Configuration

AIGovHub CLI can be configured through environment variables, .env files, and command-line options.

Configuration Hierarchy

Configuration is loaded in this order (later overrides earlier):

Built-in defaults
Environment variables
.env file in current directory
Command-line options

Environment Variables

Core Settings

Variable	Description	Default	Valid Values
`AIGOVHUB_CONFIDENCE_THRESHOLD`	Minimum confidence for detection	`0.7`	`0.0` - `1.0`
`AIGOVHUB_USE_LLM_FALLBACK`	Enable LLM for ambiguous cases	`true`	`true`, `false`
`AIGOVHUB_LLM_PROVIDER`	Default LLM provider	`anthropic`	`anthropic`, `openai`, `local`
`AIGOVHUB_DEFAULT_OUTPUT_FILE`	Default output filename	`aigovhub.yaml`	Any valid filename
`AIGOVHUB_DEFAULT_OUTPUT_FORMAT`	Default output format	`yaml`	`yaml`, `json`

LLM Provider API Keys

Variable	Description
`ANTHROPIC_API_KEY`	Anthropic Claude API key
`OPENAI_API_KEY`	OpenAI GPT API key

Path Settings

Variable	Description	Default
`AIGOVHUB_CACHE_DIR`	Cache directory	`~/.cache/aigovhub`

Setting Environment Variables

Linux/macOS

# Temporary (current session)
export ANTHROPIC_API_KEY=sk-ant-...
export AIGOVHUB_CONFIDENCE_THRESHOLD=0.8
 
# Permanent (add to ~/.bashrc or ~/.zshrc)
echo 'export ANTHROPIC_API_KEY=sk-ant-...' >> ~/.bashrc
source ~/.bashrc

Windows (PowerShell)

# Temporary
$env:ANTHROPIC_API_KEY = "sk-ant-..."
$env:AIGOVHUB_CONFIDENCE_THRESHOLD = "0.8"
 
# Permanent
[Environment]::SetEnvironmentVariable("ANTHROPIC_API_KEY", "sk-ant-...", "User")

Windows (Command Prompt)

set ANTHROPIC_API_KEY=sk-ant-...
setx ANTHROPIC_API_KEY "sk-ant-..."

`.env` File

Create a .env file in your project root for project-specific settings:

# .env - AIGovHub Configuration
 
# LLM Settings
AIGOVHUB_LLM_PROVIDER=anthropic
AIGOVHUB_USE_LLM_FALLBACK=true
 
# Detection Settings
AIGOVHUB_CONFIDENCE_THRESHOLD=0.7
 
# API Keys (use environment variables in CI/CD)
ANTHROPIC_API_KEY=sk-ant-api03-...
 
# Output Settings
AIGOVHUB_DEFAULT_OUTPUT_FILE=aigovhub.yaml
AIGOVHUB_DEFAULT_OUTPUT_FORMAT=yaml

Important: Add .env to your .gitignore to avoid committing API keys:

# .gitignore
.env
.env.local

Configuration Examples

High-Confidence Detection

For production environments where false positives are costly:

AIGOVHUB_CONFIDENCE_THRESHOLD=0.9
AIGOVHUB_USE_LLM_FALLBACK=true
AIGOVHUB_LLM_PROVIDER=anthropic

Fast Local Scanning

For development or CI where speed matters:

AIGOVHUB_CONFIDENCE_THRESHOLD=0.7
AIGOVHUB_USE_LLM_FALLBACK=false

Enterprise with Audit Trail

Full logging and strict validation:

AIGOVHUB_CONFIDENCE_THRESHOLD=0.8
AIGOVHUB_USE_LLM_FALLBACK=true
AIGOVHUB_DEFAULT_OUTPUT_FORMAT=yaml

LLM Provider Configuration

Anthropic (Default)

export ANTHROPIC_API_KEY=sk-ant-api03-...
export AIGOVHUB_LLM_PROVIDER=anthropic

AIGovHub uses claude-sonnet-4-20250514 by default.

OpenAI

export OPENAI_API_KEY=sk-...
export AIGOVHUB_LLM_PROVIDER=openai

AIGovHub uses gpt-4o by default.

Disabling LLM

For fully deterministic, offline scanning:

export AIGOVHUB_USE_LLM_FALLBACK=false
# Or use --no-llm flag
aigovhub scan . --no-llm

CI/CD Configuration

GitHub Actions

Use GitHub Secrets for API keys:

env:
  ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
  AIGOVHUB_CONFIDENCE_THRESHOLD: "0.8"
  AIGOVHUB_USE_LLM_FALLBACK: "false"  # Faster CI

GitLab CI

Use CI/CD Variables:

variables:
  AIGOVHUB_CONFIDENCE_THRESHOLD: "0.8"
  AIGOVHUB_USE_LLM_FALLBACK: "false"
 
# Set ANTHROPIC_API_KEY as a masked variable in GitLab settings

Docker

FROM python:3.12-slim
 
# Install aigovhub
RUN pip install aigovhub-cli
 
# Set defaults (API keys should be passed at runtime)
ENV AIGOVHUB_CONFIDENCE_THRESHOLD=0.7
ENV AIGOVHUB_USE_LLM_FALLBACK=false
 
WORKDIR /workspace
ENTRYPOINT ["aigovhub"]

Run with:

docker run -v $(pwd):/workspace \
  -e ANTHROPIC_API_KEY=$ANTHROPIC_API_KEY \
  aigovhub-cli scan .

Confidence Threshold Guide

Threshold	Use Case	Trade-off
`0.5`	Discovery mode	High recall, more false positives
`0.7`	Balanced (default)	Good balance of precision/recall
`0.8`	Conservative	Fewer false positives, may miss some
`0.9`	High confidence only	Only definitive detections
`1.0`	Definitive only	Only ML library dependencies

Validating Configuration

Check your current configuration:

# Show version and basic info
aigovhub --version
 
# Run a dry scan to see what settings are active
aigovhub scan . --dry-run --verbose

Troubleshooting Configuration

API Key Not Found

Error: Anthropic API key not configured

Solution:

Check the variable name: ANTHROPIC_API_KEY (not ANTHROPIC_KEY)
Verify the key is exported: echo $ANTHROPIC_API_KEY
Check .env file location (must be in current directory)

Invalid Confidence Threshold

Error: Confidence must be between 0.0 and 1.0

Solution: Use a decimal value like 0.7, not 70.

LLM Provider Not Found

Error: Unknown LLM provider: claude

Solution: Use valid provider names: anthropic, openai, or local.

Security Best Practices

Never commit API keys to version control
Use .env files only for local development
Use secrets management in CI/CD (GitHub Secrets, GitLab Variables)
Rotate keys regularly according to your security policy
Use least privilege - consider read-only API keys if available

Input Validation

AIGovHub validates all inputs to prevent security issues:

Output format: Only yaml or json are accepted (case-insensitive)
Output paths: Validated to prevent path traversal (../) and symlink attacks
Confidence threshold: Must be between 0.0 and 1.0
LLM responses: JSON is validated with type checking before use
Repository scanning: Symlinks are checked to stay within repository boundary