } }, "oneOf": [ { "$ref": "#/definitions/NotifierSlack" }, { "$ref": "#/definitions/NotifierPagerduty" }, { "$ref": "#/definitions/NotifierWebhook" }, { "$ref": "#/definitions/NotifierEmail" }, { "$ref": "#/definitions/NotifierOpsGenie" } ], "!go": { "taggedUnionType": true } }, "disableSendResolved": { "description": "Disable notifications when alerts resolve themselves.", "type": "boolean", "default": false }, "owners": { "description": "Do not use. When set, only receive alerts owned by the specified teams. Used by Sourcegraph internally.", "type": "array", "items": { "type": "string" } } }, "default": { "level": "critical", "notifier": { "type": "" } } }, "examples": [ { "level": "critical", "notifier": { "type": "slack", "url": "https://hooks.slack.com/services/...", "channel": "#alerts" } }, { "level": "warning", "notifier": { "type": "email", "addresses": ["alerts@example.com"] } } ] }, "observability.silenceAlerts": { "description": "Silence individual Sourcegraph alerts by identifier.", "type": "array", "items": { "type": "string" }, "examples": [["warning_gitserver_disk_space_remaining"], ["critical_frontend_down", "warning_high_load"]] }, "observability.logSlowSearches": { "description": "(debug) logs all search queries (issued by users, code intelligence, or API requests) slower than the specified number of milliseconds.", "type": "integer", "group": "Debug", "examples": [10000] }, "observability.logSlowGraphQLRequests": { "description": "(debug) logs all GraphQL requests slower than the specified number of milliseconds.", "type": "integer", "group": "Debug", "examples": [10000] }, "observability.captureSlowGraphQLRequestsLimit": { "description": "(debug) Set a limit to the amount of captured slow GraphQL requests being stored for visualization. For defining the threshold for a slow GraphQL request, see observability.logSlowGraphQLRequests.", "type": "integer", "group": "Debug", "examples": [2000] }, "insights.backfill.interruptAfter": { "description": "Set the number of seconds an insight series will spend backfilling before being interrupted. Series are interrupted to prevent long running insights from exhausting all of the available workers. Interrupted series will be placed back in the queue and retried based on their priority.", "type": "integer", "group": "CodeInsights", "default": 60 }, "insights.backfill.repositoryGroupSize": { "description": "Set the number of repositories to batch in a group during backfilling.", "type": "integer", "group": "CodeInsights", "default": 10 }, "insights.backfill.repositoryConcurrency": { "description": "Number of repositories within the batch to backfill concurrently.", "type": "integer", "group": "CodeInsights", "default": 3, "maximum": 10, "minimum": 1 }, "insights.query.worker.concurrency": { "description": "Number of concurrent executions of a code insight query on a worker node", "type": "integer", "group": "CodeInsights", "default": 1, "examples": [10] }, "insights.query.worker.rateLimit": { "description": "Maximum number of Code Insights queries initiated per second on a worker node.", "type": "number", "group": "CodeInsights", "default": 20, "examples": [10.0, 0.5], "!go": { "pointer": true } }, "insights.query.worker.rateLimitBurst": { "description": "The allowed burst rate for the Code Insights queries per second rate limiter.", "type": "integer", "group": "CodeInsights", "default": 20, "examples": [10, 20] }, "insights.historical.worker.rateLimit": { "description": "Maximum number of historical Code Insights data frames that may be analyzed per second.", "type": "number", "group": "CodeInsights", "default": 20, "examples": [50.0, 0.5], "!go": { "pointer": true } }, "insights.historical.worker.rateLimitBurst": { "description": "The allowed burst rate for the Code Insights historical worker rate limiter.", "type": "integer", "group": "CodeInsights", "default": 20, "examples": [10, 20] }, "insights.aggregations.bufferSize": { "description": "The size of the buffer for aggregations ran in-memory. A higher limit might strain memory for the frontend", "type": "integer", "group": "CodeInsights", "default": 500 }, "insights.aggregations.proactiveResultLimit": { "description": "The maximum number of results a proactive search aggregation can accept before stopping", "type": "integer", "group": "CodeInsights", "default": 50000 }, "insights.maximumSampleSize": { "description": "The maximum number of data points that will be available to view for a series on a code insight. Points beyond that will be stored in a separate table and available for data export.", "type": "integer", "group": "CodeInsights", "default": 30, "maximum": 90, "examples": [12, 24, 50] }, "own.bestEffortTeamMatching": { "description": "The Own service will attempt to match a Team by the last part of its handle if it contains a slash and no match is found for its full handle.", "type": "boolean", "group": "Own", "!go": { "pointer": true }, "default": true }, "own.background.repoIndexConcurrencyLimit": { "description": "The max number of concurrent Own jobs that will run per worker node.", "type": "integer", "group": "Own", "default": 5 }, "own.background.repoIndexRateLimit": { "description": "The maximum per second rate of repositories for Own jobs per worker node.", "type": "integer", "group": "Own", "default": 20 }, "own.background.repoIndexRateBurstLimit": { "description": "The maximum per second burst of repositories for Own jobs per worker node. Generally this value should not be less than the max concurrency.", "type": "integer", "group": "Own", "default": 5 }, "htmlHeadTop": { "description": "HTML to inject at the top of the `<head>` element on each page, for analytics scripts. Requires env var ENABLE_INJECT_HTML=true.", "type": "string", "group": "Misc." }, "htmlHeadBottom": { "description": "HTML to inject at the bottom of the `<head>` element on each page, for analytics scripts. Requires env var ENABLE_INJECT_HTML=true.", "type": "string", "group": "Misc." }, "htmlBodyTop": { "description": "HTML to inject at the top of the `<body>` element on each page, for analytics scripts. Requires env var ENABLE_INJECT_HTML=true.", "type": "string", "group": "Misc." }, "htmlBodyBottom": { "description": "HTML to inject at the bottom of the `<body>` element on each page, for analytics scripts. Requires env var ENABLE_INJECT_HTML=true.", "type": "string", "group": "Misc." }, "licenseKey": { "description": "The license key associated with a Sourcegraph product subscription, which is necessary to activate Sourcegraph Enterprise functionality. To obtain this value, contact Sourcegraph to purchase a subscription. To escape the value into a JSON string, you may want to use a tool like https://json-escape-text.now.sh.", "type": "string", "group": "Sourcegraph Enterprise license" }, "gitHubApp": { "description": "DEPRECATED: The config options for Sourcegraph GitHub App.", "type": "object", "properties": { "slug": { "description": "The slug of the GitHub App for Sourcegraph.", "type": "string" }, "appID": { "description": "The app ID of the GitHub App for Sourcegraph.", "type": "string" }, "privateKey": { "description": "The base64-encoded private key of the GitHub App for Sourcegraph.", "type": "string" }, "clientID": { "type": "string", "description": "The Client ID of the GitHub App for Sourcegraph, accessible from https://github.com/settings/apps ." }, "clientSecret": { "type": "string", "description": "The Client Secret of the GitHub App for Sourcegraph, accessible from https://github.com/settings/apps ." } }, "examples": [ { "slug": "sourcegraph", "appID": "1234", "privateKey": "base64-encoded-private-key", "clientID": "client-id", "clientSecret": "client-secret" } ] }, "gitRecorder": { "description": "Record git operations that are executed on configured repositories.", "type": "object", "properties": { "size": { "description": "Defines how many recordings to keep. Once this size is reached, the oldest entry will be removed.", "type": "integer", "default": 10000, "minimum": 1, "maximum": 10000 }, "repos": { "description": "List of repositories whose git operations should be recorded. To record commands on all repositories, simply pass in an asterisk as the only item in the array.", "type": "array", "items": { "type": "string" } }, "ignoredGitCommands": { "description": "List of git commands that should be ignored and not recorded.", "type": "array", "items": { "type": "string" }, "default": ["show", "rev-parse", "log", "diff", "ls-tree"] } }, "examples": [ { "size": 1000, "repos": ["github.com/sourcegraph/sourcegraph", "github.com/gorilla/mux"], "ignoredGitCommands": ["show", "rev-parse", "log", "diff", "ls-tree"] } ] }, "batchChanges.rejectUnverifiedCommit": { "description": "Reject unverified commits when creating a Batch Change", "type": "boolean", "default": false, "!go": { "pointer": true } }, "gitserver.diskUsageWarningThreshold": { "description": "Disk usage threshold at which to display warning notification. Value is a percentage.", "type": "integer", "default": 90, "!go": { "pointer": true } }, "dotcom": { "description": "Configuration options for Sourcegraph.com only.", "type": "object", "properties": { "sams.server": { "type": "string", "description": "The server URL for SAMS production instance." }, "sams.clientID": { "type": "string", "description": "The clientID for SAMS production instance." }, "sams.clientSecret": { "type": "string", "description": "The clientSecret for SAMS production instance." }, "samsDev.server": { "type": "string", "description": "The server URL for SAMS development instance.", "default": "https://accounts.sgdev.org" }, "samsDev.clientID": { "type": "string", "description": "The clientID for SAMS development instance." }, "samsDev.clientSecret": { "type": "string", "description": "The clientSecret for SAMS development instance." }, "enterprisePortal.enableProxies": { "type": "boolean", "default": true, "!go": { "pointer": true }, "description": "Whether to enable Enterprise Portal auth proxies for site admins." }, "srcCliVersionCache": { "description": "Configuration related to the src-cli version cache. This should only be used on sourcegraph.com.", "type": "object", "required": ["enabled", "github"], "group": "Sourcegraph.com", "properties": { "enabled": { "description": "Enables the src-cli version cache API endpoint.", "type": "boolean", "default": false }, "github": { "description": "GitHub configuration, both for queries and receiving release webhooks.", "type": "object", "required": ["token", "webhookSecret"], "properties": { "repository": { "description": "The repository to get the latest version of.", "type": "object", "properties": { "owner": { "description": "The repository namespace.", "type": "string", "default": "sourcegraph" }, "name": { "description": "The repository name.", "type": "string", "default": "src-cli" } } }, "token": { "description": "The access token to use when communicating with GitHub.", "type": "string" }, "uri": { "description": "The URI of the GitHub instance.", "type": "string", "default": "https://github.com" }, "webhookSecret": { "description": "The release webhook secret.", "type": "string" } } }, "interval": { "description": "The interval between version checks, expressed as a string that can be parsed by Go's time.ParseDuration.", "type": "string", "default": "1h" } } }, "codyGateway": { "description": "Configuration related to the Cody Gateway service management. This should only be used on sourcegraph.com.", "type": "object", "group": "Sourcegraph.com", "properties": { "bigQueryGoogleProjectID": { "description": "The project ID to pull BigQuery Cody Gatewayrelated events from.", "type": "string" }, "bigQueryDataset": { "description": "The dataset to pull BigQuery Cody Gateway related events from.", "type": "string" }, "bigQueryTable": { "description": "The table in the dataset to pull BigQuery Cody Gateway related events from.", "type": "string" } } }, "codyProConfig": { "type": "object", "additionalProperties": false, "properties": { "stripePublishableKey": { "type": "string", "default": null, "description": "Stripe Publishable Key for use in Stripe Checkout, Stripe Elements. This is not considered a secret.", "examples": ["pk_test_...", "pk_live_..."] }, "samsBackendOrigin": { "type": "string", "default": "", "description": "Origin of the SAMS backend. (Must match the SAMS OIDC registration in auth.providers.)", "examples": ["https://accounts.sourcegraph.com"] }, "sscBackendOrigin": { "type": "string", "default": "", "description": "Origin of the Self-serve Cody backend.", "examples": ["https://accounts.sourcegraph.com"] }, "sscBaseUrl": { "type": "string", "default": "https://accounts.sourcegraph.com/cody", "description": "The base URL of the Self-Serve Cody site." }, "useEmbeddedUI": { "type": "boolean", "default": false, "description": "Whether Cody Pro UI is served from sourcegraph.com. If false, users are directed to https://accounts.sourcegraph.com/cody to manage their Cody Pro subscription." } } } }, "group": "Sourcegraph.com" }, "notifications": { "description": "Notifications recieved from Sourcegraph.com to display in Sourcegraph.", "type": "array", "items": { "type": "object", "required": ["key", "message"], "properties": { "key": { "description": "e.g. '2023-03-10-my-key'; MUST START WITH YYYY-MM-DD; a globally unique key used to track whether the message has been dismissed.", "type": "string", "minLength": 1 }, "message": { "description": "The Markdown message to display", "type": "string", "minLength": 1 } } }, "examples": [ { "key": "2023-03-10-my-key", "message": "This is a test notification message." } ] }, "auth.providers": { "description": "The authentication providers to use for identifying and signing in users. See instructions below for configuring SAML, OpenID Connect (including Google Workspace), and HTTP authentication proxies. Multiple authentication providers are supported (by specifying multiple elements in this array).", "type": "array", "items": { "required": ["type"], "properties": { "type": { "type": "string", "enum": [ "azureDevOps", "bitbucketcloud", "bitbucketserver", "builtin", "gerrit", "github", "gitlab", "http-header", "openidconnect", "saml" ] } }, "oneOf": [ { "$ref": "#/definitions/AzureDevOpsAuthProvider" }, { "$ref": "#/definitions/BitbucketCloudAuthProvider" }, { "$ref": "#/definitions/BitbucketServerAuthProvider" }, { "$ref": "#/definitions/BuiltinAuthProvider" }, { "$ref": "#/definitions/GerritAuthProvider" }, { "$ref": "#/definitions/GitHubAuthProvider" }, { "$ref": "#/definitions/GitLabAuthProvider" }, { "$ref": "#/definitions/HTTPHeaderAuthProvider" }, { "$ref": "#/definitions/OpenIDConnectAuthProvider" }, { "$ref": "#/definitions/SAMLAuthProvider" } ], "!go": { "taggedUnionType": true } }, "group": "Authentication", "default": [ { "type": "builtin", "allowSignup": true } ] }, "auth.sessionExpiry": { "type": "string", "description": "The maximum duration of a user session, after which it expires and the user is required to re-authenticate. The default is 90 days. Must be at least 1 hour. There is typically no need to set this, but some users may have specific internal security requirements.\n\nThe string format is that of the Duration type in the Go time package (https://golang.org/pkg/time/#ParseDuration). E.g., \"720h\", \"43200m\", \"2592000s\" all indicate a timespan of 30 days.", "default": "2160h", "examples": ["168h"], "group": "Authentication" }, "auth.maxSessionIdleDuration": { "type": "string", "description": "The maximum duration a user session may be idle (not making any requests), after which it expires and the user is required to re-authenticate. Must be at least 1 hour. Defaults to no idle expiry.", "default": "0", "examples": ["2h"], "group": "Authentication" }, "auth.enableUsernameChanges": { "description": "Enables users to change their username after account creation. Warning: setting this to be true has security implications if you have enabled (or will at any point in the future enable) repository permissions with an option that relies on username equivalency between Sourcegraph and an external service or authentication provider. Do NOT set this to true if you are using non-built-in authentication OR rely on username equivalency for repository permissions.", "type": "boolean", "default": false, "group": "Authentication" }, "auth.minPasswordLength": { "description": "The minimum number of Unicode code points that a password must contain.", "type": "integer", "default": 12, "group": "Authentication" }, "auth.passwordResetLinkExpiry": { "description": "The duration (in seconds) that a password reset link is considered valid.", "type": "integer", "default": 14400, "group": "Authentication" }, "auth.lockout": { "description": "The config options for account lockout", "type": "object", "properties": { "failedAttemptThreshold": { "description": "The threshold of failed sign-in attempts in a consecutive period", "type": "integer", "default": 5 }, "lockoutPeriod": { "description": "The number of seconds for the lockout period", "type": "integer", "default": 1800 }, "consecutivePeriod": { "description": "The number of seconds to be considered as a consecutive period", "type": "integer", "default": 3600 } }, "examples": [ { "failedAttemptThreshold": 3, "lockoutPeriod": 600, "consecutivePeriod": 300 } ], "group": "Authentication" }, "auth.unlockAccountLinkSigningKey": { "description": "Base64-encoded HMAC signing key to sign the JWT token for account unlock URLs", "type": "string", "group": "Authentication", "examples": [ "LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KYjNCbGJuTnphQzFyWlhrdGRqRUFBQUFBQkc1dmJtVUFBQUFFYm05dVpRQUFBQUFBQUFBQkFBQUJGZ0FBQUhVQkFBQQ" ] }, "auth.unlockAccountLinkExpiry": { "description": "Validity expressed in minutes of the unlock account token", "type": "integer", "group": "Authentication", "default": 5 }, "auth.accessRequest": { "description": "The config options for access requests", "type": "object", "group": "Authentication", "properties": { "enabled": { "description": "Enable/disable the access request feature, which allows users to request access if built-in signup is disabled.", "type": "boolean", "!go": { "pointer": true }, "default": true } }, "examples": [ { "enabled": true }, { "enabled": false } ] }, "auth.primaryLoginProvidersCount": { "description": "The number of auth providers that will be shown to the user on the login screen. Other providers are shown under `Other login methods` section.", "type": "integer", "group": "Authentication", "default": 3 }, "update.channel": { "description": "The channel on which to automatically check for Sourcegraph updates.", "type": ["string"], "enum": ["release", "none"], "default": "release", "examples": ["none"], "group": "Misc." }, "productResearchPage.enabled": { "description": "Enables users access to the product research page in their settings.", "type": "boolean", "!go": { "pointer": true }, "group": "Misc.", "default": true }, "encryption.keys": { "description": "Configuration for encryption keys used to encrypt data at rest in the database.", "type": "object", "properties": { "enableCache": { "description": "enable LRU cache for decryption APIs", "type": "boolean", "default": false }, "cacheSize": { "description": "number of values to keep in LRU cache", "type": "integer", "default": 2048 }, "batchChangesCredentialKey": { "$ref": "#/definitions/EncryptionKey" }, "externalServiceKey": { "$ref": "#/definitions/EncryptionKey" }, "gitHubAppKey": { "$ref": "#/definitions/EncryptionKey" }, "outboundWebhookKey": { "$ref": "#/definitions/EncryptionKey" }, "userExternalAccountKey": { "$ref": "#/definitions/EncryptionKey" }, "webhookLogKey": { "$ref": "#/definitions/EncryptionKey" }, "webhookKey": { "$ref": "#/definitions/EncryptionKey" }, "executorSecretKey": { "$ref": "#/definitions/EncryptionKey" } }, "examples": [ { "externalServiceKey": { "type": "mounted", "filePath": "/path/to/external_service.key" } }, { "userExternalAccountKey": { "type": "cloudkms", "keyname": "projects/my-project/locations/global/keyRings/my-keyring/cryptoKeys/my-key" } } ] }, "webhook.logging": { "description": "Configuration for logging incoming webhooks.", "type": "object", "properties": { "enabled": { "description": "Whether incoming webhooks are logged. If omitted, logging is enabled on sites without encryption. If one or more encryption keys are present, this setting must be enabled manually; as webhooks may contain sensitive data, admins of encrypted sites may want to enable webhook encryption via encryption.keys.webhookLogKey.", "type": "boolean", "!go": { "pointer": true } }, "retention": { "description": "How long incoming webhooks are retained. The string format is that of the Duration type in the Go time package (https://golang.org/pkg/time/#ParseDuration). Values lower than 1 hour will be treated as 1 hour. By default, this is \"72h\", or three days.", "type": "string", "default": "72h" } }, "examples": [ { "enabled": true, "retention": "7d" } ] }, "outboundRequestLogLimit": { "description": "The maximum number of outbound requests to retain. This is a global limit across all outbound requests. If the limit is exceeded, older items will be deleted. If the limit is 0, no outbound requests are logged.", "type": "integer", "minimum": 0, "default": 50, "maximum": 500 }, "redactOutboundRequestHeaders": { "description": "Enables redacting sensitive information from outbound requests. Important: We only respect this setting in development environments. In production, we always redact outbound requests.", "type": "boolean", "!go": { "pointer": true }, "examples": [true] }, "organizationInvitations": { "description": "Configuration for organization invitations.", "type": "object", "required": ["signingKey"], "properties": { "expiryTime": { "description": "Time before the invitation expires, in hours (experimental, not enforced at the moment).", "type": "integer", "default": 48 }, "signingKey": { "description": "Base64 encoded HMAC Signing key to sign a JWT token, which is attached to each invitation URL.\nMore documentation here: https://pkg.go.dev/github.com/golang-jwt/jwt#SigningMethodHMAC \n\nIf not provided, will fall back to legacy invitation to an organization.\n\nThe legacy invitation will be deprecated in the future and creating an organization invitation will fail with an error if this setting is not present.", "type": "string" } }, "examples": [ { "expiryTime": 48, "signingKey": "your-signing-key" } ] }, "cody.enabled": { "description": "Enable or disable Cody instance-wide. When Cody is disabled, all Cody endpoints and GraphQL queries will return errors, Cody will not show up in the site-admin sidebar, and Cody in the global navbar will only show a call-to-action for site-admins to enable Cody.", "type": "boolean", "default": false, "!go": { "pointer": true }, "group": "Cody" }, "cody.contextFilters": { "description": "Rules defining the repositories that will never be shared by Cody with third-party LLM providers.", "type": "object", "properties": { "include": { "description": "List of rules specifying repositories that Cody may include as context in requests to third-party LLMs. If defined, only repositories matching these rules will be considered for sharing. If not defined, all repositories may be shared.", "type": "array", "items": { "$ref": "#/definitions/CodyContextFilterItem" }, "minItems": 1 }, "exclude": { "description": "List of rules specifying repositories that Cody should excluded from context in requests to third-party LLMs. These rules are applied only to repositories matching the include rules.", "type": "array", "items": { "$ref": "#/definitions/CodyContextFilterItem" }, "minItems": 1 } }, "minProperties": 1, "additionalProperties": false, "group": "Cody" }, "cody.permissions": { "description": "Whether to enable Cody role-based access controls. Only respected if cody.restrictUsersFeatureFlag is not set. See https://sourcegraph.com/docs/admin/access_control", "type": "boolean", "default": true, "!go": { "pointer": true }, "group": "Cody" }, "cody.restrictUsersFeatureFlag": { "description": "DEPRECATED; see cody.permissions instead. PRIOR DESCRIPTION: Cody to only be enabled for users that have a feature flag labeled \"cody\" set to true. You must create a feature flag with this ID after enabling this setting: https://www.notion.so/sourcegraph/How-to-use-feature-flags-70f42bcacd9045d4a55de22f5dd87df0?source=copy_link. This setting only has an effect if cody.enabled is true.", "type": "boolean", "default": false, "!go": { "pointer": true }, "group": "Cody" }, "embeddings": { "deprecationMessage": "Deprecated changes to this section will not be respected.", "description": "Configuration for embeddings service.", "type": "object", "properties": { "enabled": { "description": "Toggles whether embedding service is enabled.", "type": "boolean", "!go": { "pointer": true }, "default": true }, "dimensions": { "description": "The dimensionality of the embedding vectors. Required field if not using the sourcegraph provider.", "type": "integer", "minimum": 0 }, "model": { "description": "The model used for embedding. A default model will be used for each provider, if not set.", "type": "string" }, "accessToken": { "description": "The access token used to authenticate with the external embedding API service. For provider sourcegraph, this is optional.", "type": "string" }, "provider": { "type": "string", "description": "The provider to use for generating embeddings. Defaults to sourcegraph.", "enum": ["openai", "azure-openai", "sourcegraph"] }, "endpoint": { "type": "string", "description": "The endpoint under which to reach the provider. Sensible default will be used for each provider.", "format": "uri" }, "url": { "description": "The url to the external embedding API service. Deprecated, use endpoint instead.", "type": "string", "format": "uri" }, "perCommunityUserEmbeddingsMonthlyLimit": { "description": "If > 0, limits the number of tokens allowed to be embedded by a Community user in a month. This is for Self-serve Cody and applies to Dotcom only.", "type": "integer", "default": 0 }, "perProUserEmbeddingsMonthlyLimit": { "description": "If > 0, limits the number of tokens allowed to be embedded by a Pro user in a month. This is for Self-serve Cody and applies to Dotcom only.", "type": "integer", "default": 0 }, "fileFilters": { "description": "Filters that allow you to specify which files in a repository should get embedded.", "type": "object", "properties": { "excludedFilePathPatterns": { "description": "A list of glob patterns that match file paths you want to exclude from embeddings. This is useful to exclude files with low information value (e.g., SVG files, test fixtures, mocks, auto-generated files, etc.).", "type": "array", "items": { "type": "string" }, "default": [ ".*ignore", ".gitattributes", ".mailmap", "*.csv", "*.svg", "*.xml", "__fixtures__/", "node_modules/", "testdata/", "mocks/", "vendor/" ] }, "includedFilePathPatterns": { "description": "A list of glob patterns that match file paths you want to include in embeddings. If specified, all files not matching these include patterns are excluded.", "type": "array", "items": { "type": "string" }, "examples": ["*.go", "*.ts", "*.md", "src/", "cmd/"] }, "maxFileSizeBytes": { "description": "The maximum file size (in bytes) to include in embeddings. Must be between 0 and 100000 (1 MB).", "type": "integer", "default": 1000000 } } }, "excludedFilePathPatterns": { "description": "A list of glob patterns that match file paths you want to exclude from embeddings. This is useful to exclude files with low information value (e.g., SVG files, test fixtures, mocks, auto-generated files, etc.).", "type": "array", "items": { "type": "string" }, "default": [ ".*ignore", ".gitattributes", ".mailmap", "*.csv", "*.svg", "*.xml", "__fixtures__/", "node_modules/", "testdata/", "mocks/", "vendor/" ], "deprecationMessage": "Deprecated in favor of fileFilers.excludedFilePathPatterns" }, "maxEmbeddingsPerRepo": { "description": "The maximum number of embeddings to generate per repo", "type": "integer", "minimum": 0 }, "incremental": { "description": "Whether to generate embeddings incrementally. If true, only files that have changed since the last run will be processed.", "type": "boolean", "!go": { "pointer": true }, "default": true }, "minimumInterval": { "description": "The time to wait between runs. Valid time units are \"s\", \"m\", \"h\". Example values: \"30s\", \"5m\", \"1h\".", "type": "string", "default": "24h" }, "policyRepositoryMatchLimit": { "description": "The maximum number of repositories that can be matched by a global embeddings policy", "type": "integer", "!go": { "pointer": true }, "default": "5000" }, "excludeChunkOnError": { "description": "Whether to cancel indexing a repo if embedding a single file fails. If true, the chunk that cannot generate embeddings is not indexed and the remainder of the repository proceeds with indexing.", "type": "boolean", "!go": { "pointer": true }, "default": true } }, "examples": [ { "enabled": true, "dimensions": 1536, "model": "text-embedding-ada-002", "accessToken": "your-access-token", "url": "https://api.openai.com/v1/embeddings", "excludedFilePathPatterns": ["*.svg", "**/__mocks__/**", "**/test/**"] } ] }, "completions": { "description": "Configuration for the completions service.", "type": "object", "properties": { "enabled": { "description": "DEPRECATED. Use cody.enabled instead to turn Cody on/off.", "type": "boolean", "!go": { "pointer": true }, "default": true }, "model": { "description": "DEPRECATED. Use chatModel instead.", "type": "string" }, "user": { "description": "The user field for OpenAI config for both AzureOpenAI and OpenAI", "type": "string" }, "azureChatModel": { "description": "Optional: Specify the Azure OpenAI model name for chat completions. This is only needed when you want to count tokens associated with your azure model", "type": "string", "enum": [ "gpt-3.5-turbo", "gpt-3.5-turbo-16k", "gpt-3.5-turbo-instruct", "gpt-3.5-turbo-0125", "gpt-3.5-turbo-0301", "gpt-3.5-turbo-0613", "gpt-3.5-turbo-16k-0613", "gpt-4-0314", "gpt-4-32k-0314", "gpt-4-0613", "gpt-4-32k-0613", "gpt-4o", "gpt-4o-2024-05-13", "gpt-4o-2024-08-06", "gpt-4" ] }, "azureCompletionModel": { "description": "Optional: Specify the Azure OpenAI model name for chat completions. This is only needed when you want to count tokens associated with your azure model", "type": "string", "enum": [ "gpt-3.5-turbo", "gpt-3.5-turbo-instruct", "gpt-3.5-turbo-16k", "gpt-3.5-turbo-0125", "gpt-3.5-turbo-0301", "gpt-3.5-turbo-0613", "gpt-3.5-turbo-16k-0613", "gpt-4-0314", "gpt-4-32k-0314", "gpt-4-0613", "gpt-4-32k-0613", "gpt-4o", "gpt-4o-2024-05-13", "gpt-4o-2024-08-06", "gpt-4" ] }, "fastChatModel": { "description": "The model used for fast chat completions. \n NOTE: The Anthropic messages API does not support model names like claude-2 or claude-instant-1 where only the major version is specified as they are retired. We recommend using a specific model identifier as specified here https://docs.anthropic.com/claude/docs/models-overview#model-comparison ", "type": "string", "not": { "enum": ["claude-2", "claude-instant-1"] } }, "azureUseDeprecatedCompletionsAPIForOldModels": { "description": "Enables the use of the older completions API for select Azure OpenAI models.", "type": "boolean", "default": true }, "fastChatModelMaxTokens": { "description": "The maximum number of tokens to use as client when talking to fastChatModel. If not set, clients need to set their own limit.", "type": "integer" }, "chatModel": { "description": "The model used for chat completions. If using the default provider 'sourcegraph', a reasonable default model will be set.\n NOTE: The Anthropic messages API does not support model names like claude-2 or claude-instant-1 where only the major version is specified as they are retired. We recommend using a specific model identifier as specified here https://docs.anthropic.com/claude/docs/models-overview#model-comparison ", "type": "string", "not": { "enum": ["claude-2", "claude-instant-1"] }, "errorMessage": "The substring 'cumber' is not allowed because it is a bad idea and may lead to unexpected issues." }, "chatModelMaxTokens": { "description": "The maximum number of tokens to use as client when talking to chatModel. If not set, clients need to set their own limit. If smartContextWindow is enabled, this value will be overridden by the clients.", "type": "integer" }, "smartContextWindow": { "description": "Whether the maximum number of tokens should be automatically adjusted by the client based on the name of chatModel. If enabled, it will override the value set in chatModelMaxTokens.", "type": "string", "default": "enabled", "enum": ["enabled", "disabled"] }, "disableClientConfigAPI": { "description": "Should not be set. If set to true, disables the use of the new client config API. This new API has no user-facing effect, this opt-out is provided only as an escape hatch in case of issues.", "type": "boolean", "!go": { "pointer": true }, "deprecationMessage": "This opt-out feature flag will be removed soon." }, "completionModel": { "description": "The model used for code completion. If using the default provider 'sourcegraph', a reasonable default model will be set.\n NOTE: The Anthropic messages API does not support model names like claude-2 or claude-instant-1 where only the major version is specified as they are retired. We recommend using a specific model identifier as specified here https://docs.anthropic.com/claude/docs/models-overview#model-comparison ", "type": "string", "not": { "enum": ["claude-2", "claude-instant-1"] } }, "completionModelMaxTokens": { "description": "The maximum number of tokens to use as client when talking to completionModel. If not set, clients need to set their own limit.", "type": "integer" }, "accessToken": { "description": "The access token used to authenticate with the external completions provider. If using the default provider 'sourcegraph', and if 'licenseKey' is set, a default access token is generated.", "type": "string" }, "provider": { "type": "string", "description": "The external completions provider. Defaults to 'sourcegraph'.", "default": "sourcegraph", "enum": ["anthropic", "openai", "sourcegraph", "azure-openai", "aws-bedrock", "fireworks", "google"] }, "endpoint": { "type": "string", "description": "The endpoint under which to reach the provider. Currently only used for provider types \"sourcegraph\", \"openai\" and \"anthropic\". The default values are \"https://cody-gateway.sourcegraph.com\", \"https://api.openai.com/v1/chat/completions\", and \"https://api.anthropic.com/v1/messages\" for Sourcegraph, OpenAI, and Anthropic, respectively." }, "perUserDailyLimit": { "description": "If > 0, limits the number of completions requests allowed for a user in a day. On instances that allow anonymous requests, we enforce the rate limit by IP.", "type": "integer", "default": 0 }, "perUserCodeCompletionsDailyLimit": { "description": "If > 0, limits the number of code completions requests allowed for a user in a day. On instances that allow anonymous requests, we enforce the rate limit by IP.", "type": "integer", "default": 0 }, "perCommunityUserChatMonthlyLLMRequestLimit": { "description": "If > 0, limits the number of completions requests allowed for a Community user in a month. This is for Self-serve Cody and applies to Dotcom only.", "type": "integer", "default": 0 }, "perCommunityUserCodeCompletionsMonthlyLLMRequestLimit": { "description": "If > 0, limits the number of code completions requests allowed for a Community user in a month. This is for Self-serve Cody and applies to Dotcom only.", "type": "integer", "default": 0 }, "perProUserChatDailyLLMRequestLimit": { "description": "If > 0, limits the number of completions requests allowed for a Pro user in a day. This is for Self-serve Cody and applies to Dotcom only.", "type": "integer", "default": 0 }, "perProUserCodeCompletionsDailyLLMRequestLimit": { "description": "If > 0, limits the number of code completions requests allowed for a Pro user in a day. This is for Self-serve Cody and applies to Dotcom only.", "type": "integer", "default": 0 }, "perCommunityUserChatMonthlyInteractionLimit": { "description": "If > 0, enables the maximum number of completions interactions allowed to be made by a single Community user in a month. This is for Cody PLG and applies to Dotcom only.", "type": "integer", "default": 0 }, "perCommunityUserCodeCompletionsMonthlyInteractionLimit": { "description": "If > 0, enables the maximum number of code completions interactions allowed to be made by a single Community user in a month. This is for Cody PLG and applies to Dotcom only.", "type": "integer", "default": 0 }, "perProUserChatDailyInteractionLimit": { "description": "If > 0, enables the maximum number of completions interactions allowed to be made by a single Pro user in a day. This is for Cody PLG and applies to Dotcom only.", "type": "integer", "default": 0 }, "perProUserCodeCompletionsDailyInteractionLimit": { "description": "If > 0, enables the maximum number of code completions interactions allowed to be made by a single Pro user in a day. This is for Cody PLG and applies to Dotcom only.", "type": "integer", "default": 0 } }, "examples": [ { "enabled": true, "chatModel": "chat", "completionModel": "code-completion", "accessToken": "abc123", "provider": "openai", "perUserDailyLimit": 100 } ] }, "configFeatures": { "description": "Configuration for the completions service.", "type": "object", "properties": { "chat": { "description": "Enable/Disable Chat for the clients", "type": "boolean" }, "chatVision": { "description": "Enable/Disable uploading images to Chat", "type": "boolean" }, "autoComplete": { "description": "Enable/Disable AutoComplete for the clients", "type": "boolean" }, "commands": { "description": "Enable/Disable special commands for the clients", "type": "boolean" } }, "examples": [ { "chat": true } ] }, "attribution.enabled": { "description": "Enable/Disable attribution search for Cody-generated snippets", "type": "boolean", "!go": { "pointer": true } }, "attribution.mode": { "description": "Hide Cody-generated snippets that have attribution matches (\"enforced\"), or show the snippet but passively inform the user about attribution (\"permissive\", the default). Requires attribution.enabled = true.", "type": "string", "enum": ["permissive", "enforced"], "default": "permissive", "!go": { "pointer": true } }, "attribution.gateway": { "description": "Use this gateway parameters for customers that bring their own key. Otherwise gateway endpoint is used.", "type": "object", "properties": { "endpoint": { "description": "Endpoint where Cody gateway can be accessed for attribution.", "type": "string" }, "accessToken": { "description": "Only for use to override token for attribution gateway access. If 'licenseKey' is set, a default access token is generated.", "type": "string" } } }, "modelConfiguration": { "$ref": "#/definitions/SiteModelConfiguration" }, "cody.serverSideContext": { "description": "Configuration for Server-side context API", "type": "object", "group": "Cody", "properties": { "reranker": { "description": "Reranker to use for rankContext requests", "type": "object", "properties": { "type": { "type": "string", "enum": ["sourcegraph", "identity", "cohere", "voyageai"] } }, "oneOf": [ { "$ref": "#/definitions/CodyRerankerSourcegraph" }, { "$ref": "#/definitions/CodyRerankerIdentity" }, { "$ref": "#/definitions/CodyRerankerCohere" }, { "$ref": "#/definitions/CodyRerankerVoyageAI" } ], "!go": { "taggedUnionType": true } } } }, "entitlements.completionCredits": { "description": "Configure completion credits entitlement enablement", "type": "object", "properties": { "mode": { "description": "Configure completions credits consumption tracking and enforcement mode", "type": "string", "default": "disabled", "enum": ["disabled", "track", "trackStrict", "enforce"] } } } }, "definitions": { "SiteModelConfiguration": { "type": "object", "description": "BETA FEATURE, only enable if you know what you are doing. If set, Cody will use the new model configuration system and ignore the old 'completions' site configuration entirely.", "properties": { "sourcegraph": { "$ref": "#/definitions/SourcegraphModelConfig" }, "providerOverrides": { "description": "Configures model providers. Here you can override how Cody connects to model providers and e.g. bring your own API keys or self-hosted models.", "type": "array", "default": [], "items": { "$ref": "#/definitions/ProviderOverride" } }, "modelOverrides": { "description": "Override, or add to, the list of models Cody is aware of and how they are configured to work", "type": "array", "default": [], "items": { "$ref": "#/definitions/ModelOverride" } }, "modelOverridesRecommendedSettings": { "deprecationMessage": "Deprecated; use 'selfHostedModels' instead.", "description": "Override, or add to, the list of models Cody is aware of - but let Sourcegraph configure how the model should work. Only available for select models.\n\nSpecifying the same model both here and in 'modelOverrides' is not allowed.", "type": "array", "default": [], "items": { "type": "string", "enum": [ "bigcode::v1::starcoder2-7b", "bigcode::v1::starcoder2-15b", "mistral::v1::mistral-7b-instruct", "mistral::v1::mixtral-8x7b-instruct", "mistral::v1::mixtral-8x22b-instruct" ] } }, "selfHostedModels": { "description": "Add models to the list of models Cody is aware of, but let Sourcegraph provide default configuration for the model. Only available for select models, generic models can be configured in 'modelOverrides'.\n\nSpecifying the same model both here and in 'modelOverrides' is not allowed.", "type": "array", "default": [], "items": { "$ref": "#/definitions/SelfHostedModel" } }, "defaultModels": { "$ref": "#/definitions/DefaultModels" }, "systemPreInstruction": { "description": "An optional global chat pre-instruction message to be prepended to all chat completions as a system message. This is useful for an admin to offer the LLM some global context or restrictions. This is an admin level prompt and thus will be unconditionally added, even if a client-level pre-instruction is present.", "type": "string", "maximum": 280 } } }, "SelfHostedModel": { "type": "object", "examples": [ { "provider": "mistral", "model": "mixtral-8x7b-instruct", "override": { "serverSideConfig": { "apiModel": "mixtral-8x7b-instruct" } } } ], "required": ["provider"], "properties": { "provider": { "description": "provider ID", "type": "string", "examples": ["mistral", "meta", "acme-corp-custom"] }, "apiVersion": { "description": "API version", "type": "string", "examples": ["v1"], "default": "v1" }, "model": { "description": "Which default model configuration to use. Sourcegraph provides default model configuration for select models. Arbitrary models can be configured in 'modelOverrides'", "type": "string", "enum": [ "starcoder2-7b@v1", "starcoder2-15b@v1", "mistral-7b-instruct@v1", "mixtral-8x7b-instruct@v1", "mixtral-8x22b-instruct@v1" ] }, "override": { "$ref": "#/definitions/SelfHostedModelOverride" } } }, "SelfHostedModelOverride": { "description": "Properties to override in the default model configuration", "type": "object", "properties": { "displayName": { "description": "Display name", "type": "string", "examples": ["Claude 3 Sonnet", "GPT-4 Turbo"] }, "contextWindow": { "$ref": "#/definitions/ContextWindow" }, "modelCost": { "$ref": "#/definitions/ModelCost" }, "clientSideConfig": { "$ref": "#/definitions/ClientSideModelConfigOpenAICompatible" }, "serverSideConfig": { "$ref": "#/definitions/ServerSideModelConfigOpenAICompatible" } } }, "SourcegraphModelConfig": { "description": "If null, Cody will not use Sourcegraph's servers for model discovery.", "type": ["object", "null"], "properties": { "endpoint": { "description": "The Cody gateway URL to use for making LLM requests. If null, the production URL for Cody gateway will be used.", "type": "string", "!go": { "pointer": true }, "default": null }, "accessToken": { "description": "The Cody gateway access token to use. If null, an access token will be automatically generated based on the product license.", "type": "string", "!go": { "pointer": true }, "default": null }, "modelFilters": { "$ref": "#/definitions/ModelFilters" } } }, "ModelFilters": { "description": "Filters that allow you to constrain which models are available to users.", "type": "object", "default": null, "properties": { "statusFilter": { "description": "Constrain models to just those matching one of the supplied statuses", "type": "array", "items": { "type": "string", "enum": ["experimental", "beta", "stable", "deprecated"] }, "examples": ["beta", "stable"], "default": ["stable"] }, "allow": { "description": "Constrain models to only those in this allow list. Wildcards may be used here, but not regexp.", "type": "array", "items": { "type": "string" }, "examples": ["anthropic::*", "openai::2024-02-01::*"], "default": ["*"] }, "deny": { "description": "Any models in this deny list will not be allowed. Wildcards may be used here, but not regexp.", "type": "array", "items": { "type": "string" }, "examples": [["*gpt*"]], "default": [] } } }, "BasicAuth": { "description": "Basic authentication credentials", "type": "object", "properties": { "username": { "type": "string" }, "password": { "type": "string" } } }, "AccessTokenQuery": { "description": "Configuration for how to fetch an access token from a HTTP URL. Currently only valid for ServerSideProviderConfigAWSBedrock, ServerSideProviderConfigAzureOpenAI, ServerSideProviderConfigAnthropicProvider, and ServerSideProviderConfigOpenAICompatibleProvider. Ignored when accessToken field is set at same level", "type": "object", "properties": { "url": { "description": "The HTTP URL where the token can be fetched", "type": "string", "format": "uri" }, "method": { "description": "HTTP method to use when querying for the access token", "type": "string", "default": "GET" }, "headers": { "description": "Optional headers that should be sent with the request", "type": "object", "additionalProperties": { "type": "string" } }, "basicAuth": { "description": "Basic authentication credentials", "$ref": "#/definitions/BasicAuth" }, "formData": { "description": "Form URL-encoded data for POST requests", "type": "object", "additionalProperties": { "type": "string" } }, "queryParams": { "description": "Any query parameters needed on the URL", "type": "object", "additionalProperties": { "type": "string" } } }, "additionalProperties": false }, "ProviderOverride": { "type": "object", "required": ["id", "displayName"], "properties": { "id": { "description": "provider ID", "type": "string", "examples": ["anthropic", "google", "acme-corp-custom"] }, "displayName": { "description": "display name", "type": "string", "examples": ["Anthropic", "Google", "ACME Corp Custom"] }, "clientSideConfig": { "$ref": "#/definitions/ClientSideProviderConfig" }, "serverSideConfig": { "$ref": "#/definitions/ServerSideProviderConfig" }, "defaultModelConfig": { "$ref": "#/definitions/DefaultModelConfig" } } }, "ModelOverride": { "type": "object", "required": ["modelRef", "displayName", "modelName", "capabilities", "category", "status", "contextWindow"], "properties": { "modelRef": { "description": "The qualified name of the model in '${ProviderID}::${APIVersionID}::${ModelID}' format", "type": "string", "examples": ["anthropic::2023-06-01::claude-3-sonnet", "openai::2024-02-01::gpt-4-turbo"] }, "displayName": { "description": "display name", "type": "string", "examples": ["Claude 3 Sonnet", "GPT-4 Turbo"] }, "modelName": { "description": "model name used when sending requests to the LLM provider's backend API.", "type": "string", "examples": ["claude-3-sonnet-20240229", "gpt-4-turbo"] }, "capabilities": { "description": "Whether the model can be used for chat, just autocomplete, etc.", "type": "array", "items": { "type": "string", "enum": ["autocomplete", "chat", "vision", "reasoning", "edit", "tools", "fallback"] }, "examples": [["chat", "autocomplete", "vision", "reasoning", "edit", "tools"]] }, "category": { "type": "string", "enum": ["balanced", "speed", "other", "accuracy"], "examples": ["balanced"] }, "status": { "type": "string", "enum": ["experimental", "beta", "stable", "deprecated"], "examples": ["stable"] }, "contextWindow": { "$ref": "#/definitions/ContextWindow" }, "reasoningEffort": { "type": "string", "enum": ["low", "medium", "high"], "examples": ["low"] }, "modelCost": { "$ref": "#/definitions/ModelCost" }, "clientSideConfig": { "$ref": "#/definitions/ClientSideModelConfig" }, "serverSideConfig": { "$ref": "#/definitions/ServerSideModelConfig" } } }, "ContextWindow": { "description": "Context window for the model", "type": "object", "examples": [ { "maxInputTokens": 7000, "maxOutputTokens": 4000 } ], "required": ["maxInputTokens", "maxOutputTokens"], "properties": { "maxInputTokens": { "type": "integer", "examples": [7000] }, "maxOutputTokens": { "type": "integer", "examples": [4000] } } }, "ModelCost": { "description": "Monetary cost of using a particular model with a given usage", "type": "object", "examples": [ { "unit": "mtok", "inputTokenCredits": 7000, "outputTokenCredits": 4000 } ], "required": ["unit"], "properties": { "unit": { "description": "Unit of measurement for token price, either per million or per billion tokens", "type": "string", "enum": ["mtok", "btok"], "examples": ["mtok"] }, "inputTokenCredits": { "description": "Cost per unit of input tokens in credits", "examples": [7000], "type": "integer", "!go": { "pointer": true } }, "outputTokenCredits": { "description": "Cost per unit of output tokens in credits", "examples": [4000], "type": "integer", "!go": { "pointer": true } }, "inputTokenPennies": { "description": "DEPRECATED: Use inputTokenCredits instead.", "type": "integer", "!go": { "pointer": true } }, "outputTokenPennies": { "description": "DEPRECATED: Use outputTokenCredits instead.", "type": "integer", "!go": { "pointer": true } } } }, "DefaultModels": { "type": "object", "default": null, "properties": { "chat": { "description": "The qualified name of the model to use for chat, in '${ProviderID}::${APIVersionID}::${ModelID}' format", "type": "string", "examples": [["anthropic::2023-06-01::claude-3-sonnet", "openai::2024-02-01::gpt-4-turbo"]] }, "fastChat": { "description": "The qualified name of the model to use for fast chat, in '${ProviderID}::${APIVersionID}::${ModelID}' format", "type": "string", "examples": [["anthropic::2023-06-01::claude-3-sonnet", "openai::2024-02-01::gpt-4-turbo"]] }, "codeCompletion": { "description": "The qualified name of the model to use for code completion, in '${ProviderID}::${APIVersionID}::${ModelID}' format", "type": "string", "examples": [["anthropic::2023-06-01::claude-3-sonnet", "openai::2024-02-01::gpt-4-turbo"]] }, "fallbackChat": { "description": "The qualified name of the model to use for unlimited chat, in '${ProviderID}::${APIVersionID}::${ModelID}' format", "type": "string", "examples": [["google::v1::gemini-2.0-flash"]] } } }, "DefaultModelConfig": { "description": "The model configuration that is applied to every model for a given provider.", "type": "object", "required": ["capabilities", "category", "status", "contextWindow"], "properties": { "capabilities": { "description": "Whether the model can be used for chat, just autocomplete, etc.", "type": "array", "items": { "type": "string", "enum": ["autocomplete", "chat", "vision", "reasoning", "edit", "tools", "fallback"] }, "examples": [["chat", "autocomplete", "vision", "reasoning", "edit", "tools"]] }, "category": { "type": "string", "enum": ["balanced", "speed", "other", "accuracy"], "examples": [["balanced"]] }, "status": { "type": "string", "enum": ["experimental", "beta", "stable", "deprecated"], "examples": [["stable"]] }, "contextWindow": { "$ref": "#/definitions/ContextWindow" }, "modelCost": { "$ref": "#/definitions/ModelCost" }, "clientSideConfig": { "$ref": "#/definitions/ClientSideModelConfig" }, "serverSideConfig": { "$ref": "#/definitions/ServerSideModelConfig" } } }, "ClientSideProviderConfig": { "type": "object", "default": null, "description": "No client-side provider configuration is currently available.", "properties": {} }, "ServerSideProviderConfig": { "type": "object", "!go": { "taggedUnionType": true }, "default": null, "required": ["type"], "properties": { "type": { "type": "string", "enum": [ "awsBedrock", "azureOpenAI", "anthropic", "fireworks", "google", "openai", "huggingface-tgi", "openaicompatible", "sourcegraph" ] } }, "oneOf": [ { "$ref": "#/definitions/ServerSideProviderConfigAWSBedrock" }, { "$ref": "#/definitions/ServerSideProviderConfigAzureOpenAI" }, { "$ref": "#/definitions/ServerSideProviderConfigAnthropicProvider" }, { "$ref": "#/definitions/ServerSideProviderConfigFireworksProvider" }, { "$ref": "#/definitions/ServerSideProviderConfigGoogleProvider" }, { "$ref": "#/definitions/ServerSideProviderConfigOpenAIProvider" }, { "$ref": "#/definitions/ServerSideProviderConfigHuggingfaceTGIProvider" }, { "$ref": "#/definitions/ServerSideProviderConfigOpenAICompatibleProvider" }, { "$ref": "#/definitions/ServerSideProviderConfigSourcegraphProvider" }, { "$ref": "#/definitions/DoNotUsePhonyDiscriminantType" } ] }, "ServerSideProviderConfigAWSBedrock": { "type": "object", "required": ["type", "endpoint", "region"], "properties": { "type": { "type": "string", "const": "awsBedrock" }, "accessToken": { "description": "Leave empty to rely on instance role bindings or other AWS configurations in frontend service. <ACCESS_KEY_ID>:<SECRET_ACCESS_KEY> if directly configuring the credentials, or <ACCESS_KEY_ID>:<SECRET_ACCESS_KEY>:<SESSION_TOKEN> if a session token is also required.", "type": "string" }, "accessTokenQuery": { "description": "Ignored when accessToken is set; this is a configuration for fetching a provider access token over HTTP.", "$ref": "#/definitions/AccessTokenQuery" }, "endpoint": { "description": "For Pay-as-you-go, set it to an AWS region code (e.g., us-west-2) when using a public Amazon Bedrock endpoint; For Provisioned Throughput, set it to the provisioned VPC endpoint for the bedrock-runtime API (e.g., 'https://vpce-0a10b2345cd67e89f-abc0defg.bedrock-runtime.us-west-2.vpce.amazonaws.com')", "type": "string" }, "region": { "description": "Region to use when configuring API clients. (Since the 'frontend' binary's container won't be able to pick this up from the host OS's environment variables.)", "type": "string" }, "authMethod": { "description": "Optional: the authentication method to use. If not specified or 'AWS' specified, AWS request signing will be used. If 'direct' specified, the provided accessToken will be used as a bearer token to authenticate requests to the endpoint.", "type": "string", "enum": ["AWS", "direct"], "default": "AWS" }, "urlBuilder": { "description": "Optional: the URL building method to use. If not specified or 'AWS' specified, region and model will be used to build the AWS Bedrock URL. If 'direct' specified, the provided endpoint will be used as the URL.", "type": "string", "enum": ["AWS", "direct"], "default": "AWS" } } }, "ServerSideProviderConfigAzureOpenAI": { "type": "object", "required": ["type", "endpoint", "user", "useDeprecatedCompletionsAPI"], "properties": { "type": { "type": "string", "const": "azureOpenAI" }, "accessToken": { "description": "As of 5.2.4 the access token can be left empty and it will rely on Environmental, Workload Identity or Managed Identity credentials configured for the frontend and worker services; Set it to <API_KEY> if directly configuring the credentials using the API key specified in the Azure portal", "type": "string" }, "accessTokenQuery": { "description": "Ignored when accessToken is set; this is a configuration for fetching a provider access token over HTTP.", "$ref": "#/definitions/AccessTokenQuery" }, "endpoint": { "description": "Endpoint from the Azure OpenAI Service portal", "type": "string" }, "user": { "description": "The user field passed along to OpenAI-provided models.", "type": "string" }, "useDeprecatedCompletionsAPI": { "description": "Enables the use of the older completions API for select Azure OpenAI models. This is just an escape hatch, for backwards compatibility, because not all Azure OpenAI models are available on the 'newer' completions API.", "type": "boolean" }, "apiVersion": { "description": "The API version to use for the Azure OpenAI Service. Compatibility may be broken between versions - the only officially supported option here is to leave it unset.", "type": "string" } } }, "ServerSideProviderConfigAnthropicProvider": { "type": "object", "required": ["type", "endpoint"], "properties": { "type": { "type": "string", "const": "anthropic" }, "accessToken": { "type": "string" }, "endpoint": { "type": "string" }, "accessTokenQuery": { "description": "Ignored when accessToken is set; this is a configuration for fetching a provider access token over HTTP.", "$ref": "#/definitions/AccessTokenQuery" } } }, "ServerSideProviderConfigFireworksProvider": { "type": "object", "required": ["type", "accessToken", "endpoint"], "properties": { "type": { "type": "string", "const": "fireworks" }, "accessToken": { "type": "string" }, "endpoint": { "type": "string" } } }, "ServerSideProviderConfigGoogleProvider": { "type": "object", "required": ["type", "accessToken", "endpoint"], "properties": { "type": { "type": "string", "const": "google" }, "accessToken": { "type": "string" }, "endpoint": { "type": "string" } } }, "ServerSideProviderConfigOpenAIProvider": { "type": "object", "required": ["type", "accessToken", "endpoint"], "properties": { "type": { "type": "string", "const": "openai" }, "accessToken": { "type": "string" }, "endpoint": { "type": "string" } } }, "ServerSideProviderConfigHuggingfaceTGIProvider": { "type": "object", "required": ["type", "endpoints"], "properties": { "type": { "type": "string", "const": "huggingface-tgi" }, "endpoints": { "$ref": "#/definitions/OpenAICompatibleEndpoint" }, "enableVerboseLogs": { "description": "Whether to enable verbose logging of requests. When enabled, grep for 'OpenAICompatible' in the frontend container logs to see the requests Cody makes to the endpoint.", "type": "boolean", "default": false } } }, "ServerSideProviderConfigOpenAICompatibleProvider": { "type": "object", "required": ["type", "endpoints"], "properties": { "type": { "type": "string", "const": "openaicompatible" }, "endpoints": { "$ref": "#/definitions/OpenAICompatibleEndpoint" }, "enableVerboseLogs": { "description": "Whether to enable verbose logging of requests. When enabled, grep for 'OpenAICompatible' in the frontend container logs to see the requests Cody makes to the endpoint.", "type": "boolean", "default": false }, "useLegacyCompletions": { "description": "If true (default), uses the /completions endpoint for autocomplete requests. If false, uses the /chat/completions endpoint for all requests, including autocomplete.", "type": "boolean", "default": true } } }, "OpenAICompatibleEndpoint": { "description": "Endpoints to connect to. If multiple are specified, Sourcegraph will randomly distribute requests between them.", "type": "array", "items": { "minLength": 1, "type": "object", "required": ["url"], "properties": { "url": { "type": "string" }, "accessToken": { "type": "string" }, "accessTokenQuery": { "description": "Ignored when accessToken is set; this is a configuration for fetching a provider access token over HTTP.", "$ref": "#/definitions/AccessTokenQuery" }, "headers": { "description": "Optional static headers that should be sent with requests to this endpoint. If provided, both accessToken and accessTokenQuery will be ignored and no 'Authorization' header will be set unless configured here.", "type": "object", "additionalProperties": { "type": "string" } } } } }, "ServerSideProviderConfigSourcegraphProvider": { "type": "object", "required": ["type", "accessToken", "endpoint"], "properties": { "type": { "type": "string", "const": "sourcegraph" }, "accessToken": { "type": "string" }, "endpoint": { "type": "string" } } }, "ClientSideModelConfig": { "type": "object", "default": null, "description": "No client-side model configuration is currently available.", "properties": { "openaicompatible": { "$ref": "#/definitions/ClientSideModelConfigOpenAICompatible" } } }, "ClientSideModelConfigOpenAICompatible": { "type": "object", "default": null, "description": "Advanced configuration options that are only respected if the model is provided by an openaicompatible provider.", "properties": { "stopSequences": { "type": "array", "items": { "type": "string", "description": "List of stop sequences to use for this model.", "examples": ["\n"] } }, "endOfText": { "type": "string", "description": "End of text identifier used by the model.", "examples": ["<|endoftext|>", "<EOT>"] }, "contextSizeHintTotalCharacters": { "!go": { "pointer": true }, "default": null, "type": "integer", "description": "A hint the client should use when producing context to send to the LLM.\nThe maximum length of all context (prefix + suffix + snippets), in characters." }, "contextSizeHintPrefixCharacters": { "!go": { "pointer": true }, "default": null, "type": "integer", "description": "A hint the client should use when producing context to send to the LLM.\nThe maximum length of the document prefix (text before the cursor) to include, in characters." }, "contextSizeHintSuffixCharacters": { "!go": { "pointer": true }, "default": null, "type": "integer", "description": "A hint the client should use when producing context to send to the LLM.\nThe maximum length of the document suffix (text after the cursor) to include, in characters." }, "chatPreInstruction": { "type": "string", "description": "Custom instruction to be included at the start of all chat messages\nwhen using this model, e.g. 'Answer all questions in Spanish.'\n\nNote: similar to Cody client config option 'cody.chat.preInstruction'; if user has configured that it will be used instead of this." }, "editPostInstruction": { "type": "string", "description": "Custom instruction to be included at the end of all edit commands\nwhen using this model, e.g. 'Write all unit tests with Jest instead of detected framework.'\n\nNote: similar to Cody client config option 'cody.edit.preInstruction'; if user has configured that it will be respected instead of this." }, "autocompleteSinglelineTimeout": { "type": "integer", "description": "How long the client should wait for autocomplete results to come back (milliseconds), before giving up and not displaying an autocomplete result at all.\n\nThis applies on single-line completions, e.g. 'var i = <completion>'\n\nNote: similar to hidden Cody client config option 'cody.autocomplete.advanced.timeout.singleline' If user has configured that, it will be respected instead of this." }, "autocompleteMultilineTimeout": { "type": "integer", "description": "How long the client should wait for autocomplete results to come back (milliseconds), before giving up and not displaying an autocomplete result at all.\n\nThis applies on multi-line completions, which are based on intent-detection when e.g. a code block is being completed, e.g. 'func parseURL(url string) {<completion>'\n\nNote: similar to hidden Cody client config option 'cody.autocomplete.advanced.timeout.multiline' If user has configured that, it will be respected instead of this." }, "chatTopK": { "!go": { "pointer": true }, "type": "number" }, "chatTopP": { "!go": { "pointer": true }, "type": "number" }, "chatTemperature": { "!go": { "pointer": true }, "type": "number" }, "chatMaxTokens": { "type": "integer" }, "autoCompleteTopK": { "!go": { "pointer": true }, "type": "number" }, "autoCompleteTopP": { "!go": { "pointer": true }, "type": "number" }, "autoCompleteTemperature": { "!go": { "pointer": true }, "type": "number" }, "autoCompleteSinglelineMaxTokens": { "type": "integer" }, "autoCompleteMultilineMaxTokens": { "type": "integer" }, "editTopK": { "!go": { "pointer": true }, "type": "number" }, "editTopP": { "!go": { "pointer": true }, "type": "number" }, "editTemperature": { "!go": { "pointer": true }, "type": "number" }, "editMaxTokens": { "type": "integer" } } }, "ServerSideModelConfig": { "type": "object", "!go": { "taggedUnionType": true }, "default": null, "required": ["type"], "properties": { "type": { "type": "string", "enum": ["awsBedrockProvisionedThroughput", "awsBedrock", "openaicompatible"] } }, "oneOf": [ { "$ref": "#/definitions/ServerSideModelConfigAwsBedrockProvisionedThroughput" }, { "$ref": "#/definitions/ServerSideModelConfigAwsBedrock" }, { "$ref": "#/definitions/ServerSideModelConfigOpenAICompatible" }, { "$ref": "#/definitions/DoNotUsePhonyDiscriminantType" } ] }, "ServerSideModelConfigAwsBedrockProvisionedThroughput": { "type": "object", "required": ["type", "arn"], "properties": { "type": { "type": "string", "const": "awsBedrockProvisionedThroughput" }, "arn": { "description": "The 'provisioned throughput ARN' to use when sending requests to AWS Bedrock", "type": "string" } } }, "ServerSideModelConfigAwsBedrock": { "description": "AWS Bedrock model configuration options.", "type": "object", "required": ["type"], "properties": { "type": { "type": "string", "const": "awsBedrock" }, "latencyOptimization": { "description": "Configures whether to use latency-optimized inference for this model. Available options are 'standard' and 'optimized'. See: https://docs.aws.amazon.com/bedrock/latest/userguide/latency-optimized-inference.html", "type": "string", "enum": ["standard", "optimized"] }, "arn": { "description": "The 'provisioned throughput ARN' to use when sending requests to AWS Bedrock", "type": "string" } } }, "ServerSideModelConfigOpenAICompatible": { "description": "Configuration that is only respected if the model is provided by an openaicompatible provider.", "type": "object", "required": ["type"], "properties": { "type": { "type": "string", "const": "openaicompatible" }, "apiModel": { "description": "The literal string value of the 'model' field that will be sent to the /chat/completions API, for example. If set, Sourcegraph treats this as an opaque string and sends it directly to the API, inferring no information from it. By default, the configured model name is sent.", "type": "string" } } }, "DoNotUsePhonyDiscriminantType": { "type": "object", "required": ["type"], "properties": { "type": { "type": "string", "const": "unused" }, "doNotUseThisProperty": { "description": "Do not use/set this property, it is useless. go-jsonschema has an issue where it does not support writing a tagged union unless it can find a field each of the union types do NOT have in common; this type merely exists to provide a field that is not in common with all other oneOf types. https://sourcegraph.com/github.com/sourcegraph/go-jsonschema/-/blob/compiler/generator_tagged_union_type.go?L47-49", "type": "string" } } }, "BrandAssets": { "type": "object", "properties": { "logo": { "description": "The URL to the image used on the homepage. This will replace the Sourcegraph logo on the homepage. Maximum width: 320px. We recommend using the following file formats: SVG, PNG", "type": "string", "format": "uri" }, "symbol": { "description": "The URL to the symbol used as the search icon. Recommended size: 24x24px. We recommend using the following file formats: SVG, PNG, ICO", "type": "string", "format": "uri" } } }, "BuiltinAuthProvider": { "description": "Configures the builtin username-password authentication provider.", "type": "object", "additionalProperties": false, "required": ["type"], "properties": { "type": { "type": "string", "const": "builtin" }, "allowSignup": { "description": "Allows new visitors to sign up for accounts. The sign-up page will be enabled and accessible to all visitors.\n\nSECURITY: If the site has no users (i.e., during initial setup), it will always allow the first user to sign up and become site admin **without any approval** (first user to sign up becomes the admin).", "type": "boolean", "default": false } } }, "OpenIDConnectAuthProvider": { "description": "Configures the OpenID Connect authentication provider for SSO.", "type": "object", "additionalProperties": false, "required": ["type", "issuer", "clientID", "clientSecret"], "properties": { "type": { "type": "string", "const": "openidconnect" }, "displayName": { "$ref": "#/definitions/AuthProviderCommon/properties/displayName" }, "displayPrefix": { "$ref": "#/definitions/AuthProviderCommon/properties/displayPrefix", "!go": { "pointer": true } }, "hidden": { "$ref": "#/definitions/AuthProviderCommon/properties/hidden" }, "noSignIn": { "$ref": "#/definitions/AuthProviderCommon/properties/noSignIn" }, "order": { "$ref": "#/definitions/AuthProviderCommon/properties/order" }, "configID": { "description": "An identifier that can be used to reference this authentication provider in other parts of the config. For example, in configuration for a code host, you may want to designate this authentication provider as the identity provider for the code host.", "type": "string" }, "issuer": { "description": "The URL of the OpenID Connect issuer.\n\nFor Google Apps: https://accounts.google.com", "type": "string", "format": "uri", "pattern": "^https?://" }, "clientID": { "description": "The client ID for the OpenID Connect client for this site.\n\nFor Google Apps: obtain this value from the API console (https://console.developers.google.com), as described at https://developers.google.com/identity/protocols/OpenIDConnect#getcredentials", "type": "string", "pattern": "^[^<]" }, "clientSecret": { "description": "The client secret for the OpenID Connect client for this site.\n\nFor Google Apps: obtain this value from the API console (https://console.developers.google.com), as described at https://developers.google.com/identity/protocols/OpenIDConnect#getcredentials", "type": "string", "pattern": "^[^<]" }, "requireEmailDomain": { "description": "Only allow users to authenticate if their email domain is equal to this value (example: mycompany.com). Do not include a leading \"@\". If not set, all users on this OpenID Connect provider can authenticate to Sourcegraph.", "type": "string", "pattern": "^[^<@]" }, "allowSignup": { "description": "Allows new visitors to sign up for accounts via OpenID Connect authentication. If false, users signing in via OpenID Connect must have an existing Sourcegraph account, which will be linked to their OpenID Connect identity after sign-in.", "type": "boolean", "!go": { "pointer": true } }, "singleIdentityPerUser": { "description": "When true, any user can connect exactly one identity from the identity provider.", "type": "boolean", "default": false } } }, "SAMLAuthProvider": { "description": "Configures the SAML authentication provider for SSO.\n\nNote: if you are using IdP-initiated login, you must have *at most one* SAMLAuthProvider in the `auth.providers` array.", "type": "object", "additionalProperties": false, "required": ["type"], "dependencies": { "serviceProviderCertificate": ["serviceProviderPrivateKey"], "serviceProviderPrivateKey": ["serviceProviderCertificate"], "signRequests": ["serviceProviderCertificate", "serviceProviderPrivateKey"] }, "properties": { "type": { "type": "string", "const": "saml" }, "configID": { "description": "An identifier that can be used to reference this authentication provider in other parts of the config. For example, in configuration for a code host, you may want to designate this authentication provider as the identity provider for the code host.", "type": "string" }, "displayName": { "$ref": "#/definitions/AuthProviderCommon/properties/displayName" }, "displayPrefix": { "$ref": "#/definitions/AuthProviderCommon/properties/displayPrefix", "!go": { "pointer": true } }, "hidden": { "$ref": "#/definitions/AuthProviderCommon/properties/hidden" }, "noSignIn": { "$ref": "#/definitions/AuthProviderCommon/properties/noSignIn" }, "order": { "$ref": "#/definitions/AuthProviderCommon/properties/order" }, "serviceProviderIssuer": { "description": "The SAML Service Provider name, used to identify this Service Provider. This is required if the \"externalURL\" field is not set (as the SAML metadata endpoint is computed as \"<externalURL>.auth/saml/metadata\"), or when using multiple SAML authentication providers.", "type": "string" }, "identityProviderMetadataURL": { "description": "The SAML Identity Provider metadata URL (for dynamic configuration of the SAML Service Provider).", "type": "string", "format": "uri", "pattern": "^https?://" }, "identityProviderMetadata": { "description": "The SAML Identity Provider metadata XML contents (for static configuration of the SAML Service Provider). The value of this field should be an XML document whose root element is `<EntityDescriptor>` or `<EntityDescriptors>`. To escape the value into a JSON string, you may want to use a tool like https://json-escape-text.now.sh.", "type": "string" }, "serviceProviderCertificate": { "description": "The SAML Service Provider certificate in X.509 encoding (begins with \"-----BEGIN CERTIFICATE-----\"). This certificate is used by the Identity Provider to validate the Service Provider's AuthnRequests and LogoutRequests. It corresponds to the Service Provider's private key (`serviceProviderPrivateKey`). To escape the value into a JSON string, you may want to use a tool like https://json-escape-text.now.sh.", "type": "string", "$comment": "The pattern matches either X.509 encoding or an env var.", "pattern": "^(-----BEGIN CERTIFICATE-----\n|\\$)", "minLength": 1 }, "serviceProviderPrivateKey": { "description": "The SAML Service Provider private key in PKCS#8 encoding (begins with \"-----BEGIN PRIVATE KEY-----\"). This private key is used to sign AuthnRequests and LogoutRequests. It corresponds to the Service Provider's certificate (`serviceProviderCertificate`). To escape the value into a JSON string, you may want to use a tool like https://json-escape-text.now.sh.", "type": "string", "$comment": "The pattern matches either PKCS#8 encoding or an env var.", "pattern": "^(-----BEGIN PRIVATE KEY-----\n|\\$)", "minLength": 1 }, "nameIDFormat": { "description": "The SAML NameID format to use when performing user authentication.", "type": "string", "pattern": "^urn:", "default": "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", "examples": [ "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", "urn:oasis:names:tc:SAML:1.1:nameid-format:persistent", "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", "urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", "urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress", "urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", "urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified", "urn:oasis:names:tc:SAML:2.0:nameid-format:entity" ] }, "signRequests": { "description": "Sign AuthnRequests and LogoutRequests sent to the Identity Provider using the Service Provider's private key (`serviceProviderPrivateKey`). It defaults to true if the `serviceProviderPrivateKey` and `serviceProviderCertificate` are set, and false otherwise.", "type": "boolean", "!go": { "pointer": true } }, "insecureSkipAssertionSignatureValidation": { "description": "Whether the Service Provider should (insecurely) accept assertions from the Identity Provider without a valid signature.", "type": "boolean", "default": false }, "allowSignup": { "description": "Allows new visitors to sign up for accounts via SAML authentication. If false, users signing in via SAML must have an existing Sourcegraph account, which will be linked to their SAML identity after sign-in.", "type": "boolean", "!go": { "pointer": true } }, "allowGroups": { "description": "Restrict login to members of these groups", "type": "array", "items": { "type": "string", "minLength": 1 } }, "groupsAttributeName": { "description": "Name of the SAML assertion attribute that holds group membership for allowGroups setting", "type": "string", "default": "groups" }, "usernameAttributeNames": { "description": "Names of the SAML assertions attributes to check for a user's username. Checked in the order the names are provided.", "type": "array", "items": { "type": "string", "minLength": 1 } } } }, "HTTPHeaderAuthProvider": { "description": "Configures the HTTP header authentication provider (which authenticates users by consulting an HTTP request header set by an authentication proxy such as https://github.com/bitly/oauth2_proxy).", "type": "object", "additionalProperties": false, "required": ["type", "usernameHeader"], "properties": { "type": { "type": "string", "const": "http-header" }, "usernameHeader": { "description": "The name (case-insensitive) of an HTTP header whose value is taken to be the username of the client requesting the page. Set this value when using an HTTP proxy that authenticates requests, and you don't want the extra configurability of the other authentication methods.", "type": "string", "examples": ["X-Forwarded-User"] }, "stripUsernameHeaderPrefix": { "description": "The prefix that precedes the username portion of the HTTP header specified in `usernameHeader`. If specified, the prefix will be stripped from the header value and the remainder will be used as the username. For example, if using Google Identity-Aware Proxy (IAP) with Google Sign-In, set this value to `accounts.google.com:`.", "type": "string", "examples": ["accounts.google.com:"] }, "emailHeader": { "description": "The name (case-insensitive) of an HTTP header whose value is taken to be the email of the client requesting the page. Set this value when using an HTTP proxy that authenticates requests, and you don't want the extra configurability of the other authentication methods.", "type": "string", "examples": ["X-App-Email"] }, "allowSignup": { "description": "Creates accounts for new users. Set this value to false to require users with HTTP header attestation to have an existing Sourcegraph account.", "type": "boolean", "default": true, "examples": [false], "!go": { "pointer": true } } } }, "GitHubAuthProvider": { "description": "Configures the GitHub (or GitHub Enterprise) OAuth authentication provider for SSO. In addition to specifying this configuration object, you must also create a OAuth App on your GitHub instance: https://developer.github.com/apps/building-oauth-apps/creating-an-oauth-app/. When a user signs into Sourcegraph or links their GitHub account to their existing Sourcegraph account, GitHub will prompt the user for the repo scope.", "type": "object", "additionalProperties": false, "required": ["type", "clientID", "clientSecret"], "properties": { "type": { "type": "string", "const": "github" }, "url": { "type": "string", "description": "URL of the GitHub instance, such as https://github.com/ or https://github-enterprise.example.com.", "default": "https://github.com/", "pattern": "^https?://", "!go": { "typeName": "NormalizedURL" } }, "clientID": { "type": "string", "description": "The Client ID of the GitHub OAuth app, accessible from https://github.com/settings/developers (or the same path on GitHub Enterprise)." }, "clientSecret": { "type": "string", "description": "The Client Secret of the GitHub OAuth app, accessible from https://github.com/settings/developers (or the same path on GitHub Enterprise)." }, "displayName": { "$ref": "#/definitions/AuthProviderCommon/properties/displayName" }, "displayPrefix": { "$ref": "#/definitions/AuthProviderCommon/properties/displayPrefix", "!go": { "pointer": true } }, "hidden": { "$ref": "#/definitions/AuthProviderCommon/properties/hidden" }, "noSignIn": { "$ref": "#/definitions/AuthProviderCommon/properties/noSignIn" }, "order": { "$ref": "#/definitions/AuthProviderCommon/properties/order" }, "allowSignup": { "description": "Allows new visitors to sign up for accounts via GitHub authentication. If false, users signing in via GitHub must have an existing Sourcegraph account, which will be linked to their GitHub identity after sign-in.", "default": false, "type": "boolean" }, "allowOrgs": { "description": "Restricts new logins and signups (if allowSignup is true) to members of these GitHub organizations. Existing sessions won't be invalidated. Leave empty or unset for no org restrictions.", "default": [], "type": "array", "items": { "type": "string", "minLength": 1 } }, "allowOrgsMap": { "description": "Restricts new logins and signups (if allowSignup is true) to members of GitHub teams. Each list of teams should have their Github org name as a key. Subteams inheritance is not supported, therefore only members of the listed teams will be granted access. Existing sessions won't be invalidated. Leave empty or unset for no team restrictions.", "default": {}, "type": "object", "additionalProperties": { "type": "array", "items": { "type": "string" } }, "examples": [ { "orgName": ["team1"], "anotherOrgName": ["team2", "team3"] } ] }, "allowGroupsPermissionsSync": { "description": "Experimental: Allows sync of GitHub teams and organizations permissions across all external services associated with this provider to allow enabling of [repository permissions caching](https://sourcegraph.com/docs/admin/code_hosts/github#teams-and-organizations-permissions-caching).", "default": false, "type": "boolean" } } }, "GitLabAuthProvider": { "description": "Configures the GitLab OAuth authentication provider for SSO. In addition to specifying this configuration object, you must also create a OAuth App on your GitLab instance: https://docs.gitlab.com/ee/integration/oauth_provider.html. The application should have `api` and `read_user` scopes and the callback URL set to the concatenation of your Sourcegraph instance URL and \"/.auth/gitlab/callback\".", "type": "object", "additionalProperties": false, "required": ["type", "clientID", "clientSecret"], "properties": { "type": { "type": "string", "const": "gitlab" }, "url": { "type": "string", "description": "URL of the GitLab instance, such as https://gitlab.com or https://gitlab.example.com.", "default": "https://gitlab.com/", "pattern": "^https?://", "!go": { "typeName": "NormalizedURL" } }, "ssoURL": { "type": "string", "description": "An alternate sign-in URL used to ease SSO sign-in flows, such as https://gitlab.com/groups/your-group/saml/sso?token=xxxxxx", "default": "" }, "clientID": { "type": "string", "description": "The Client ID of the GitLab OAuth app, accessible from https://gitlab.com/oauth/applications (or the same path on your private GitLab instance)." }, "clientSecret": { "type": "string", "description": "The Client Secret of the GitLab OAuth app, accessible from https://gitlab.com/oauth/applications (or the same path on your private GitLab instance)." }, "displayName": { "$ref": "#/definitions/AuthProviderCommon/properties/displayName" }, "displayPrefix": { "$ref": "#/definitions/AuthProviderCommon/properties/displayPrefix", "!go": { "pointer": true } }, "hidden": { "$ref": "#/definitions/AuthProviderCommon/properties/hidden" }, "noSignIn": { "$ref": "#/definitions/AuthProviderCommon/properties/noSignIn" }, "order": { "$ref": "#/definitions/AuthProviderCommon/properties/order" }, "apiScope": { "type": "string", "description": "The OAuth API scope that should be used", "default": "api", "enum": ["api", "read_api"] }, "allowSignup": { "description": "Allows new visitors to sign up for accounts via GitLab authentication. If false, users signing in via GitLab must have an existing Sourcegraph account, which will be linked to their GitLab identity after sign-in.", "default": true, "type": "boolean", "!go": { "pointer": true } }, "allowGroups": { "description": "Restricts new logins and signups (if allowSignup is true) to members of these GitLab groups. Existing sessions won't be invalidated. Make sure to inform the full path for groups or subgroups instead of their names. Leave empty or unset for no group restrictions.", "default": [], "type": "array", "items": { "type": "string", "minLength": 1 }, "examples": [["group", "group/subgroup", "group/subgroup/subgroup"]] }, "tokenRefreshWindowMinutes": { "description": "Time in minutes before token expiry when we should attempt to refresh it", "default": 10, "type": "integer" }, "syncInternalRepoPermissions": { "description": "Whether to sync permissions for internal repositories on GitLab. Setting this to false can be useful when internal repositories are configured to be public on Sourcegraph.", "default": true, "type": "boolean", "!go": { "pointer": true } } } }, "BitbucketCloudAuthProvider": { "description": "Configures the Bitbucket Cloud OAuth authentication provider for SSO. In addition to specifying this configuration object, you must also create a OAuth App on your Bitbucket Cloud workspace: https://support.atlassian.com/bitbucket-cloud/docs/use-oauth-on-bitbucket-cloud/. The application should have account, email, and repository scopes and the callback URL set to the concatenation of your Sourcegraph instance URL and \"/.auth/bitbucketcloud/callback\".", "type": "object", "additionalProperties": false, "required": ["type", "clientKey", "clientSecret"], "properties": { "type": { "type": "string", "const": "bitbucketcloud" }, "url": { "type": "string", "description": "URL of the Bitbucket Cloud instance.", "default": "https://bitbucket.org/", "pattern": "^https?://", "!go": { "typeName": "NormalizedURL" } }, "clientKey": { "type": "string", "description": "The Key of the Bitbucket OAuth app." }, "clientSecret": { "type": "string", "description": "The Client Secret of the Bitbucket OAuth app." }, "displayName": { "$ref": "#/definitions/AuthProviderCommon/properties/displayName" }, "displayPrefix": { "$ref": "#/definitions/AuthProviderCommon/properties/displayPrefix", "!go": { "pointer": true } }, "hidden": { "$ref": "#/definitions/AuthProviderCommon/properties/hidden" }, "noSignIn": { "$ref": "#/definitions/AuthProviderCommon/properties/noSignIn" }, "order": { "$ref": "#/definitions/AuthProviderCommon/properties/order" }, "apiScope": { "type": "string", "description": "The OAuth API scope that should be used. For permission syncing, specify at least \"account,email,repository\"" }, "allowSignup": { "description": "Allows new visitors to sign up for accounts via Bitbucket Cloud authentication. If false, users signing in via Bitbucket Cloud must have an existing Sourcegraph account, which will be linked to their Bitbucket Cloud identity after sign-in.", "default": true, "type": "boolean" } } }, "BitbucketServerAuthProvider": { "description": "Configures the Bitbucket Server OAuth authentication provider for SSO. In addition to specifying this configuration object, you must also create a OAuth App on your Bitbucket Server instance: https://confluence.atlassian.com/bitbucketserver0720/configure-an-incoming-link-1116282013.html. The application should have the repository read permission and the callback URL set to the concatenation of your Sourcegraph instance URL and \"/.auth/bitbucketserver/callback\".", "type": "object", "additionalProperties": false, "required": ["type", "clientID", "clientSecret"], "properties": { "type": { "type": "string", "const": "bitbucketserver" }, "url": { "type": "string", "description": "URL of the Bitbucket Server instance.", "example": "https://bitbucket.example.org/", "pattern": "^https?://", "!go": { "typeName": "NormalizedURL" } }, "clientID": { "type": "string", "description": "The ID of the Bitbucket OAuth app." }, "clientSecret": { "type": "string", "description": "The Client Secret of the Bitbucket OAuth app." }, "displayName": { "$ref": "#/definitions/AuthProviderCommon/properties/displayName" }, "displayPrefix": { "$ref": "#/definitions/AuthProviderCommon/properties/displayPrefix", "!go": { "pointer": true } }, "hidden": { "$ref": "#/definitions/AuthProviderCommon/properties/hidden" }, "noSignIn": { "$ref": "#/definitions/AuthProviderCommon/properties/noSignIn" }, "order": { "$ref": "#/definitions/AuthProviderCommon/properties/order" }, "allowSignup": { "description": "Allows new visitors to sign up for accounts via Bitbucket Server OAuth. If false, users signing in via Bitbucket Server must have an existing Sourcegraph account, which will be linked to their Bitbucket Server identity after sign-in.", "default": true, "type": "boolean" } } }, "GerritAuthProvider": { "description": "Gerrit auth provider", "type": "object", "additionalProperties": false, "required": ["type", "url"], "properties": { "type": { "type": "string", "const": "gerrit" }, "url": { "type": "string", "description": "URL of the Gerrit instance, such as https://gerrit-review.googlesource.com or https://gerrit.example.com.", "default": "https://gerrit-review.googlesource.com/", "!go": { "typeName": "NormalizedURL" } }, "displayName": { "$ref": "#/definitions/AuthProviderCommon/properties/displayName" }, "displayPrefix": { "$ref": "#/definitions/AuthProviderCommon/properties/displayPrefix", "!go": { "pointer": true } }, "hidden": { "$ref": "#/definitions/AuthProviderCommon/properties/hidden" }, "noSignIn": { "$ref": "#/definitions/AuthProviderCommon/properties/noSignIn" }, "order": { "$ref": "#/definitions/AuthProviderCommon/properties/order" } } }, "AzureDevOpsAuthProvider": { "description": "Azure auth provider for dev.azure.com", "type": "object", "additionalProperties": false, "required": ["type", "clientID", "clientSecret"], "properties": { "type": { "type": "string", "const": "azureDevOps" }, "url": { "type": "string", "description": "Endpoint to authorize with Entra. Required for Entra ID App registrations (all connections created after April 2025)", "example": "https://login.microsoftonline.com/00000002-0000-0000-c000-000000000000", "!go": { "typeName": "NormalizedURL" } }, "clientID": { "type": "string", "description": "The app ID of the Azure OAuth app." }, "clientSecret": { "type": "string", "description": "The client Secret of the Azure OAuth app." }, "displayName": { "$ref": "#/definitions/AuthProviderCommon/properties/displayName" }, "displayPrefix": { "$ref": "#/definitions/AuthProviderCommon/properties/displayPrefix", "!go": { "pointer": true } }, "hidden": { "$ref": "#/definitions/AuthProviderCommon/properties/hidden" }, "noSignIn": { "$ref": "#/definitions/AuthProviderCommon/properties/noSignIn" }, "order": { "$ref": "#/definitions/AuthProviderCommon/properties/order" }, "apiScope": { "type": "string", "description": "DEPRECATED: The OAuth API scope that should be used", "default": "vso.code,vso.identity,vso.project", "deprecated": true, "deprecationMessage": "Deprecated because this changed with the change to Entra Apps. Configure the scopes you want to grant within Entra under API permissions instead." }, "allowOrgs": { "description": "Restricts new logins and signups (if allowSignup is true) to members of these Azure DevOps organizations only. Existing sessions won't be invalidated. Leave empty or unset for no org restrictions.", "default": [], "type": "array", "items": { "type": "string", "minLength": 1 } }, "allowSignup": { "description": "Allows new visitors to sign up for accounts Azure DevOps authentication. If false, users signing in via Azure DevOps must have an existing Sourcegraph account, which will be linked to their Azure DevOps identity after sign-in.", "default": true, "type": "boolean", "!go": { "pointer": true } } } }, "AuthProviderCommon": { "$comment": "This schema is not used directly. The *AuthProvider schemas refer to its properties directly.", "description": "Common properties for authentication providers.", "type": "object", "properties": { "hidden": { "description": "Hides the configured auth provider from regular use through our web interface by omitting it from the JSContext, useful for experimental auth setups.", "type": "boolean", "default": false }, "noSignIn": { "description": "Hides the configured auth provider from the sign in page, but still allows users to connect an external account using their Account Security page to enable permissions syncing.", "type": "boolean", "default": false }, "order": { "description": "Determines order of auth providers on the login screen. Ordered as numbers, for example 1, 2, 3.", "type": "integer", "minimum": 1 }, "displayName": { "description": "The name to use when displaying this authentication provider in the UI. Defaults to an auto-generated name with the type of authentication provider and other relevant identifiers (such as a hostname).", "type": "string" }, "displayPrefix": { "description": "Defines the prefix of the auth provider button on the login screen. By default we show `Continue with <displayName>`. This propery allows you to change the `Continue with ` part to something else. Useful in cases where the displayName is not compatible with the prefix.", "type": "string", "default": "Continue with ", "!go": { "pointer": true } } } }, "NotifierSlack": { "description": "Slack notifier", "type": "object", "required": ["type"], "properties": { "type": { "type": "string", "const": "slack" }, "url": { "description": "Slack incoming webhook URL.", "type": "string" }, "username": { "description": "Set the username for the bot’s message.", "type": "string" }, "recipient": { "description": "Allows you to override the Slack recipient. You must either provide a channel Slack ID, a user Slack ID, a username reference (@<user>, all lowercase, no whitespace), or a channel reference (#<channel>, all lowercase, no whitespace).", "type": "string" }, "icon_emoji": { "description": "Provide an emoji to use as the icon for the bot’s message. Ex :smile:", "type": "string" }, "icon_url": { "description": "Provide a URL to an image to use as the icon for the bot’s message.", "type": "string" } } }, "NotifierPagerduty": { "description": "PagerDuty notifier", "type": "object", "required": ["type", "integrationKey"], "properties": { "type": { "type": "string", "const": "pagerduty" }, "integrationKey": { "description": "Integration key for the PagerDuty Events API v2 - see https://developer.pagerduty.com/docs/events-api-v2/overview", "type": "string" }, "severity": { "description": "Severity level for PagerDuty alert", "type": "string" }, "apiUrl": { "type": "string" } } }, "NotifierWebhook": { "description": "Webhook notifier", "type": "object", "required": ["type", "url"], "properties": { "type": { "type": "string", "const": "webhook" }, "url": { "type": "string" }, "username": { "type": "string" }, "password": { "type": "string" }, "bearerToken": { "type": "string" } } }, "NotifierEmail": { "description": "Email notifier", "type": "object", "required": ["type", "address"], "properties": { "type": { "type": "string", "const": "email" }, "address": { "description": "Address to send email to", "type": "string" } } }, "NotifierOpsGenie": { "description": "OpsGenie notifier", "type": "object", "required": ["type"], "properties": { "type": { "type": "string", "const": "opsgenie" }, "apiKey": { "type": "string" }, "apiUrl": { "type": "string" }, "tags": { "description": "Comma separated list of tags attached to the notifications - or a Go template that produces such a list. Sourcegraph provides some default ones if this value isn't specified.", "type": "string" }, "priority": { "description": "Defines the importance of an alert. Allowed values are P1, P2, P3, P4, P5 - or a Go template that resolves to one of those values. By default, Sourcegraph will fill this in for you if a value isn't specified here.", "type": "string" }, "responders": { "type": "array", "description": "List of responders responsible for notifications.", "items": { "type": "object", "properties": { "type": { "type": "string", "enum": ["team", "user", "escalation", "schedule"] }, "id": { "type": "string" }, "name": { "type": "string" }, "username": { "type": "string" } }, "oneOf": [ { "required": ["type", "id"] }, { "required": ["type", "name"] }, { "required": ["type", "username"] } ] } } } }, "EncryptionKey": { "description": "Config for a key", "type": "object", "required": ["type"], "properties": { "type": { "type": "string", "enum": ["cloudkms", "awskms", "mounted", "noop"] } }, "oneOf": [ { "$ref": "#/definitions/CloudKMSEncryptionKey" }, { "$ref": "#/definitions/AWSKMSEncryptionKey" }, { "$ref": "#/definitions/MountedEncryptionKey" }, { "$ref": "#/definitions/NoOpEncryptionKey" } ], "!go": { "taggedUnionType": true } }, "CloudKMSEncryptionKey": { "description": "Google Cloud KMS Encryption Key, used to encrypt data in Google Cloud environments", "type": "object", "required": ["type", "keyname"], "properties": { "type": { "type": "string", "const": "cloudkms" }, "keyname": { "type": "string" }, "credentialsFile": { "type": "string" } } }, "AWSKMSEncryptionKey": { "description": "AWS KMS Encryption Key, used to encrypt data in AWS environments", "type": "object", "required": ["type", "keyId"], "properties": { "type": { "type": "string", "const": "awskms" }, "keyId": { "type": "string" }, "region": { "type": "string" }, "credentialsFile": { "type": "string" } } }, "MountedEncryptionKey": { "description": "This encryption key is mounted from a given file path or an environment variable.", "type": "object", "required": ["type", "keyname"], "properties": { "type": { "type": "string", "const": "mounted" }, "keyname": { "type": "string" }, "filepath": { "type": "string" }, "envVarName": { "type": "string" }, "version": { "type": "string" } } }, "NoOpEncryptionKey": { "description": "This encryption key is a no op, leaving your data in plaintext (not recommended).", "type": "object", "required": ["type"], "properties": { "type": { "type": "string", "const": "noop" } } }, "EmailTemplate": { "type": "object", "required": ["subject", "html"], "properties": { "subject": { "description": "Template for email subject header", "type": "string" }, "html": { "description": "Template for HTML body", "type": "string" }, "text": { "description": "Optional template for plain-text body. If not provided, a plain-text body will be automatically generated from the HTML template.", "type": "string" } } }, "CodyContextFilterItem": { "type": "object", "required": ["repoNamePattern"], "properties": { "repoNamePattern": { "description": "Regular expression which matches a set of repository names. The pattern is evaluated using Go regular expression syntax (https://golang.org/pkg/regexp/). By default, the pattern matches partially. Use \\\"^...$\\\" for whole-string matching.", "type": "string", "format": "regex" } } }, "CodyRerankerIdentity": { "description": "Identity re-ranker", "type": "object", "required": ["type"], "properties": { "type": { "type": "string", "const": "identity" } } }, "CodyRerankerCohere": { "description": "Re-ranker using Cohere API", "type": "object", "required": ["type", "apiKey"], "properties": { "type": { "type": "string", "const": "cohere" }, "apiKey": { "type": "string" }, "model": { "type": "string", "default": "rerank-v3.5" } } }, "CodyRerankerVoyageAI": { "description": "Re-ranker using VoyageAI API", "type": "object", "required": ["type", "apiKey"], "properties": { "type": { "type": "string", "const": "voyageai" }, "apiKey": { "type": "string" }, "model": { "type": "string", "default": "rerank-2" } } }, "CodyRerankerSourcegraph": { "description": "Re-ranker using Sourcegraph API", "type": "object", "required": ["type"], "properties": { "type": { "type": "string", "const": "sourcegraph" }, "endpoint": { "type": "string" }, "accessToken": { "type": "string" } } } } }
Known bugs
The following site configuration options require the server to be restarted for the changes to take effect:
SHELLauth.providers externalURL insights.query.worker.concurrency insights.commit.indexer.interval permissions.syncUsersMaxConcurrency
Editing your site configuration if you cannot access the web UI
If you are having trouble accessing the web UI, you can make edits to your site configuration by editing the configuration directly.
Sourcegraph with Docker Compose and single-server Sourcegraph with Docker
Set FRONTEND_CONTAINER to:
- Docker Compose: the
sourcegraph-frontendcontainer - Single-container: the
sourcegraph/servercontainer
SHdocker exec -it --user=root $FRONTEND_CONTAINER sh -c 'apk add --no-cache && nano /home/sourcegraph/site-config.json'
Or if you prefer using a Vim editor:
SHdocker exec -it $FRONTEND_CONTAINER sh -c 'vi ~/site-config.json'
Sourcegraph with Kubernetes
For Kubernetes deployments:
SHkubectl exec -it $FRONTEND_POD -- sh -c 'apk add --no-cache nano && nano ~/site-config.json'
Or if you prefer using a Vim editor:
SHkubectl exec -it $FRONTEND_POD -- sh -c 'vi ~/site-config.json'
Then simply save your changes (type ctrl+x and y to exit nano and save your changes). Your changes will be applied immediately in the same way as if you had made them through the web UI.
If you are still encountering issues
You can check the container logs to see if you have made any typos or mistakes in editing the configuration file. If you are still encountering problems, you can save the default site configuration that comes with Sourcegraph (below) or contact support@sourcegraph.com with any questions you have.
JSON{ // The externally accessible URL for Sourcegraph (i.e., what you type into your browser) // This is required to be configured for Sourcegraph to work correctly. // "externalURL": "https://sourcegraph.example.com", // The authentication provider to use for identifying and signing in users. // Only one entry is supported. // // The builtin auth provider with signup disallowed (shown below) means that // after the initial site admin signs in, all other users must be invited. // // Other providers are documented at https://sourcegraph.com/docs/admin/auth. "auth.providers": [ { "type": "builtin", "allowSignup": false } ], }
Accessing global settings
Global settings should rarely need to be accessed. You will need to direct database access to change this setting.
To find the current global settings, use the following SQL query:
SQLSELECT * FROM settings WHERE user_id IS null and org_id IS null ORDER BY id DESC;
This will return a history of all global settings changes, the highest id being the latest
Next, you can update the content column to either {} to reset global settings or to the desired JSON object.
SQLUPDATE settings SET content = '{}' WHERE id IS <id>;