Configuration reference
Guard configuration lives at three layers:
- Repository file —
molar-guard.config.ts(optional; plug-and-play works without it) - Scenario frontmatter —
.molar/scenarios/*.molar.mdYAML headers - Platform settings — dashboard + environment variables on the Guard API/worker
molar-guard.config.ts
The single optional config file in your repository root. If absent, Guard uses defaults (Playwright discovery, advisory mode, no Clones).
Supported filenames: molar-guard.config.ts, .js, .mjs, .cjs
Full example
const config = {
// Source adapter: auto | playwright | molar-md | glob
source: "molar-md",
// Glob patterns when source = "glob"
globPatterns: ["tests/e2e/**/*.spec.ts"],
// Override Playwright command
testCommand: "npx playwright test --project=chromium",
// App URL per environment
baseUrl: {
manual: process.env.BASE_URL ?? "http://localhost:3200",
pr: process.env.PREVIEW_URL ?? "http://localhost:3200",
schedule: process.env.STAGING_URL ?? "https://staging.example.com",
},
// Start app with clone env injected (Playwright webServer)
webServerCommand: "pnpm dev",
webServerPort: 3200,
// Clones integration (off by default for plug-and-play)
clones: { enabled: true },
// Mender behavior
mender: {
mode: "suggestive", // off | suggestive | aggressive
forbiddenPaths: [
"app/api/auth/**",
"**/payment*",
"**/security*",
"migrations/**",
"**/.env*",
"infra/**",
],
},
// PR check blocks merge when true
required: false,
};
export default config;
Field reference
| Field | Type | Default | Description |
|---|---|---|---|
source | "auto" | "playwright" | "molar-md" | "glob" | "auto" | How scenarios are discovered |
globPatterns | string[] | — | Patterns for glob adapter |
testCommand | string | npx playwright test | Test runner invocation |
baseUrl.manual | string | — | URL for CLI run |
baseUrl.pr | string | PREVIEW_URL env | URL for PR runs |
baseUrl.schedule | string | — | URL for production schedules |
webServerCommand | string | — | Command to start app (inherits clone env) |
webServerPort | number | 3200 | Port for webServer health check |
clones.enabled | boolean | false | Spawn/use Clones on runs |
mender.mode | "off" | "suggestive" | "aggressive" | "suggestive" | Mender automation level |
mender.forbiddenPaths | string[] | payment/auth/security defaults | Glob patterns Mender will not patch |
required | boolean | false | Required vs advisory PR check |
Per-repo overrides can also be set in the dashboard: Settings → Repositories.
Scenario frontmatter (.molar.md)
When using the molar-md source adapter:
---
id: stripe-subscription-upgrade
title: Stripe subscription upgrade
tags: [billing, stripe, critical]
schedule: "*/5 * * * *"
regions: [us-east-1, eu-west-1]
shadow_prod: true
cache: default # default | never
timeout: 120000 # ms
mender_mode: suggestive # off | suggestive | aggressive
clones: [stripe, email]
destructive: false
---
| Field | Description |
|---|---|
id | Stable slug; used in schedules and Mender branch names |
schedule | Cron for production monitoring |
regions | Where scheduled runs execute |
shadow_prod | Enable shadow-prod diff |
cache | never forces re-run on every PR |
mender_mode | Override repo-level Mender mode |
clones | Clone kinds to spawn (stripe, twilio, email, auth, s3) |
Executable test: colocated .spec.ts (hand-written or Cartographer-generated).
GitHub Action inputs
See GitHub App setup.
Environment variables (self-hosted)
API (apps/api)
| Variable | Required | Description |
|---|---|---|
DATABASE_URL | yes | Postgres connection string |
REDIS_URL | yes | Redis/Valkey for BullMQ + SSE |
GH_APP_ID | for GitHub App | GitHub App ID |
GH_APP_PRIVATE_KEY | for GitHub App | PEM private key (or GH_APP_PRIVATE_KEY_SECRET_ID) |
GH_WEBHOOK_SECRET | for GitHub App | Webhook HMAC secret |
GH_OAUTH_CLIENT_ID | optional | GitHub OAuth for install flow |
GH_OAUTH_CLIENT_SECRET | optional | GitHub OAuth secret |
ARTIFACTS_S3_ENDPOINT | yes | S3-compatible artifact storage |
ARTIFACTS_S3_BUCKET | yes | Bucket name |
MOLAR_GUARD_REGION | yes | Worker region (us-east-1, etc.) |
MOLAR_CLONES_ROOT | optional | Path to molar-clones for local clone binaries |
MOLAR_LLM_BASE_URL | optional | LiteLLM / gateway for Mender |
BETTER_AUTH_SECRET | yes | Session signing |
BETTER_AUTH_URL | yes | Dashboard URL for auth callbacks |
Dashboard (apps/dashboard)
| Variable | Description |
|---|---|
BETTER_AUTH_URL | Standalone: http://localhost:3000; combined: https://app.molar.it |
GUARD_API_URL | Fastify API base (http://localhost:4000) |
PLUMBING_DASHBOARD_URL | Combined mode redirect target |
GUARD_DASHBOARD_TARGET | legacy | platform |
Worker (apps/worker)
| Variable | Description |
|---|---|
MOLAR_GUARD_REGION | Region this worker pool serves |
WORKER_CONCURRENCY_PR | PR queue concurrency (plan-tier capped) |
WORKER_CONCURRENCY_SCHEDULE | Schedule queue concurrency |
MENDER_MONTHLY_BUDGET_CENTS | Per-org Mender spend cap override |
Alert policy JSON
On scheduled_checks.alert_policy:
{
"consecutiveFailures": 2,
"failureRateThreshold": 0.5,
"failureRateWindowSecs": 1800,
"latencyP99ThresholdMs": 30000,
"slackWebhookUrl": "https://hooks.slack.com/services/…",
"pagerDutyRoutingKey": "…",
"webhookUrl": "https://your-oncall.example.com/alerts"
}
Usage limits
Parallel workers, concurrent PRs, regions, and Mender budgets are enforced per organization. Limits are shown in Settings → Billing on app.molar.it — this documentation does not publish tier tables.
When a limit is exceeded, the API returns 429 Quota Exceeded with resource, limit, and used fields.
Docker Compose (local)
docker compose up -d postgres redis seaweedfs
Services: Postgres 17, Redis 7 (Valkey-compatible), SeaweedFS (S3-compatible artifacts).
Independence defaults
When no molar-guard.config.ts and no .molar.md:
- Source adapter:
playwright - Clones: disabled
- Mender: off (hosted) or suggestive (if enabled in org settings)
- Required check: advisory
MOLAR_DESTRUCTIVE_ALLOWnever set in PR context when Clones enabled
Next
- Quick start — apply config locally
- Security — secrets management
- Webhooks & API — programmatic schedule CRUD