Configuration-gated integrations
Settings
Model Providers (BYO)
Selected provider: codex. Only Codex edits the repo directly; OpenRouter, OpenAI-compatible, and Ollama return strict JSON plans that PatchPilot applies itself. Required env shows names only, never secret values.
| Provider | Status | Applies via | Model edits repo | Required env |
|---|---|---|---|---|
| Codex CLI (workspace editor) ★ | unavailable | codex-workspace-edit | yes | CODEX_BIN, CODEX_ENABLED |
| OpenRouter (plan advisor) | not_configured | patchpilot-applies-plan | no | PATCHPILOT_LLM_API_KEY, PATCHPILOT_AGENT_MODEL |
| OpenAI-compatible (plan advisor) | not_configured | patchpilot-applies-plan | no | PATCHPILOT_LLM_BASE_URL, PATCHPILOT_LLM_API_KEY, PATCHPILOT_AGENT_MODEL |
| Anthropic Claude (plan advisor) | not_configured | patchpilot-applies-plan | no | PATCHPILOT_ANTHROPIC_API_KEY, PATCHPILOT_AGENT_MODEL |
| Grok / xAI (plan advisor) | not_configured | patchpilot-applies-plan | no | PATCHPILOT_GROK_API_KEY, PATCHPILOT_AGENT_MODEL |
| Ollama / local (plan advisor) | configured | patchpilot-applies-plan | no | PATCHPILOT_LLM_BASE_URL, PATCHPILOT_AGENT_MODEL |
| Deterministic npm fixer | configured | patchpilot-deterministic | no | · |
| Integration | Status | Message | Required env |
|---|---|---|---|
| Local database | available | Using file-backed local persistence at /tmp/patchpilot-demo.db.json | · |
| GitHub | not_configured | Set GITHUB_TOKEN to validate repos and create PRs. | GITHUB_TOKEN |
| OSV API | configured | Using https://api.osv.dev/v1/querybatch for fallback scans. | · |
| OSV-Scanner CLI | unavailable | Install osv-scanner for lockfile-accurate recursive scans. | · |
| EPSS | configured | Using https://api.first.org/data/v1/epss when CVEs exist. | · |
| CISA KEV | configured | Using CISA KEV JSON feed for active exploitation enrichment. | · |
| Codex CLI | unavailable | Install/authenticate Codex CLI or set CODEX_BIN. | · |
| OpenAI SDK | not_configured | Set OPENAI_API_KEY to use the OpenAI SDK remediation-plan adapter. | OPENAI_API_KEY |
| Vercel AI SDK | not_configured | Set AI_GATEWAY_API_KEY or VERCEL_OIDC_TOKEN to use AI SDK provider/model routing. | AI_GATEWAY_API_KEY, VERCEL_OIDC_TOKEN |
| Telegram | not_configured | Set TELEGRAM_BOT_TOKEN, TELEGRAM_ALLOWED_CHAT_IDS, and APPROVAL_HMAC_SECRET. | TELEGRAM_BOT_TOKEN, TELEGRAM_ALLOWED_CHAT_IDS, APPROVAL_HMAC_SECRET |
| Vercel | not_configured | Set VERCEL_TOKEN for real deployment API lookups; local .vercel mapping still works. | VERCEL_TOKEN |
| OpenClaw | not_configured | OpenClaw is optional. Enable with OPENCLAW_ENABLED=true and install the OpenClaw CLI. | · |
| SBOM | unavailable | Install Syft or set SYFT_BIN for real SBOM generation. | · |
| Local roots | not_configured | Set PATCHPILOT_LOCAL_ROOTS before adding local folders. | · |
Agent Adapters
| Adapter | Status | Workspace edits | Message |
|---|---|---|---|
| Codex CLI | configured | yes | Uses authenticated Codex CLI/subscription flow where available; only adapter allowed to edit workspaces directly. |
| OpenAI SDK | not_configured | plan only | Set OPENAI_API_KEY to use the OpenAI SDK plan adapter. |
| Vercel AI SDK / AI Gateway | not_configured | plan only | Set AI_GATEWAY_API_KEY or VERCEL_OIDC_TOKEN to use AI Gateway without provider-specific keys. |
| Deterministic npm fixer | configured | yes | Updates direct npm dependencies to known fixed versions and validates in a disposable workspace. |
| Manual remediation | configured | plan only | Always available; creates a human-readable remediation plan only. |