# ============================================================= # SIC — Super Incident Commander # Local development environment. # # How to use: # 1. Copy this file to `.env`: # cp .env.example .env # 2. Edit `.env` and fill in the secrets (at minimum MINIMAX_API_KEY). # 3. Start the API: # pnpm dev # # The API loads `.env` automatically via dotenv at boot. Real shell # environment variables always win over the file, so production / # docker setups that inject env vars keep working unchanged. # # Never commit a real `.env` file — it's gitignored. # ============================================================= # --------------------------------------------------------------- # Server # --------------------------------------------------------------- API_PORT=8787 HOST=0.0.0.0 API_BODY_LIMIT_BYTES=1048576 CORS_ALLOWED_ORIGINS= WEB_PORT=3000 WEB_VITE_API_PROXY=http://localhost:8787 # --------------------------------------------------------------- # Auth # --------------------------------------------------------------- # local: dev mode, returns a synthetic `local-user` with admin + webhook-runner roles # keycloak: validates Authorization: Bearer JWT against OIDC_ISSUER/OIDC_AUDIENCE AUTH_MODE=local OIDC_ISSUER=https://auth.rikrdo.com/realms/homelab OIDC_AUDIENCE=pi-chat # --------------------------------------------------------------- # Persistence # --------------------------------------------------------------- DATABASE_URL=sqlite://./data/pi-chat.db # --------------------------------------------------------------- # LLM provider (OpenAI-compatible) # --------------------------------------------------------------- # Default provider and base URL. The MiniMax and mr-auto model # entries in config/models.yml both read these. LLM_BASE_URL=https://api.minimax.io/v1 # Per-model fallback chain. Override the default chain parsed from # config/models.yml. Comma-separated model ids in the order to try. # Set to empty to disable and use the YAML-only chain. # Example: LLM_FALLBACK_CHAIN=balanced,mr-auto LLM_FALLBACK_CHAIN= LLM_API_KEY= DEFAULT_MODEL=fast # Backwards-compat alias for the MiniMax key. Either this or LLM_API_KEY works. # Used by chat routes as a fallback when LLM_API_KEY is empty. MINIMAX_API_KEY= # Per-model API key overrides (config/models.yml -> model.api_key_env). # Only the mr-auto model needs this; MiniMax shares LLM_API_KEY. MR_AUTO_API_KEY= LLM_TIMEOUT_MS=30000 # --------------------------------------------------------------- # Chat input limits # --------------------------------------------------------------- CHAT_MESSAGE_MAX_CHARS=8000 # --------------------------------------------------------------- # Rate limits # --------------------------------------------------------------- # /api/chat/stream — per authenticated user CHAT_RATE_LIMIT_PER_MINUTE=20 CHAT_RATE_LIMIT_BURST=5 # POST /api/webhooks/:id/run — per webhook id (across all users) WEBHOOK_RATE_LIMIT_PER_MINUTE=60 WEBHOOK_RATE_LIMIT_BURST=10 # --------------------------------------------------------------- # Webhook execution # --------------------------------------------------------------- WEBHOOK_TIMEOUT_MS=15000 WEBHOOK_RETRY_MAX_ATTEMPTS=3 WEBHOOK_RETRY_INITIAL_BACKOFF_MS=500 WEBHOOK_RETRY_MAX_BACKOFF_MS=5000 # Audit retention WEBHOOK_RUNS_RETENTION_DAYS=30 WEBHOOK_RUNS_MAX_PER_USER=1000 WEBHOOK_AUDIT_PURGE_INTERVAL_MS=3600000 # Webhook usage stats window (days) for /api/webhooks/usage WEBHOOK_USAGE_WINDOW_DAYS=7 # --------------------------------------------------------------- # Config file paths # --------------------------------------------------------------- # Each config file can be overridden with an env var. Defaults # resolve relative to apps/api (where the API is started). MODELS_CONFIG_PATH= WEBHOOKS_CONFIG_PATH= SKILLS_CONFIG_PATH= KNOWLEDGE_DIR= N8N_CONFIG_PATH= RAG_CONFIG_PATH= MCP_CONFIG_PATH= # --------------------------------------------------------------- # Development # --------------------------------------------------------------- # Set to `1` to enable verbose Fastify logging. DEBUG=0