-
Notifications
You must be signed in to change notification settings - Fork 5
Expand file tree
/
Copy path.env.example
More file actions
executable file
·315 lines (256 loc) · 10.2 KB
/
.env.example
File metadata and controls
executable file
·315 lines (256 loc) · 10.2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
## =============================================================================
## ROBOSYSTEMS ENVIRONMENT CONFIGURATION
## =============================================================================
##
## Configuration organized by management location:
##
## LOCAL/DOCKER → Development-only settings (not used in prod)
## SECRETS → AWS Secrets Manager in prod (credentials, API keys)
## FEATURES → SSM Parameter Store /features/ (boolean flags)
## TUNING → SSM Parameter Store /tuning/ (runtime tunables)
## SERVICES → Service endpoints and configuration
##
## Override Priority: Environment Variable > SSM Parameter Store > Default
##
## SETUP: cp .env.example .env
##
## =============================================================================
## =============================================================================
## LOCAL / DOCKER DEVELOPMENT
## =============================================================================
## These settings are for local development only.
## In production, infrastructure is managed by CloudFormation/ECS.
## Environment Identity
ENVIRONMENT=dev
LOG_LEVEL=INFO
# DEBUG=false
# HOST=0.0.0.0
# PORT=8000
## Docker Image Configuration
## - New users: Keep these to pull pre-built images (~10s download)
## - Developers: Comment out to build locally from Dockerfile (~3 min build)
ROBOSYSTEMS_IMAGE=robofinsystems/robosystems:latest
ROBOSYSTEMS_PULL_POLICY=if_not_present
ROBOSYSTEMS_APP_IMAGE=robofinsystems/robosystems-app:latest
ROBOSYSTEMS_APP_PULL_POLICY=if_not_present
ROBOLEDGER_APP_IMAGE=robofinsystems/roboledger-app:latest
ROBOLEDGER_APP_PULL_POLICY=if_not_present
ROBOINVESTOR_APP_IMAGE=robofinsystems/roboinvestor-app:latest
ROBOINVESTOR_APP_PULL_POLICY=if_not_present
## Local Service URLs
ROBOSYSTEMS_API_URL=http://localhost:8000
ROBOSYSTEMS_URL=http://localhost:3000
ROBOLEDGER_URL=http://localhost:3001
ROBOINVESTOR_URL=http://localhost:3002
## OpenTelemetry (local collector - primarily used in prod/staging)
OTEL_EXPORTER_OTLP_ENDPOINT=http://otel-collector:4318
# OTEL_SERVICE_NAME=robosystems-service
# OTEL_RESOURCE_ATTRIBUTES=
# OTEL_CONSOLE_EXPORT=false
## =============================================================================
## SECRETS (AWS Secrets Manager in prod)
## =============================================================================
## In production, these are stored in AWS Secrets Manager.
## For local development, set placeholder or real values here.
##
## Secrets Manager paths:
## robosystems/{env} → Main application secrets
## robosystems/{env}/postgres → Database credentials
## robosystems/{env}/valkey → Cache credentials
##
## See: bin/setup/aws.sh for the full secret structure
## Encryption Keys
CONNECTION_CREDENTIALS_KEY=your-random-32-byte-connection-key-here
GRAPH_BACKUP_ENCRYPTION_KEY=your-backup-encryption-key-here
JWT_SECRET_KEY=your-random-32-byte-jwt-secret-key-here
ADMIN_API_KEY=dev-admin-key-for-testing-only
## Database Credentials
POSTGRES_PASSWORD=postgres
DATABASE_URL=postgresql://postgres:${POSTGRES_PASSWORD}@pg:5432/robosystems
EXTENSIONS_DATABASE_URL=postgresql://postgres:${POSTGRES_PASSWORD}@pg:5432/extensions
## Dagster Database Credentials
DAGSTER_HOST=dagster-webserver
DAGSTER_PORT=8002
DAGSTER_HOME=/app/dagster_home
DAGSTER_POSTGRES_HOST=pg
DAGSTER_POSTGRES_PORT=5432
DAGSTER_POSTGRES_USER=postgres
DAGSTER_POSTGRES_DB=dagster
DAGSTER_POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
## Cache Credentials
VALKEY_AUTH_TOKEN=valkey
VALKEY_URL=redis://:${VALKEY_AUTH_TOKEN}@valkey:6379
## OpenSearch
OPENSEARCH_URL=http://robosystems-opensearch:9200
## JWT Configuration (deployment-specific, in Secrets Manager for prod)
## Note: In prod, JWT_ISSUER/JWT_AUDIENCE are set based on API_ACCESS_MODE
# JWT_ISSUER=api.robosystems.ai
# JWT_AUDIENCE=robosystems.ai,roboledger.ai,roboinvestor.ai
## Email Configuration (deployment-specific identity)
# EMAIL_FROM_ADDRESS=noreply@robosystems.ai
# EMAIL_FROM_NAME=RoboSystems
## QuickBooks/Intuit
INTUIT_CLIENT_ID=your-intuit-client-id-here
INTUIT_CLIENT_SECRET=your-intuit-client-secret-here
INTUIT_ENVIRONMENT=sandbox
INTUIT_REDIRECT_URI=http://localhost:8000/auth/callback
## Stripe
# STRIPE_SECRET_KEY=sk_test_your-stripe-secret-key-here
# STRIPE_PUBLISHABLE_KEY=pk_test_your-stripe-publishable-key-here
# STRIPE_WEBHOOK_SECRET=whsec_your-stripe-webhook-secret-here
## Cloudflare Turnstile
# TURNSTILE_SECRET_KEY=
# TURNSTILE_SITE_KEY=
## Cloudflare R2 (zero-egress downloads)
# R2_ACCESS_KEY_ID=
# R2_SECRET_ACCESS_KEY=
# R2_ENDPOINT_URL=https://<account_id>.r2.cloudflarestorage.com
# R2_BUCKET_NAME=robosystems-downloads
R2_PUBLIC_BUCKET_NAME=robosystems-public
R2_PUBLIC_URL=https://pub-d1753a082ea941e38d5a696fae8248f5.r2.dev
## OpenFIGI
# OPENFIGI_API_KEY=
## SEC.gov (user agent for API access)
# SEC_GOV_USER_AGENT="YourCompany your-email@example.com"
## LocalStack Credentials (local development only - emulates S3, DynamoDB)
## In prod, IAM roles provide credentials via instance metadata
AWS_REGION=us-east-1
AWS_ENDPOINT_URL=http://localstack:4566
AWS_ACCESS_KEY_ID=test
AWS_SECRET_ACCESS_KEY=test
AWS_S3_ACCESS_KEY_ID=test
AWS_S3_SECRET_ACCESS_KEY=test
## AWS Bedrock Credentials (local development only - for AI agent features)
## In prod, IAM roles provide credentials via instance metadata
AWS_BEDROCK_REGION=us-east-1
AWS_BEDROCK_ACCESS_KEY_ID=your-bedrock-access-key
AWS_BEDROCK_SECRET_ACCESS_KEY=your-bedrock-secret-key
## =============================================================================
## FEATURE FLAGS (SSM /features/ in prod)
## =============================================================================
## Boolean flags that enable/disable features.
## In staging/prod, managed via SSM Parameter Store: /robosystems/{env}/features/
##
## Override priority: Environment Variable > SSM > Default (usually false)
## Env var name: Same as below (e.g., USER_REGISTRATION_ENABLED)
## Extensions — RoboLedger & RoboInvestor product surfaces
## Per-domain flags. EXTENSIONS_ENABLED is derived from these (no longer
## a standalone env var). EXTENSIONS_GRAPHQL_ENABLED is a kill switch for
## the GraphQL endpoint, kept as defense-in-depth.
# ROBOLEDGER_ENABLED=true
# ROBOINVESTOR_ENABLED=true
# EXTENSIONS_GRAPHQL_ENABLED=true
## Platform Operations
USER_REGISTRATION_ENABLED=true
BILLING_ENABLED=false
SSE_ENABLED=true
RATE_LIMIT_ENABLED=false
LOAD_SHEDDING_ENABLED=false
OTEL_ENABLED=false
## Security & Authentication
SECURITY_AUDIT_ENABLED=false
# EMAIL_VERIFICATION_ENABLED=false
# CAPTCHA_ENABLED=false
## Organization
# ORG_MEMBER_INVITATIONS_ENABLED=false
## Graph Operations
# DIRECT_GRAPH_MATERIALIZATION_ENABLED=true
# SUBGRAPH_CREATION_ENABLED=true
# BACKUP_CREATION_ENABLED=true
# AGENT_POST_ENABLED=true
# FACT_GRID_ENABLED=true
# MCP_AUTO_LIMIT_ENABLED=true
# MCP_WORKSPACE_ENABLED=true
# MCP_MEMORY_ENABLED=true
# MCP_SEMANTIC_MEMORY_ENABLED=false
## Shared Repository Operations
# SHARED_MASTER_READS_ENABLED=true
# MCP_VECTOR_SEARCH_ENABLED=false
# SEMANTIC_SEARCH_ENABLED=false
## Connection Providers
# CONNECTIONS_ENABLED=true
# CONNECTION_SEC_ENABLED=true
# CONNECTION_QUICKBOOKS_ENABLED=true
## Adapter Pipelines
# SEC_PIPELINE_ENABLED=true
## =============================================================================
## TUNING PARAMETERS (SSM /tuning/ in prod)
## =============================================================================
## Runtime tunables that can be adjusted without redeployment.
## In staging/prod, managed via SSM Parameter Store: /robosystems/{env}/tuning/
##
## Override priority: Environment Variable > SSM > Default
## Env var name: TUNING_{CATEGORY}_{KEY} (e.g., TUNING_CACHE_BALANCE_TTL)
##
## Manage with: just ssm-tuning-list {env}
## just ssm-tuning-set {env} {path} {value}
## Limits
# TUNING_LIMITS_ORG_GRAPHS_DEFAULT=10
## Cache TTLs (seconds)
# TUNING_CACHE_BALANCE_TTL=300
# TUNING_CACHE_SUMMARY_TTL=600
# TUNING_CACHE_JWT_TTL=1800
# TUNING_CACHE_API_KEY_TTL=300
# TUNING_CACHE_SCHEMA_TTL=300
## Database Connection Pool (tune based on RDS instance size and ECS task count)
## max connections per task = POOL_SIZE + MAX_OVERFLOW
# TUNING_DATABASE_POOL_SIZE=5
# TUNING_DATABASE_MAX_OVERFLOW=10
# TUNING_DATABASE_POOL_TIMEOUT=30
# TUNING_DATABASE_POOL_RECYCLE=3600
## Admission Control - Main API (percentages 0-100)
# TUNING_ADMISSION_MEMORY_THRESHOLD=85.0
# TUNING_ADMISSION_CPU_THRESHOLD=90.0
# TUNING_ADMISSION_QUEUE_THRESHOLD=80.0
## Admission Control - Graph API (percentages 0-100)
# TUNING_LBUG_ADMISSION_MEMORY_THRESHOLD=85.0
# TUNING_LBUG_ADMISSION_CPU_THRESHOLD=90.0
## Load Shedding (percentages 0-100)
# TUNING_LOAD_SHEDDING_START_PRESSURE=80.0
# TUNING_LOAD_SHEDDING_STOP_PRESSURE=60.0
## Queue Configuration
# TUNING_QUEUES_MAX_SIZE=1000
# TUNING_QUEUES_MAX_CONCURRENT=50
# TUNING_QUEUES_MAX_PER_USER=10
# TUNING_QUEUES_TIMEOUT=300
## Circuit Breakers
# TUNING_CIRCUITS_THRESHOLD=5
# TUNING_CIRCUITS_TIMEOUT=60
## MCP Limits
# TUNING_MCP_MAX_RESULT_ROWS=1000
# TUNING_MCP_MAX_RESULT_SIZE_MB=5.0
# TUNING_MCP_POOL_IDLE_TIMEOUT=300
# TUNING_MCP_POOL_MAX_LIFETIME=3600
## Timeouts (seconds)
# TUNING_TIMEOUTS_GRAPH_HTTP=30
# TUNING_TIMEOUTS_GRAPH_QUERY=30
## SSE Configuration
# TUNING_SSE_MAX_CONNECTIONS_PER_USER=5
# TUNING_SSE_QUEUE_SIZE=100
## Workers
# TUNING_WORKERS_MAX_WORKERS=10
## =============================================================================
## GRAPH CONFIGURATION
## =============================================================================
## Graph database backend selection and operational settings.
## Graph Backend Selection
GRAPH_BACKEND_TYPE=ladybug
GRAPH_SHARED_REPOSITORY_BACKEND=ladybug
GRAPH_API_URL=http://graph-api:8001
# GRAPH_API_KEY=your-graph-api-key-here
## LadybugDB Configuration
LBUG_DATABASE_PATH=./data/ladybug-dbs
LBUG_ACCESS_PATTERN=api_auto
LBUG_NODE_TYPE=writer
LBUG_MAX_DATABASES_PER_NODE=50
## DuckDB Configuration
DUCKDB_STAGING_PATH=./data/staging
## LanceDB Vector Search Index
# LANCE_INDEX_PATH=./data/lance
## Shared Repository Configuration
# SHARED_REPLICA_ALB_URL=http://internal-robosystems-shared-prod-xxx.region.elb.amazonaws.com:8001
## Graph Resiliency
# GRAPH_CIRCUIT_BREAKERS_ENABLED=true
# GRAPH_REDIS_CACHE_ENABLED=true
# GRAPH_RETRY_LOGIC_ENABLED=true
# GRAPH_HEALTH_CHECKS_ENABLED=true