chihlasm/resolutionflow
1
0
Fork 0
Code Issues 23 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
63e5881972ccccd075e63628eed0271bef0d3149
resolutionflow/backend/.env.example
Michael Chihlas c4947218a4
Some checks failed
Mirror to GitHub / mirror (push) Successful in 5s
Details
CI / frontend (pull_request) Successful in 7m12s
Details
CI / e2e (pull_request) Failing after 6m56s
Details
CI / backend (pull_request) Failing after 9m55s
Details
fix(prod): harden production configuration for launch 
- Gate Swagger/ReDoc/OpenAPI behind DEBUG (no public API schema in prod)
- Sentry send_default_pii only in dev (no auth headers/bodies in events)
- Remove alembic from Dockerfile CMD (releaseCommand owns migrations; CMD copy raced across replicas/restarts)
- Decouple rate limiting from DEBUG via RATE_LIMIT_ENABLED (PR envs with DEBUG=true were unlimited); tests disable the live limiter in conftest
- max_instances=1 on the 4 scheduler jobs missing it
- Boot-time failure when SELF_SERVE_ENABLED without RESEND_API_KEY/ANTHROPIC_API_KEY/FRONTEND_URL
- Reject localhost OAUTH_REDIRECT_BASE outside DEBUG
- pool_pre_ping + pool_recycle on the app engine
- Frontend: DEV-gate stale-async console.warn; document VITE_SELF_SERVE_ENABLED fallback semantics in Dockerfile

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-06-12 19:41:28 -04:00

45 lines
1.5 KiB
Plaintext
Raw Blame History

# Application
APP_NAME=ResolutionFlow
DEBUG=true
# Database
DATABASE_URL=postgresql+asyncpg://postgres:postgres@localhost:5432/resolutionflow
DATABASE_URL_SYNC=postgresql://postgres:postgres@localhost:5432/resolutionflow
# JWT Settings - CHANGE THESE IN PRODUCTION
# Generate with: openssl rand -hex 32
SECRET_KEY=your-super-secret-key-change-this-in-production
ALGORITHM=HS256
ACCESS_TOKEN_EXPIRE_MINUTES=15
REFRESH_TOKEN_EXPIRE_DAYS=7
# CORS
CORS_ORIGINS=["http://localhost:3000","http://localhost:5173"]
# Anthropic API Key
ANTHROPIC_API_KEY=
VOYAGE_API_KEY=
# ConnectWise PSA Integration
CW_CLIENT_ID=<CONNECTWISE CLIENT ID>
# Stripe
# Test keys from Stripe Dashboard → Developers → API keys (with Test mode toggled on).
# Webhook secret for local dev: from `stripe listen --forward-to localhost:8000/api/v1/webhooks/stripe`.
# When unset, app/core/config.py:stripe_enabled returns False and Stripe code paths short-circuit.
STRIPE_SECRET_KEY=sk_test_
STRIPE_PUBLISHABLE_KEY=pk_test_
STRIPE_WEBHOOK_SECRET=whsec_
# Self-serve cutover
# SELF_SERVE_ENABLED is the master switch for the public self-serve signup
# flow (pricing page, invite-code-optional registration). Default is false
# until Phase O cutover.
# INTERNAL_TESTER_EMAILS is a comma-separated allowlist that bypasses the
# global flag for specific users — used for prod test-mode validation
# before the public flip. Empty by default.
SELF_SERVE_ENABLED=false
INTERNAL_TESTER_EMAILS=
# Rate limiting (decoupled from DEBUG; keep true in PR/staging/prod)
RATE_LIMIT_ENABLED=false
Reference in New Issue View Git Blame Copy Permalink