-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
135 lines (122 loc) · 4.92 KB
/
.env.example
File metadata and controls
135 lines (122 loc) · 4.92 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
# Database Configuration
DATABASE_URL=sqlite:///./icc_rules.db
# For PostgreSQL: postgresql://user:password@host:5432/dbname
# For Supabase: postgresql://USER:PASSWORD@HOST:6543/postgres?sslmode=require
# Core Application Flags
ENVIRONMENT=development
DEMO_MODE=false
DEBUG=true
LOG_LEVEL=info
# Security Configuration - generate secrets with: python -c "import secrets; print(secrets.token_hex(32))"
JWT_SECRET=your-jwt-secret-here
API_KEY_SECRET=your-api-key-secret-here
SESSION_SECRET=your-session-secret-here # Optional; falls back to JWT_SECRET
# Phase C: API Key Security Configuration
API_KEY_ROTATION_DAYS=90
API_KEY_ROTATION_WARNING_DAYS=14
API_KEY_ENFORCE_ROTATION=true
API_KEY_IP_WHITELIST_ENABLED=true
API_KEY_USAGE_TRACKING_ENABLED=true
API_KEY_MAX_WHITELIST_IPS=100
API_KEY_ALLOW_LOCALHOST=true
# Cross-origin Access (set explicit domains in production)
CORS_ORIGINS=https://admin.rulhub.com,https://system-admin.rulhub.com,https://app.rulhub.com,https://rulhub.com,https://www.rulhub.com
ALLOWED_ORIGINS=https://app.rulhub.com,https://rulhub.com,https://www.rulhub.com
ADMIN_CORS_ORIGINS=https://admin.rulhub.com,https://system-admin.rulhub.com
# For local development you can use: http://localhost:3000,http://127.0.0.1:3000
# Wildcard CORS is blocked automatically when ENVIRONMENT=production
# API Keys for internal tooling (development only)
API_KEYS=your-dev-admin-key-here
# Upstream Services
OPENAI_API_KEY=
GOOGLE_CLIENT_ID=
GOOGLE_CLIENT_SECRET=
LINKEDIN_CLIENT_ID=
LINKEDIN_CLIENT_SECRET=
SOCIAL_LOGIN_SUCCESS_URL=http://localhost:3000/auth/social/callback
SOCIAL_LOGIN_FAILURE_URL=http://localhost:3000/auth/social/error
SOCIAL_REDIRECT_ALLOWLIST=http://localhost:3000,http://127.0.0.1:3000
# Stripe Billing Configuration
STRIPE_API_KEY=
STRIPE_WEBHOOK_SECRET=
STRIPE_PRICE_STANDARD=
STRIPE_PRICE_PRO=
STRIPE_PRICE_ENTERPRISE=
STRIPE_CHECKOUT_SUCCESS_URL=https://app.rulengine.com/billing/success # Defaults to production app URL
STRIPE_CHECKOUT_CANCEL_URL=https://app.rulengine.com/billing/cancel # Defaults to production app URL
# Stripe feature toggles (keep disabled until credentials are provisioned)
STRIPE_BILLING_ENABLED=false
STRIPE_WEBHOOKS_ENABLED=false
# Chargebee integration (optional)
CHARGEBEE_API_KEY=
# Email & Notification Providers (choose one)
POSTMARK_SERVER_TOKEN=
POSTMARK_FROM_EMAIL=notifications@rulengine.com
SENDGRID_API_KEY=
NOTIFICATIONS_FROM_EMAIL=notifications@rulengine.com
NOTIFICATIONS_ALLOW_MOCK=true # Set to false in production once a provider is configured
# Tenant invites default to Postmark or SendGrid when tokens are set; override with SMTP by setting INVITE_EMAIL_TRANSPORT=smtp
INVITE_EMAIL_TRANSPORT=
# Redis Configuration (REQUIRED in production)
# Redis is mandatory for:
# - Distributed rate limiting and quotas
# - Background job queue processing
# - Multi-worker counter synchronization
REDIS_URL=redis://localhost:6379
# For Redis Cloud: redis://username:password@host:port
# Set DEMO_MODE=true to use in-memory fallback for local development only
# Backup Configuration
BACKUP_DIRECTORY=backups
PG_DUMP_PATH=pg_dump
# Observability & Monitoring
METRICS_ENABLED=false # Set to true in production
ENABLE_LOG_AGGREGATION=false
LOG_AGGREGATOR_URL=
LOG_AGGREGATOR_TYPE=http
LOG_AGGREGATOR_TIMEOUT=5
SENTRY_DSN=
TELEMETRY_ENABLED=false # Set to true/1 to enable telemetry emission
TELEMETRY_TRANSPORT=none # Supported: none, kafka, sqs, redis
TELEMETRY_SERVICE=api
TELEMETRY_CLIENT_ID=icc-telemetry
TELEMETRY_BUFFER_SIZE=1000
TELEMETRY_BROKER_TYPE=none
TELEMETRY_BROKER_URL=
TELEMETRY_BROKER_TOPIC=icc.telemetry
TELEMETRY_BROKER_REGION=
TELEMETRY_KAFKA_BROKERS=
TELEMETRY_KAFKA_TOPIC=rulhub.events
TELEMETRY_KAFKA_GROUP=telemetry-consumer
TELEMETRY_REDIS_DSN=
TELEMETRY_REDIS_STREAM=telemetry-events
TELEMETRY_SQLITE_PATH=./telemetry.db
TELEMETRY_REDIS_LIST=telemetry_events
TELEMETRY_PIPELINE_V2=false # Enable Kafka/ClickHouse ingestion pipeline
TELEMETRY_POLL_INTERVAL_MS=1000
TELEMETRY_MAX_BATCH=500
TELEMETRY_CLICKHOUSE_TABLE=telemetry_events
# Streaming & Analytics
KAFKA_ENABLED=0
KAFKA_BROKERS=localhost:9092
KAFKA_CLIENT_ID=rulengine-api
CLICKHOUSE_ENABLED=false
CLICKHOUSE_URL=http://localhost:8123
CLICKHOUSE_USER=default
CLICKHOUSE_PASSWORD=
CLICKHOUSE_DSN=http://localhost:8123
# Content Management & Support
CMS_API_KEY=
CMS_SPACE_ID=
CMS_BASE_URL=https://cms.example.com
ZENDESK_TOKEN=
ZENDESK_EMAIL=
ZENDESK_SUBDOMAIN=
# Optional integrations
SUPABASE_URL=https://heahjnpghpokqbfbxolh.supabase.co
SUPABASE_ANON_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6ImhlYWhqbnBnaHBva3FiZmJ4b2xoIiwicm9sZSI6ImFub24iLCJpYXQiOjE3NTgxNjU5ODIsImV4cCI6MjA3Mzc0MTk4Mn0.J8FVoZzmBiTacQZbNnqVdLA9Yxd4qWd1Qg2PtyAqmHo
SUPABASE_JWT_SECRET=8J07NtxCX2DwkSzP7KvHvDrCT+7Zcd9aEzfr56qPrqWyztTVjUZbogQ8EWHBcX6xlbTSbLZZLlraQFuN32k23g==
# SMTP_HOST=your-smtp-host # Required when forcing INVITE_EMAIL_TRANSPORT=smtp
# SMTP_PORT=587
# SMTP_USER=your-smtp-username
# SMTP_PASSWORD=your-smtp-password
# SMTP_FROM=noreply@example.com