---
url: /en/build/build-in-env.md
---
`Cloud Native Build` includes some built-in default environment variables. These variables are read-only and cannot be overwritten, even if you try to override them during the build.

The following `merge-related events` include:

* `pull_request`
* `pull_request.update`
* `pull_request.target`
* `pull_request.approved`
* `pull_request.changes_requested`
* `pull_request.mergeable`
* `pull_request.merged`
* `pull_request.comment`

Learn more about [trigger events](./trigger-rule.md#trigger-event).

## Basic Variables

### Variable Overview

| Variable Name | Description |
|---------------|-------------|
| [CI](#ci) | CI identifier, value is `true` |
| [CNB](#cnb) | CNB identifier, value is `true` |
| [CNB\_WEB\_PROTOCOL](#cnb_web_protocol) | Protocol used by Web |
| [CNB\_WEB\_HOST](#cnb_web_host) | HOST used by Web |
| [CNB\_WEB\_ENDPOINT](#cnb_web_endpoint) | Complete Web address |
| [CNB\_API\_ENDPOINT](#cnb_api_endpoint) | Complete API address |
| [CNB\_GROUP\_SLUG](#cnb_group_slug) | Repository organization path |
| [CNB\_GROUP\_SLUG\_LOWERCASE](#cnb_group_slug_lowercase) | Organization path in lowercase format |
| [CNB\_EVENT](#cnb_event) | Event name that triggered the build |
| [CNB\_EVENT\_URL](#cnb_event_url) | Event-related link |
| [CNB\_BRANCH](#cnb_branch) | Branch name or Tag name |
| [CNB\_BRANCH\_SHA](#cnb_branch_sha) | SHA of the latest commit on the branch |
| [CNB\_DEFAULT\_BRANCH](#cnb_default_branch) | Repository default branch |
| [CNB\_TOKEN\_USER\_NAME](#cnb_token_user_name) | Username corresponding to the temporary token |
| [CNB\_TOKEN](#cnb_token) | Temporary token used during pipeline execution |
| [TWINE\_USERNAME](#twine_username) | PyPI artifact repository username |
| [TWINE\_PASSWORD](#twine_password) | PyPI artifact repository password |
| [CNB\_TOKEN\_FOR\_AI](#cnb_token_for_ai) | AI identity token |
| [CNB\_IS\_CRONEVENT](#cnb_is_cronevent) | Whether the event is a scheduled task |
| [CNB\_DOCKER\_REGISTRY](#cnb_docker_registry) | Artifact repository Docker registry address |
| [CNB\_DOCKER\_MODEL\_REGISTRY](#cnb_docker_model_registry) | Artifact repository Docker Model registry address |
| [CNB\_HELM\_REGISTRY](#cnb_helm_registry) | Artifact repository Helm registry address |
| [CNB\_HAS\_LFS\_FILES](#cnb_has_lfs_files) | Whether LFS files exist |

### CI

Value is `true`, used to identify the current environment as a CI environment.

### CNB

Value is `true`, used to identify the current environment as a CNB build environment.

### CNB\_WEB\_PROTOCOL

Current protocol used by Web, value is `http` or `https`.

### CNB\_WEB\_HOST

Current HOST used by Web.

### CNB\_WEB\_ENDPOINT

Complete Web address including protocol, HOST, and path (if any).

### CNB\_API\_ENDPOINT

Complete API address including protocol, HOST, and path (if any).

Can be used with `CNB_TOKEN` to call API interfaces in CI.

### CNB\_GROUP\_SLUG

Repository organization path.

### CNB\_GROUP\_SLUG\_LOWERCASE

Lowercase format of the repository organization path.

### CNB\_EVENT

Value is the event name that triggered the build.

See [events](./trigger-rule.md#trigger-event) for event types.

### CNB\_EVENT\_URL

Event-related link, value rules are as follows:

| Trigger Event | Variable Value |
|--------------|----------------|
| Merge-related events | PR link |
| Issue-related events | Issue link |
| Other events | [CNB\_COMMIT](#cnb_commit) link |

### CNB\_BRANCH

Branch name or Tag name, value rules are as follows:

| Trigger Event | Variable Value |
|--------------|----------------|
| Merge-related events | Target branch name |
| Tag-related events | Tag name |
| Other events | Corresponding branch name |

### CNB\_BRANCH\_SHA

SHA of the latest commit on the branch, value rules are as follows:

| Trigger Event | Variable Value |
|--------------|----------------|
| `branch.delete` | No value |
| Other events | SHA of the latest commit on `CNB_BRANCH` |

### CNB\_DEFAULT\_BRANCH

Repository default branch.

### CNB\_TOKEN\_USER\_NAME

Username corresponding to the user temporary token, fixed as `cnb`.

### CNB\_TOKEN

Temporary token used by users during pipeline execution. It is automatically destroyed after the pipeline completes. This token can be used for pulling and pushing code and artifacts, as well as for API calls.

#### Permission Assignment

Permission assignment depends on the type of event that triggers the pipeline and can be broadly divided into the following three categories:

* NPC events with work mode enabled
* NPC events without work mode enabled, or other untrusted events (see [Untrusted Events](./trigger-rule.md#untrusted-events))
* Other trusted events

**NPC Events with Work Mode Enabled**:

| Permission Item | Description |
|----------------|-------------|
| `repo-code:rw` | Code read and write |
| `repo-pr:rw` | PR read and write |
| `repo-issue:rw` | Issue read and write |
| `repo-notes:rw` | Comments read and write |
| `repo-contents:rw` | Contents read and write |
| `repo-basic-info:r` | Basic info read-only |
| `account-profile:r` | User info read-only |
| `account-engage:r` | User followed repositories and followers read-only |
| `registry-package:rw` | Artifact read and write |
| `repo-cnb-trigger:rw` | Trigger read and write |
| `repo-cnb-history:r` | Build history read-only |
| `repo-cnb-detail:r` | Build details read-only |

**NPC Events without Work Mode Enabled or Other Untrusted Events**:

| Permission Item | Description |
|----------------|-------------|
| `repo-code:r` | Code read-only |
| `repo-pr:r` | PR read-only |
| `repo-issue:r` | Issue read-only |
| `repo-notes:rw` | Comments read and write |
| `repo-contents:r` | Contents read-only |
| `registry-package:r` | Artifact repository read-only |
| `account-profile:r` | User info read-only |

**Other Trusted Events**:

| Permission Item | Description |
|----------------|-------------|
| `repo-code:rw` | Code read and write |
| `repo-pr:rw` | PR read and write |
| `repo-issue:rw` | Issue read and write |
| `repo-notes:rw` | Comments read and write |
| `repo-contents:rw` | Contents read and write |
| `registry-package:rw` | Artifact repository read and write |
| `repo-cnb-trigger:rw` | Trigger read and write |
| `repo-cnb-history:r` | Build history read-only |
| `repo-cnb-detail:r` | Build details read-only |
| `repo-basic-info:r` | Basic info, read-only |
| `repo-manage:r` | Repository management read-only |
| `account-profile:r` | User info read-only |
| `account-engage:r` | User followed repositories and followers read-only |
| `group-resource:r` | Organization resources read-only |

#### Permission Description

For specific permission meanings, refer to the **Access Tokens** section on the **Personal Settings** page.

#### Security Restrictions

* For pipelines in public repositories, this token is restricted to **public repositories/artifact repositories only**.
* For pipelines in forked repositories, this token is restricted to the **current repository**.
* For NPC events outside cross-repository PR scenarios, this token is restricted to the **current repository**.

### TWINE\_USERNAME

PyPI artifact repository username, same as `CNB_TOKEN_USER_NAME`.

### TWINE\_PASSWORD

PyPI artifact repository password, same as `CNB_TOKEN`.

### CNB\_TOKEN\_FOR\_AI

User token used to identify the caller as AI, with permissions and scope exactly the same as `CNB_TOKEN`.

**Only supported for the following event types**, calls outside this scope are invalid:

* Merge-related events: such as events triggered by PR creation, merge, etc.
* Issue lifecycle events: `issue.open` (create), `issue.close` (close)

Usage Scenario Example:

When posting AI-generated comments in a Pull Request (PR), this token can be used to call the **OpenAPI interface for posting comments**. After a successful call, an AI marker will be displayed on the page to indicate the comment was generated by AI.

### CNB\_IS\_CRONEVENT

Whether the event is a scheduled task.

### CNB\_DOCKER\_REGISTRY

Artifact repository Docker registry address.

### CNB\_DOCKER\_MODEL\_REGISTRY

Artifact repository Docker model registry address.

### CNB\_HELM\_REGISTRY

Artifact repository Helm registry address.

### CNB\_HAS\_LFS\_FILES

Whether there are LFS files.

:::: tip
If the repository has removed all LFS files, this variable may still be `true` until Git GC runs.
::::

## Commit Variables

### Commit Variable Overview

| Variable Name | Description |
|---------------|-------------|
| [CNB\_BEFORE\_SHA](#cnb_before_sha) | SHA of the latest commit before branch push |
| [CNB\_COMMIT](#cnb_commit) | Code SHA corresponding to the build |
| [CNB\_COMMIT\_SHORT](#cnb_commit_short) | First 8 characters of CNB\_COMMIT |
| [CNB\_COMMIT\_MESSAGE](#cnb_commit_message) | Commit message |
| [CNB\_COMMIT\_MESSAGE\_TITLE](#cnb_commit_message_title) | Commit message title |
| [CNB\_COMMITTER](#cnb_committer) | Committer |
| [CNB\_COMMITTER\_EMAIL](#cnb_committer_email) | Committer email |
| [CNB\_NEW\_COMMITS\_COUNT](#cnb_new_commits_count) | Number of new commits |
| [CNB\_IS\_TAG](#cnb_is_tag) | Whether it's a Tag build |
| [CNB\_TAG\_MESSAGE](#cnb_tag_message) | Tag message |
| [CNB\_TAG\_RELEASE\_TITLE](#cnb_tag_release_title) | Release title |
| [CNB\_TAG\_RELEASE\_DESC](#cnb_tag_release_desc) | Release description |
| [CNB\_TAG\_IS\_RELEASE](#cnb_tag_is_release) | Whether Tag has corresponding Release |
| [CNB\_TAG\_IS\_PRE\_RELEASE](#cnb_tag_is_pre_release) | Whether it's a pre-release Release |
| [CNB\_IS\_NEW\_BRANCH](#cnb_is_new_branch) | Whether it's a newly created branch |
| [CNB\_IS\_NEW\_BRANCH\_WITH\_UPDATE](#cnb_is_new_branch_with_update) | Whether it's a new branch with new commits |

### CNB\_BEFORE\_SHA

SHA of the latest commit on that branch in the remote repository before the branch was pushed.

**Value Rules**:

| Trigger Event | Variable Value |
|--------------|----------------|
| `push`, `commit.add` | SHA of the latest commit before branch push |
| New branch creation | `0000000000000000000000000000000000000000` |
| `branch.create` | `0000000000000000000000000000000000000000` |

### CNB\_COMMIT

Code SHA corresponding to the build.

**Value Rules**:

| Trigger Event | Variable Value |
|--------------|----------------|
| `push`, `commit.add`, `branch.create` | SHA of the latest commit |
| `tag_push`, `tag_deploy.*` | SHA of the latest commit on that Tag |
| `auto_tag`, `branch.delete`, `issue.*`, NPC events | SHA of the latest commit on the main branch |
| `pull_request.merged` | SHA after merge |
| `pull_request.target`, `pull_request.mergeable` | SHA of the latest commit on the target branch |
| `pull_request`, `pull_request.approved`, `pull_request.changes_requested`, `pull_request.comment` | SHA of the latest commit on the source branch |
| Workspaces, custom events | SHA of the latest commit on the specified branch |

::: tip
For `pull_request` and similar events, the code hasn't actually been merged yet, so it takes the SHA of the latest commit on the source branch. However, during the build, a pre-merge will be performed, meaning the merged content will be used as the final result.
:::

### CNB\_COMMIT\_SHORT

Abbreviation of `CNB_COMMIT`, taking its first 8 characters.

### CNB\_COMMIT\_MESSAGE

Commit message corresponding to `CNB_COMMIT`.

### CNB\_COMMIT\_MESSAGE\_TITLE

The `title` part of `CNB_COMMIT_MESSAGE`, i.e., the first line.

### CNB\_COMMITTER

Committer corresponding to `CNB_COMMIT`.

### CNB\_COMMITTER\_EMAIL

Email corresponding to `CNB_COMMITTER`.

### CNB\_NEW\_COMMITS\_COUNT

For builds triggered by `commit.add`, the value is the number of new Commits.

Can be combined with `git log -n` to view the new Commits.

### CNB\_IS\_TAG

For builds where the branch is a Tag, the value is `true`.

### CNB\_TAG\_MESSAGE

Tag message.

### CNB\_TAG\_RELEASE\_TITLE

Release title.

### CNB\_TAG\_RELEASE\_DESC

Release description.

### CNB\_TAG\_IS\_RELEASE

Whether the Tag has a corresponding Release.

**Value Rules**:

| Condition | Variable Value |
|-----------|----------------|
| Branch is Tag and has corresponding Release | `true` |
| Other cases | `false` |

### CNB\_TAG\_IS\_PRE\_RELEASE

Whether it's a pre-release Release.

**Value Rules**:

| Condition | Variable Value |
|-----------|----------------|
| Branch is Tag, has corresponding Release, and is pre-release | `true` |
| Other cases | `false` |

### CNB\_IS\_NEW\_BRANCH

Whether the current branch belongs to a newly created branch, default is `false`.

### CNB\_IS\_NEW\_BRANCH\_WITH\_UPDATE

Whether the current branch belongs to a newly created branch and has new commits, default is `false`.

## Repository Variables

### Repository Variable Overview

| Variable Name | Description |
|---------------|-------------|
| [CNB\_REPO\_SLUG](#cnb_repo_slug) | Repository path |
| [CNB\_REPO\_SLUG\_LOWERCASE](#cnb_repo_slug_lowercase) | Repository path in lowercase format |
| [CNB\_REPO\_NAME](#cnb_repo_name) | Repository name |
| [CNB\_REPO\_NAME\_LOWERCASE](#cnb_repo_name_lowercase) | Repository name in lowercase format |
| [CNB\_REPO\_ID](#cnb_repo_id) | Repository ID |
| [CNB\_REPO\_URL\_HTTPS](#cnb_repo_url_https) | Repository HTTPS address |

### CNB\_REPO\_SLUG

Target repository path in format `group_slug/repo_name` or `group_slug/sub_group_slug/.../repo_name`.

### CNB\_REPO\_SLUG\_LOWERCASE

Lowercase format of the target repository path.

### CNB\_REPO\_NAME

Target repository name.

### CNB\_REPO\_NAME\_LOWERCASE

Lowercase format of the target repository name.

### CNB\_REPO\_ID

Target repository ID.

### CNB\_REPO\_URL\_HTTPS

HTTPS address of the target repository.

### CNB\_FORK\_FROM\_REPO\_SLUG

Path to the source repository of the forked repository.

## Build Variables

### Build Variable Overview

| Variable Name | Description |
|---------------|-------------|
| [CNB\_BUILD\_ID](#cnb_build_id) | Build serial number |
| [CNB\_BUILD\_WEB\_URL](#cnb_build_web_url) | Build log address |
| [CNB\_BUILD\_START\_TIME](#cnb_build_start_time) | Build start time |
| [CNB\_BUILD\_USER](#cnb_build_user) | Trigger username |
| [CNB\_BUILD\_USER\_NICKNAME](#cnb_build_user_nickname) | Trigger nickname |
| [CNB\_BUILD\_USER\_EMAIL](#cnb_build_user_email) | Trigger email |
| [CNB\_BUILD\_USER\_ID](#cnb_build_user_id) | Trigger ID |
| [CNB\_BUILD\_USER\_NPC\_SLUG](#cnb_build_user_npc_slug) | NPC repository path |
| [CNB\_BUILD\_USER\_NPC\_NAME](#cnb_build_user_npc_name) | NPC role name |
| [CNB\_BUILD\_STAGE\_NAME](#cnb_build_stage_name) | Stage name |
| [CNB\_BUILD\_JOB\_NAME](#cnb_build_job_name) | Job name |
| [CNB\_BUILD\_JOB\_KEY](#cnb_build_job_key) | Job Key |
| [CNB\_BUILD\_WORKSPACE](#cnb_build_workspace) | Workspace root directory |
| [CNB\_BUILD\_FAILED\_MSG](#cnb_build_failed_msg) | Build failure error message |
| [CNB\_BUILD\_FAILED\_STAGE\_NAME](#cnb_build_failed_stage_name) | Failed Stage name |
| [CNB\_PIPELINE\_NAME](#cnb_pipeline_name) | Pipeline name |
| [CNB\_PIPELINE\_KEY](#cnb_pipeline_key) | Pipeline Key |
| [CNB\_PIPELINE\_ID](#cnb_pipeline_id) | Pipeline ID |
| [CNB\_PIPELINE\_DOCKER\_IMAGE](#cnb_pipeline_docker_image) | Pipeline Docker image |
| [CNB\_PIPELINE\_STATUS](#cnb_pipeline_status) | Pipeline build status |
| [CNB\_PIPELINE\_MAX\_RUN\_TIME](#cnb_pipeline_max_run_time) | Pipeline maximum run time |
| [CNB\_RUNNER\_IP](#cnb_runner_ip) | Runner IP |
| [CNB\_CPUS](#cnb_cpus) | Available CPU cores |
| [CNB\_MEMORY](#cnb_memory) | Available memory size |
| [CNB\_IS\_RETRY](#cnb_is_retry) | Whether triggered by rebuild |
| [HUSKY\_SKIP\_INSTALL](#husky_skip_install) | Husky compatibility identifier |

### CNB\_BUILD\_ID

Current build serial number, globally unique.

### CNB\_BUILD\_WEB\_URL

Current build log address.

### CNB\_BUILD\_START\_TIME

Current build start time in UTC format, example `2025-08-21T09:13:45.803Z`.

### CNB\_BUILD\_USER

Current build trigger username.

### CNB\_BUILD\_USER\_NICKNAME

Current build trigger nickname.

### CNB\_BUILD\_USER\_EMAIL

Current build trigger email.

### CNB\_BUILD\_USER\_ID

Current build trigger ID.

### CNB\_BUILD\_USER\_NPC\_SLUG

If the current build is triggered by an NPC, this is the repository path to which the NPC belongs.

### CNB\_BUILD\_USER\_NPC\_NAME

If the current build is triggered by an NPC, this is the NPC role name.

### CNB\_BUILD\_STAGE\_NAME

Current build Stage name.

### CNB\_BUILD\_JOB\_NAME

Current build Job name.

### CNB\_BUILD\_JOB\_KEY

Current build Job Key, unique within the same Stage.

### CNB\_BUILD\_WORKSPACE

Custom Shell script execution workspace root directory.

### CNB\_BUILD\_FAILED\_MSG

Pipeline build failure error message, can be used in `failStages`.

### CNB\_BUILD\_FAILED\_STAGE\_NAME

Pipeline build failure Stage name, can be used in `failStages`.

### CNB\_PIPELINE\_NAME

Current Pipeline name, empty if not declared.

### CNB\_PIPELINE\_KEY

Current Pipeline index Key, e.g., `pipeline-0`.

### CNB\_PIPELINE\_ID

Current Pipeline ID, globally unique string.

### CNB\_PIPELINE\_DOCKER\_IMAGE

Docker image used by the current Pipeline, e.g., `alpine:latest`.

### CNB\_PIPELINE\_STATUS

Current pipeline build status, can be viewed in `endStages`.

**Possible Values**:

| Status Value | Description |
|-------------|-------------|
| `success` | Pipeline build completed successfully |
| `error` | Error occurred during pipeline build |
| `cancel` | Pipeline build was canceled |

### CNB\_PIPELINE\_MAX\_RUN\_TIME

Pipeline maximum run time in milliseconds.

### CNB\_RUNNER\_IP

IP of the Runner where the current Pipeline is located.

### CNB\_CPUS

Maximum CPU cores available for the current build pipeline.

### CNB\_MEMORY

Maximum memory size available for the current build pipeline, in GiB.

### CNB\_IS\_RETRY

Whether the current build was triggered by `rebuild`.

### HUSKY\_SKIP\_INSTALL

Husky compatibility in CI environment.

## Merge-Related Variables

### Merge-Related Variable Overview

| Variable Name | Description |
|---------------|-------------|
| [CNB\_PULL\_REQUEST](#cnb_pull_request) | Whether triggered by PR |
| [CNB\_PULL\_REQUEST\_LIKE](#cnb_pull_request_like) | Whether triggered by merge-related events |
| [CNB\_PULL\_REQUEST\_PROPOSER](#cnb_pull_request_proposer) | PR proposer |
| [CNB\_PULL\_REQUEST\_TITLE](#cnb_pull_request_title) | PR title |
| [CNB\_PULL\_REQUEST\_DESCRIPTION](#cnb_pull_request_description) | PR description |
| [CNB\_PULL\_REQUEST\_BRANCH](#cnb_pull_request_branch) | PR source branch name |
| [CNB\_PULL\_REQUEST\_SHA](#cnb_pull_request_sha) | PR source branch latest SHA |
| [CNB\_PULL\_REQUEST\_TARGET\_SHA](#cnb_pull_request_target_sha) | PR target branch latest SHA |
| [CNB\_PULL\_REQUEST\_MERGE\_SHA](#cnb_pull_request_merge_sha) | PR merged SHA |
| [CNB\_PULL\_REQUEST\_SLUG](#cnb_pull_request_slug) | Source repository Slug |
| [CNB\_PULL\_REQUEST\_ACTION](#cnb_pull_request_action) | PR operation type |
| [CNB\_PULL\_REQUEST\_ID](#cnb_pull_request_id) | PR globally unique ID |
| [CNB\_PULL\_REQUEST\_IID](#cnb_pull_request_iid) | PR repository number |
| [CNB\_PULL\_REQUEST\_REVIEWERS](#cnb_pull_request_reviewers) | Reviewer list |
| [CNB\_PULL\_REQUEST\_REVIEW\_STATE](#cnb_pull_request_review_state) | Review status |
| [CNB\_REVIEW\_REVIEWED\_BY](#cnb_review_reviewed_by) | Approved reviewer list |
| [CNB\_REVIEW\_LAST\_REVIEWED\_BY](#cnb_review_last_reviewed_by) | Last approved reviewer |
| [CNB\_PULL\_REQUEST\_IS\_WIP](#cnb_pull_request_is_wip) | Whether PR is WIP |

### CNB\_PULL\_REQUEST

Whether triggered by PR.

**Value Rules**:

| Trigger Event | Variable Value |
|--------------|----------------|
| `pull_request`, `pull_request.update`, `pull_request.target` | `true` |
| Other events | `false` |

### CNB\_PULL\_REQUEST\_LIKE

Whether triggered by merge-related events.

**Value Rules**:

| Trigger Event | Variable Value |
|--------------|----------------|
| Merge-related events | `true` |
| Other events | `false` |

### CNB\_PULL\_REQUEST\_PROPOSER

PR proposer name.

### CNB\_PULL\_REQUEST\_TITLE

PR title.

### CNB\_PULL\_REQUEST\_DESCRIPTION

PR description.

### CNB\_PULL\_REQUEST\_BRANCH

PR source branch name.

### CNB\_PULL\_REQUEST\_SHA

SHA of the latest commit on the PR source branch.

### CNB\_PULL\_REQUEST\_TARGET\_SHA

SHA of the latest commit on the PR target branch.

### CNB\_PULL\_REQUEST\_MERGE\_SHA

SHA after PR merge.

**Value Rules**:

| Trigger Event | Variable Value |
|--------------|----------------|
| `pull_request.merged` | SHA after PR merge |
| `pull_request`, `pull_request.update`, `pull_request.target`, `pull_request.mergeable`, `pull_request.comment` | SHA after PR pre-merge |
| Other events | No value |

### CNB\_PULL\_REQUEST\_SLUG

Source repository path for merge-related events, in format `group_slug/repo_name` or `group_slug/sub_group_slug/.../repo_name`.

### CNB\_PULL\_REQUEST\_ACTION

PR operation type.

**Possible Values**:

| Value | Description |
|-------|-------------|
| `opened` | New PR created |
| `edited` | PR edited |
| `synchronize` | Source branch push |
| `submitted` | Review submitted |
| `ready_for_merge` | PR becomes mergeable when review approved or CI status changes |

### CNB\_PULL\_REQUEST\_ID

PR globally unique ID.

### CNB\_PULL\_REQUEST\_IID

PR number IID in the repository.

### CNB\_PULL\_REQUEST\_REVIEWERS

Reviewer list, multiple separated by `,`.

### CNB\_PULL\_REQUEST\_REVIEW\_STATE

Review status.

**Value Rules**:

| Condition | Variable Value |
|-----------|----------------|
| Has reviewers and someone approved | `approve` |
| Has reviewers but no one approved | `unapprove` |
| Other cases | No value |

### CNB\_REVIEW\_REVIEWED\_BY

List of approved reviewers, multiple separated by `,`.

### CNB\_REVIEW\_LAST\_REVIEWED\_BY

Last approved reviewer.

### CNB\_PULL\_REQUEST\_IS\_WIP

Whether the PR is set to WIP.

**Value Rules**:

| Trigger Event | Variable Value |
|--------------|----------------|
| Merge-related events | `true` or `false` |
| Other events | No value |

## Workspaces Variables

### Workspaces Variable Overview

| Variable Name | Description |
|---------------|-------------|
| [CNB\_VSCODE\_WEB\_URL](#cnb_vscode_web_url) | Workspaces address |
| [CNB\_VSCODE\_MAX\_RUN\_TIME](#cnb_vscode_max_run_time) | Workspaces maximum run time |

### CNB\_VSCODE\_WEB\_URL

Workspaces address, only exists when `services: vscode` is declared.

### CNB\_VSCODE\_MAX\_RUN\_TIME

Workspaces environment maximum run time in milliseconds, only exists when `services: vscode` is declared.

## Issue Variables

### Issue Variable Overview

| Variable Name | Description |
|---------------|-------------|
| [CNB\_ISSUE\_ID](#cnb_issue_id) | Issue globally unique ID |
| [CNB\_ISSUE\_IID](#cnb_issue_iid) | Issue repository number |
| [CNB\_ISSUE\_TITLE](#cnb_issue_title) | Issue title |
| [CNB\_ISSUE\_DESCRIPTION](#cnb_issue_description) | Issue description |
| [CNB\_ISSUE\_OWNER](#cnb_issue_owner) | Issue author |
| [CNB\_ISSUE\_STATE](#cnb_issue_state) | Issue status |
| [CNB\_ISSUE\_IS\_RESOLVED](#cnb_issue_is_resolved) | Whether Issue is resolved |
| [CNB\_ISSUE\_ASSIGNEES](#cnb_issue_assignees) | Issue assignee list |
| [CNB\_ISSUE\_LABELS](#cnb_issue_labels) | Issue label list |
| [CNB\_ISSUE\_PRIORITY](#cnb_issue_priority) | Issue priority |

### CNB\_ISSUE\_ID

Issue globally unique ID.

### CNB\_ISSUE\_IID

Issue number IID in the repository.

### CNB\_ISSUE\_TITLE

Issue title.

### CNB\_ISSUE\_DESCRIPTION

Issue description.

### CNB\_ISSUE\_OWNER

Issue author username.

### CNB\_ISSUE\_STATE

Issue status.

**Value Rules**:

| Trigger Event | Variable Value |
|--------------|----------------|
| `issue.*` | `open` or `closed` |
| Other events | Empty string |

### CNB\_ISSUE\_IS\_RESOLVED

Whether the Issue is resolved.

**Value Rules**:

| Trigger Event | Variable Value |
|--------------|----------------|
| `issue.*` | `true` or `false` |
| Other events | Empty string |

### CNB\_ISSUE\_ASSIGNEES

Issue assignee username list, multiple separated by `,`.

### CNB\_ISSUE\_LABELS

Issue label list, multiple separated by `,`.

### CNB\_ISSUE\_PRIORITY

Issue priority.

## Comment Variables

### Comment Variable Overview

| Variable Name | Description |
|---------------|-------------|
| [CNB\_COMMENT\_ID](#cnb_comment_id) | Comment globally unique ID |
| [CNB\_COMMENT\_BODY](#cnb_comment_body) | Comment content |
| [CNB\_COMMENT\_TYPE](#cnb_comment_type) | Comment type |
| [CNB\_COMMENT\_FILE\_PATH](#cnb_comment_file_path) | Comment file |
| [CNB\_COMMENT\_RANGE](#cnb_comment_range) | Comment code line |
| [CNB\_REVIEW\_ID](#cnb_review_id) | Review ID |
| [CNB\_REVIEW\_DESCRIPTION](#cnb_review_description) | Review description |

### CNB\_COMMENT\_ID

Comment globally unique ID.

### CNB\_COMMENT\_BODY

Comment content.

### CNB\_COMMENT\_TYPE

Comment type.

**Value Rules**:

| Comment Type | Variable Value |
|-------------|----------------|
| PR code review comment | `diff_note` |
| PR non-code review comment and Issue comment | `note` |
| Other cases | No value |

### CNB\_COMMENT\_FILE\_PATH

PR code review, file where the comment is located.

### CNB\_COMMENT\_RANGE

PR code review, code line where the comment is located, e.g., `L12` (single line) or `L13-L16` (multiple lines).

### CNB\_REVIEW\_ID

PR code review ID.

### CNB\_REVIEW\_DESCRIPTION

PR code review description.

## NPC Variables {#npc-variables}

### NPC Variable Overview

| Variable Name | Description |
|---------------|-------------|
| [CNB\_NPC\_SLUG](#cnb_npc_slug) | NPC repository path |
| [CNB\_NPC\_SLUG\_LOWERCASE](#cnb_npc_slug_lowercase) | NPC repository path in lowercase format |
| [CNB\_NPC\_NAME](#cnb_npc_name) | NPC role name |
| [CNB\_NPC\_SHA](#cnb_npc_sha) | NPC repository default branch latest SHA |
| [CNB\_NPC\_PROMPT](#cnb_npc_prompt) | NPC role Prompt |
| [CNB\_NPC\_SLOGAN](#cnb_npc_slogan) | NPC role slogan |
| [CNB\_NPC\_AVATAR](#cnb_npc_avatar) | NPC role avatar |
| [CNB\_NPC\_ENABLE\_THINKING](#cnb_npc_enable_thinking) | Whether NPC has thinking enabled |
| [CNB\_NPC\_ENABLE\_WORKMODE](#cnb_npc_enable_workmode) | Whether NPC has work mode enabled |
| [CNB\_NPC\_TRIGGER\_CONTENT](#cnb_npc_trigger_content) | Content that triggered the NPC |

### CNB\_NPC\_SLUG

NPC repository path.

No value if it's a system NPC.

### CNB\_NPC\_SLUG\_LOWERCASE

Lowercase format of the NPC repository path.

No value if it's a system NPC.

### CNB\_NPC\_NAME

NPC role name.

### CNB\_NPC\_SHA

SHA of the latest commit on the NPC repository default branch.

No value if it's a system NPC.

### CNB\_NPC\_PROMPT

NPC role Prompt.

No value if it's a system NPC.

### CNB\_NPC\_SLOGAN

NPC role slogan.

### CNB\_NPC\_AVATAR

NPC role avatar address.
No value if it's a system NPC.

### CNB\_NPC\_ENABLE\_THINKING

Whether the NPC role has thinking enabled.

No value if it's a system NPC.

### CNB\_NPC\_ENABLE\_WORKMODE

Whether the NPC role has work mode enabled. In work mode, the NPC has higher permissions, refer to [CNB\_TOKEN](#cnb_token).

No value if it's a system NPC.

### CNB\_NPC\_TRIGGER\_CONTENT

There are many [scenarios that trigger an NPC](./trigger-rule.md#trigger-npc-scenes).
In different scenarios, the content that triggers the NPC maps to different environment variables. To reduce confusion and avoid missing context, you can prioritize this variable when handling NPC events.

| Trigger Scenario | Equivalent Environment Variable |
|------------------|--------------------------------|
| Issue description when creating an Issue | [CNB\_ISSUE\_DESCRIPTION](#cnb_issue_description) |
| Issue comment | [CNB\_COMMENT\_BODY](#cnb_comment_body) |
| PR description when creating a PR | [CNB\_PULL\_REQUEST\_DESCRIPTION](#cnb_pull_request_description) |
| PR review | [CNB\_REVIEW\_DESCRIPTION](#cnb_review_description) |
| PR comment | [CNB\_COMMENT\_BODY](#cnb_comment_body) |
| PR review comment | [CNB\_COMMENT\_BODY](#cnb_comment_body) |