// Install and configure Kodus self-hosted using Docker Compose. Guides through .env setup, secret generation, service startup, and health verification.
| name | kodus-install |
| description | Install and configure Kodus self-hosted using Docker Compose. Guides through .env setup, secret generation, service startup, and health verification. |
| user-invocable | true |
| disable-model-invocation | true |
You are helping the user install Kodus self-hosted. Follow each phase in order. Be conversational but concise. Always confirm before writing to .env or running scripts.
Run the following checks before anything else:
docker --versiondocker infodocker compose version (fall back to docker-compose version)docker-compose.yml and scripts/install.sh. If not, tell the user to cd into the kodus-installer directory and stop.If any prerequisite fails, explain what is missing and stop. Do not proceed until all pass.
Check if .env exists in the current directory.
If .env does not exist:
.env.example to .env: cp .env.example .envIf .env already exists:
Read the current .env file, then go through each section below. For each variable, check if it already has a non-empty value. If it does, show the current value and ask if they want to keep it or change it. If it is empty, ask for the value.
Use Edit to update variables in .env as the user provides answers. Never rewrite the whole file — only edit specific lines.
| Variable | Description | Default |
|---|---|---|
WEB_PORT | Port for the Kodus web UI | 3000 |
API_WEBHOOKS_PORT | Port for the webhooks service | 3332 |
NEXTAUTH_URL | Full URL where users will access Kodus (e.g. http://localhost:3000 or https://kodus.yourdomain.com) | — |
WEB_HOSTNAME_API | Hostname only (no scheme, no path) where the API is reachable from Git providers for webhooks (e.g. api.yourdomain.com). If running locally without public access, use localhost. | — |
Tip for the user: NEXTAUTH_URL is the browser URL, WEB_HOSTNAME_API is what Git providers use to send webhooks.
Ask: will they use local Docker containers or external databases?
Local (USE_LOCAL_DB=true):
USE_LOCAL_DB=trueAPI_PG_DB_PASSWORD, API_MG_DB_PASSWORD.env.exampleExternal (USE_LOCAL_DB=false):
USE_LOCAL_DB=falseAPI_PG_DB_HOST, API_PG_DB_PORT, API_PG_DB_USERNAME, API_PG_DB_PASSWORD, API_PG_DB_DATABASEAPI_MG_DB_HOST, API_MG_DB_PORT, API_MG_DB_USERNAME, API_MG_DB_PASSWORD, API_MG_DB_DATABASEAsk: local container or external?
Local (USE_LOCAL_RABBITMQ=true):
USE_LOCAL_RABBITMQ=trueRABBITMQ_DEFAULT_USER and RABBITMQ_DEFAULT_PASS (or keep defaults kodus/kodus — warn that defaults are insecure in production)API_RABBITMQ_URI to match: amqp://{user}:{pass}@rabbitmq:5672/kodus-aiExternal (USE_LOCAL_RABBITMQ=false):
USE_LOCAL_RABBITMQ=falseAPI_RABBITMQ_URI (e.g. amqp://user:pass@host:5672/kodus-ai)Ask which LLM provider they want to use. At minimum, API_OPEN_AI_API_KEY or API_LLM_PROVIDER_MODEL needs to be configured for Kodus to perform reviews.
| Variable | Description |
|---|---|
API_OPEN_AI_API_KEY | OpenAI API key |
API_OPENAI_FORCE_BASE_URL | Optional: custom OpenAI-compatible base URL (e.g. Azure, local LLM) |
API_LLM_PROVIDER_MODEL | Optional: override the model (e.g. gpt-4o, claude-3-5-sonnet) |
Also ask about optional review enhancers:
| Variable | Description |
|---|---|
API_MORPHLLM_API_KEY | MorphLLM API key — improves code review quality (optional) |
API_E2B_KEY | E2B API key — enables sandbox code execution during review (optional) |
At least one Git provider must be configured. Ask which provider(s) they use.
For each selected provider, explain the expected webhook URL format and ask the user to fill it in. The URL must start with https:// and use WEB_HOSTNAME_API as the host.
| Provider | Variable | Expected path |
|---|---|---|
| GitHub | API_GITHUB_CODE_MANAGEMENT_WEBHOOK | /github/webhook |
| GitLab | API_GITLAB_CODE_MANAGEMENT_WEBHOOK | /gitlab/webhook |
| Bitbucket | GLOBAL_BITBUCKET_CODE_MANAGEMENT_WEBHOOK | /bitbucket/webhook |
| Azure Repos | GLOBAL_AZURE_REPOS_CODE_MANAGEMENT_WEBHOOK | /azdevops/webhook |
| Forgejo / Gitea | API_FORGEJO_CODE_MANAGEMENT_WEBHOOK | /forgejo/webhook |
Example: if WEB_HOSTNAME_API=api.yourdomain.com, then GitHub webhook = https://api.yourdomain.com/github/webhook
API_MCP_SERVER_ENABLED defaults to false. Ask if they want to enable the MCP manager service.
If yes:
API_MCP_SERVER_ENABLED=trueAPI_KODUS_SERVICE_MCP_MANAGER (e.g. http://kodus-mcp-manager:3101) and API_KODUS_MCP_SERVER_URL (e.g. http://localhost:3001/mcp)API_MCP_MANAGER_COMPOSIO_API_KEY if they want Composio integration (optional)Before installing, run the secrets generator to fill in all cryptographic keys automatically:
bash scripts/generate-secrets.sh
This fills: WEB_NEXTAUTH_SECRET, NEXTAUTH_SECRET, API_CRYPTO_KEY, API_JWT_SECRET, API_JWT_REFRESH_SECRET, CODE_MANAGEMENT_SECRET, CODE_MANAGEMENT_WEBHOOK_TOKEN, API_MCP_MANAGER_ENCRYPTION_SECRET, API_MCP_MANAGER_JWT_SECRET.
Tell the user these are generated securely and do not need to be set manually.
Show the user a summary of the key settings before proceeding:
NEXTAUTH_URLWEB_HOSTNAME_APIAsk for confirmation before starting the install.
Run the install script:
bash scripts/install.sh
Stream the output to the user. If it exits with a non-zero code, show the error and stop. Do not retry automatically — explain what went wrong and suggest fixes based on the error message.
Common errors and fixes:
.env or free the portAfter a successful install, wait ~15 seconds for services to initialize, then run:
bash scripts/doctor.sh
Show the full output. If there are errors:
Schema missing → seeds/migrations didn't run yet; wait a moment and rerun doctordocker compose logs <service> to investigateIf all checks pass, tell the user Kodus is ready and print the access URL:
http://localhost:{WEB_PORT} (or their configured NEXTAUTH_URL).
.env wholesale. Always use targeted edits.install.sh without user confirmation..env.