Skip to content

Environment Variables

Overview

Most SForge configuration can be injected via SFORGE_* environment variables. CLI-only fields, such as judge CPU/memory limits, are called out below. The resolution priority is:

defaults  <  env vars  <  experiment YAML  <  CLI flags

Proxy, mirror, API key, path, backend, registry, and hub settings can be overridden at runtime.

Build Stage Variables

These variables are passed as Docker build args during sforge build. They affect image construction but are not baked into the final image.

VariablePurpose
SFORGE_HTTP_PROXYHTTP proxy for Docker build
SFORGE_HTTPS_PROXYHTTPS proxy for Docker build
SFORGE_NO_PROXYAddresses to bypass proxy
SFORGE_PYPI_INDEX_URLPyPI mirror URL (sets PIP_INDEX_URL at build time)
SFORGE_MAVEN_MIRROR_URLMaven repository mirror (sets MAVEN_MIRROR_URL at build time)
SFORGE_GO_PROXYGo module proxy (sets GOPROXY at build time)
SFORGE_APT_MIRROR_URLAPT source mirror (rewrites /etc/apt/sources.list in base image)
SFORGE_GIT_USERGit username for private repos
SFORGE_GIT_TOKENGit access token (injected as BuildKit secret, not stored in image)
SFORGE_EXTRA_HOSTSDNS overrides during build, format: "host1:ip1,host2:ip2"

How build args work

Proxy variables (HTTP_PROXY, HTTPS_PROXY, NO_PROXY) are Docker predefined build args --- they are automatically available to RUN commands but do not persist in the final image layer.

Package mirror variables (PIP_INDEX_URL, GOPROXY, MAVEN_MIRROR_URL) are declared as ARG directives, making them available during RUN but also not persisted.

Run Stage Variables

Used when running agents via sforge run. These are injected as container environment variables.

VariablePurpose
SFORGE_AGENT_API_KEYAPI key passed to the selected agent using that agent's expected env var (ANTHROPIC_AUTH_TOKEN or CODEX_API_KEY)
SFORGE_AGENT_API_BASE_URLAPI base URL override passed through the selected agent's base-url env var when it has one
SFORGE_AGENT_MODELModel override for the agent
SFORGE_AGENT_TIMEOUTAgent timeout in seconds
SFORGE_AGENT_EXTRA_ENVExtra env vars for agent container, format: "KEY1=VAL1,KEY2=VAL2"
SFORGE_HTTP_PROXYHTTP proxy injected into the agent container at run time. Not recommended for normal use; incompatible with --disable-internet.
SFORGE_HTTPS_PROXYHTTPS proxy injected into the agent container at run time. Not recommended for normal use; incompatible with --disable-internet.
SFORGE_NO_PROXYAddresses that bypass the run-time proxy
SFORGE_NODEJS_MIRROR_URLNode.js download mirror (used during agent runtime install)
SFORGE_NPM_REGISTRY_URLNPM registry mirror (sets npm_config_registry in container)
SFORGE_CLAUDE_CACHE_OPTSuppress Claude Code attribution header and dynamic system prompt sections for better caching on third-party proxies. Set to 1 to enable.

Direct run-time proxies

Directly injecting SFORGE_HTTP_PROXY / SFORGE_HTTPS_PROXY into the agent container gives that container proxy-mediated network access. This is useful only for exceptional run-time dependency downloads and is not recommended for LLM API access.

It is also incompatible with network isolation (--disable-internet). If the agent needs to call an LLM API through a corporate proxy while network isolation is enabled, run sforge proxy on the host and point SFORGE_AGENT_API_BASE_URL to http://host.docker.internal:<port> instead.

Judge Variables

VariablePurpose
SFORGE_JUDGE_EXTRA_ENVExtra env vars for judge containers, format: "KEY1=VAL1,KEY2=VAL2"

Resource Limit Variables

VariablePurpose
SFORGE_WORK_CPU_LIMITNumber of CPUs for work containers (e.g., 4)
SFORGE_WORK_MEM_LIMITMemory limit for work containers (e.g., 8g)

Judge CPU/memory limits are currently set through CLI flags (--judge-cpu-limit, --judge-mem-limit) or experiment YAML (judge_cpu_limit, judge_mem_limit), not environment variables.

Container Backend Variables

VariableDefaultPurpose
SFORGE_BACKENDdockerContainer backend: docker or k8s
SFORGE_K8S_NAMESPACEdefaultKubernetes namespace
SFORGE_K8S_IMAGE_REGISTRY---Container registry for K8s image pulls
SFORGE_K8S_KUBECONFIG---Path to kubeconfig file
SFORGE_K8S_NODE_SELECTOR---Node selector for K8s pods, format: "key1=val1,key2=val2"

Path Variables

VariableDefaultPurpose
SFORGE_LOG_DIRlogs/Override log output directory
SFORGE_TASKS_DIRtasks/Override task definitions directory
SFORGE_REGISTRY---Default Docker registry URL for pull/push commands

Proxy Fallback Chain

For proxy variables, SForge checks multiple environment variable names in priority order:

Config FieldEnv vars checked (first match wins)
http_proxySFORGE_HTTP_PROXY > HTTP_PROXY > http_proxy
https_proxySFORGE_HTTPS_PROXY > HTTPS_PROXY > https_proxy
no_proxySFORGE_NO_PROXY > NO_PROXY > no_proxy

This means if you already have HTTP_PROXY set in your shell, SForge will pick it up automatically. Use the SFORGE_ prefix to override without affecting other tools.

Because these proxy values are also injected into work containers during sforge run, unset them when using --disable-internet or use sforge proxy for LLM API forwarding.

Build vs Run Decoupling

Important

Build and Run variables are completely independent. Build-stage variables are only used during docker build --- they are not baked into images. The run stage needs its own configuration.

This means:

  • Setting SFORGE_PYPI_INDEX_URL only affects sforge build (package installation during image construction)
  • Setting SFORGE_AGENT_API_KEY only affects sforge run (agent execution)
  • Proxy settings are read by both build and run stages. Run-time direct proxies are not recommended and do not work with network isolation; use sforge proxy for LLM API access through an upstream proxy.

Example: Full Configuration

bash
# Build stage
export SFORGE_HTTP_PROXY="http://proxy.corp.example:8080"
export SFORGE_HTTPS_PROXY="http://proxy.corp.example:8080"
export SFORGE_PYPI_INDEX_URL="https://mirrors.example.com/pypi/simple/"
export SFORGE_APT_MIRROR_URL="http://mirrors.example.com"
export SFORGE_GO_PROXY="https://goproxy.example.com"

# Run stage
export SFORGE_AGENT_API_KEY="sk-ant-..."
export SFORGE_AGENT_API_BASE_URL="https://api.anthropic.com"
export SFORGE_AGENT_MODEL="claude-sonnet-4-20250514"
export SFORGE_AGENT_TIMEOUT="7200"
export SFORGE_NODEJS_MIRROR_URL="https://mirrors.example.com/nodejs-release/"

# Resource limits
export SFORGE_WORK_CPU_LIMIT="4"
export SFORGE_WORK_MEM_LIMIT="8g"

# Container backend (Kubernetes)
export SFORGE_BACKEND="k8s"
export SFORGE_K8S_NAMESPACE="sforge-runs"
export SFORGE_K8S_IMAGE_REGISTRY="registry.example.com/sforge"