Files
sic/.env.example
rikrdo 62728b2200 Initial commit: SIC harness (backend, web, pi-adapter, configs, docs)
- pnpm monorepo: apps/api (Fastify + SQLite + SSE), apps/web (React+Vite), packages/shared, packages/pi-adapter
- Local auth (admin/webhook-runner roles) + Keycloak JWT ready
- Multi-session chat with reliable history (user persisted before LLM, assistant persisted after stream)
- Markdown knowledge base with /api/docs/search + /api/docs/:id
- YAML webhook catalog with backend-only execution, retry/backoff, audit (webhook_runs), and per-user rate limit
- Skills config (sre-on-call, blameless-postmortem, security-incident) injected into LLM system prompt
- LLM provider failover chain (config/models.yml fallback + LLM_FALLBACK_CHAIN override)
- Context-aware webhooks panel + backend id-mention safety net
- Per-message stats (time/duration/tokens/model), Markdown+GFM render, code & table copy/download buttons
- Vitest suite, end-to-end smoke test (scripts/smoke.mjs), per-session system prompt override
- /metrics Prometheus endpoint + /api/metrics JSON, request-id correlation
- dotenv with explicit repo-root path; envString/envNumber helpers (handles empty-string env)
- Runbooks + SOPs under knowledge/ in English; README, docs, and INDEX.md in English
2026-06-29 16:20:53 +02:00

119 lines
4.0 KiB
Plaintext

# =============================================================
# SIC — Super Incident Commander
# Local development environment.
#
# How to use:
# 1. Copy this file to `.env`:
# cp .env.example .env
# 2. Edit `.env` and fill in the secrets (at minimum MINIMAX_API_KEY).
# 3. Start the API:
# pnpm dev
#
# The API loads `.env` automatically via dotenv at boot. Real shell
# environment variables always win over the file, so production /
# docker setups that inject env vars keep working unchanged.
#
# Never commit a real `.env` file — it's gitignored.
# =============================================================
# ---------------------------------------------------------------
# Server
# ---------------------------------------------------------------
API_PORT=8787
HOST=0.0.0.0
API_BODY_LIMIT_BYTES=1048576
CORS_ALLOWED_ORIGINS=
WEB_PORT=3000
WEB_VITE_API_PROXY=http://localhost:8787
# ---------------------------------------------------------------
# Auth
# ---------------------------------------------------------------
# local: dev mode, returns a synthetic `local-user` with admin + webhook-runner roles
# keycloak: validates Authorization: Bearer JWT against OIDC_ISSUER/OIDC_AUDIENCE
AUTH_MODE=local
OIDC_ISSUER=https://auth.rikrdo.com/realms/homelab
OIDC_AUDIENCE=pi-chat
# ---------------------------------------------------------------
# Persistence
# ---------------------------------------------------------------
DATABASE_URL=sqlite://./data/pi-chat.db
# ---------------------------------------------------------------
# LLM provider (OpenAI-compatible)
# ---------------------------------------------------------------
# Default provider and base URL. The MiniMax and mr-auto model
# entries in config/models.yml both read these.
LLM_BASE_URL=https://api.minimax.io/v1
# Per-model fallback chain. Override the default chain parsed from
# config/models.yml. Comma-separated model ids in the order to try.
# Set to empty to disable and use the YAML-only chain.
# Example: LLM_FALLBACK_CHAIN=balanced,mr-auto
LLM_FALLBACK_CHAIN=
LLM_API_KEY=
DEFAULT_MODEL=fast
# Backwards-compat alias for the MiniMax key. Either this or LLM_API_KEY works.
# Used by chat routes as a fallback when LLM_API_KEY is empty.
MINIMAX_API_KEY=
# Per-model API key overrides (config/models.yml -> model.api_key_env).
# Only the mr-auto model needs this; MiniMax shares LLM_API_KEY.
MR_AUTO_API_KEY=
LLM_TIMEOUT_MS=30000
# ---------------------------------------------------------------
# Chat input limits
# ---------------------------------------------------------------
CHAT_MESSAGE_MAX_CHARS=8000
# ---------------------------------------------------------------
# Rate limits
# ---------------------------------------------------------------
# /api/chat/stream — per authenticated user
CHAT_RATE_LIMIT_PER_MINUTE=20
CHAT_RATE_LIMIT_BURST=5
# POST /api/webhooks/:id/run — per webhook id (across all users)
WEBHOOK_RATE_LIMIT_PER_MINUTE=60
WEBHOOK_RATE_LIMIT_BURST=10
# ---------------------------------------------------------------
# Webhook execution
# ---------------------------------------------------------------
WEBHOOK_TIMEOUT_MS=15000
WEBHOOK_RETRY_MAX_ATTEMPTS=3
WEBHOOK_RETRY_INITIAL_BACKOFF_MS=500
WEBHOOK_RETRY_MAX_BACKOFF_MS=5000
# Audit retention
WEBHOOK_RUNS_RETENTION_DAYS=30
WEBHOOK_RUNS_MAX_PER_USER=1000
WEBHOOK_AUDIT_PURGE_INTERVAL_MS=3600000
# Webhook usage stats window (days) for /api/webhooks/usage
WEBHOOK_USAGE_WINDOW_DAYS=7
# ---------------------------------------------------------------
# Config file paths
# ---------------------------------------------------------------
# Each config file can be overridden with an env var. Defaults
# resolve relative to apps/api (where the API is started).
MODELS_CONFIG_PATH=
WEBHOOKS_CONFIG_PATH=
SKILLS_CONFIG_PATH=
KNOWLEDGE_DIR=
N8N_CONFIG_PATH=
RAG_CONFIG_PATH=
MCP_CONFIG_PATH=
# ---------------------------------------------------------------
# Development
# ---------------------------------------------------------------
# Set to `1` to enable verbose Fastify logging.
DEBUG=0