.env.example

# License Compliance Checker - Environment Configuration
# Copy this file to .env and fill in your values
# DO NOT commit .env to version control!

# =============================================================================
# Application Configuration
# =============================================================================

# Application version
VERSION=1.0.0

# Environment (development, staging, production)
ENVIRONMENT=production

# =============================================================================
# Security & Authentication
# =============================================================================

# Secret key for encryption (generate with: openssl rand -hex 32)
SECRET_KEY=your-secret-key-here-change-this-in-production

# JWT configuration
JWT_SECRET_KEY=your-jwt-secret-key-here-change-this-in-production
JWT_ALGORITHM=HS256
JWT_EXPIRATION_MINUTES=60
JWT_REFRESH_EXPIRATION_DAYS=30

# Admin user (created on first startup)
ADMIN_USERNAME=admin
ADMIN_PASSWORD=admin123
ADMIN_EMAIL=admin@example.com

# OIDC (Single Sign-On)
OIDC_ENABLED=false
OIDC_CLIENT_ID=
OIDC_CLIENT_SECRET=
OIDC_ISSUER_URL=https://accounts.google.com
OIDC_SCOPES=openid email profile

# =============================================================================
# API Configuration
# =============================================================================

# API server
API_HOST=0.0.0.0
API_PORT=8000
API_WORKERS=4

# CORS configuration
CORS_ORIGINS=http://localhost:3000,https://yourdomain.com
CORS_ALLOW_CREDENTIALS=true

# Rate limiting
RATE_LIMIT_ENABLED=true
RATE_LIMIT_PER_MINUTE=100
RATE_LIMIT_PER_HOUR=1000

# =============================================================================
# Dashboard Configuration
# =============================================================================

# Dashboard frontend
DASHBOARD_PORT=3000
NEXT_PUBLIC_API_URL=http://localhost:8000

# =============================================================================
# Database Configuration
# =============================================================================

# PostgreSQL (recommended for production)
POSTGRES_DB=lcc
POSTGRES_USER=lcc
POSTGRES_PASSWORD=your-secure-password-here
POSTGRES_HOST=postgres
POSTGRES_PORT=5432

# SQLite (alternative for smaller deployments)
# LCC_DB_PATH=/var/lib/lcc/lcc.db

# =============================================================================
# Redis Configuration
# =============================================================================

# Redis cache
REDIS_URL=redis://redis:6379/0
REDIS_PASSWORD=your-redis-password-here
REDIS_MAX_CONNECTIONS=50

# =============================================================================
# LCC Application Settings
# =============================================================================

# Logging
LCC_LOG_LEVEL=INFO
LCC_LOG_FORMAT=json
LCC_LOG_FILE=/var/log/lcc/app.log

# Cache
LCC_CACHE_DIR=/var/cache/lcc
LCC_CACHE_TTL_SECONDS=3600

# Policy
LCC_POLICY_DIR=/var/lib/lcc/policies
LCC_DEFAULT_POLICY=permissive

# Storage
LCC_DATA_PATH=./data
LCC_LOGS_PATH=./logs

# =============================================================================
# External Services
# =============================================================================

# Sentry error tracking (optional)
SENTRY_DSN=
SENTRY_ENVIRONMENT=production
SENTRY_TRACES_SAMPLE_RATE=0.1

# GitHub API (for repository scanning)
GITHUB_TOKEN=
GITHUB_API_URL=https://api.github.com

# Package registries
PYPI_URL=https://pypi.org/pypi
NPM_REGISTRY=https://registry.npmjs.org
CRATES_IO_API=https://crates.io/api/v1

# =============================================================================
# Monitoring & Observability
# =============================================================================

# Prometheus
PROMETHEUS_ENABLED=true
PROMETHEUS_PORT=9090

# Grafana
GRAFANA_PORT=3001
GRAFANA_ADMIN_USER=admin
GRAFANA_ADMIN_PASSWORD=admin
GRAFANA_PLUGINS=

# =============================================================================
# Nginx Reverse Proxy
# =============================================================================

NGINX_HTTP_PORT=80
NGINX_HTTPS_PORT=443

# SSL/TLS certificates
SSL_CERTIFICATE_PATH=/etc/nginx/ssl/cert.pem
SSL_CERTIFICATE_KEY_PATH=/etc/nginx/ssl/key.pem

# =============================================================================
# Resource Limits
# =============================================================================

# API resource limits
API_CPU_LIMIT=2.0
API_CPU_RESERVATION=0.5
API_MEMORY_LIMIT=1G
API_MEMORY_RESERVATION=256M

# Dashboard resource limits
DASHBOARD_CPU_LIMIT=1.0
DASHBOARD_MEMORY_LIMIT=512M

# =============================================================================
# Backup & Maintenance
# =============================================================================

# Backup configuration
BACKUP_ENABLED=true
BACKUP_SCHEDULE="0 2 * * *"  # Daily at 2 AM
BACKUP_RETENTION_DAYS=30
BACKUP_PATH=./backups

# Database maintenance
DB_VACUUM_SCHEDULE="0 3 * * 0"  # Weekly on Sunday at 3 AM

# =============================================================================
# Feature Flags
# =============================================================================

# Enable/disable features
FEATURE_API_KEYS=true
FEATURE_WEBHOOKS=false
FEATURE_NOTIFICATIONS=false
FEATURE_GITHUB_INTEGRATION=true
FEATURE_SBOM_EXPORT=true

# =============================================================================
# Network Configuration
# =============================================================================

NETWORK_SUBNET=172.20.0.0/16

# =============================================================================
# Development & Debugging
# =============================================================================

# Debug mode (DO NOT enable in production!)
DEBUG=false
DEBUG_SQL=false
DEBUG_CACHE=false

# Profiling
PROFILING_ENABLED=false

# =============================================================================
# Notifications (optional)
# =============================================================================

# Email (SMTP)
SMTP_HOST=smtp.example.com
SMTP_PORT=587
SMTP_USER=
SMTP_PASSWORD=
SMTP_FROM=noreply@example.com
SMTP_USE_TLS=true

# Slack
SLACK_WEBHOOK_URL=
SLACK_CHANNEL=#compliance-alerts

# Webhooks
WEBHOOK_URL=
WEBHOOK_SECRET=

# =============================================================================
# License & Compliance
# =============================================================================

# License data sources
SPDX_LICENSE_LIST_URL=https://raw.githubusercontent.com/spdx/license-list-data/main/json/licenses.json
LICENSE_DATA_UPDATE_INTERVAL=86400  # 24 hours in seconds

# =============================================================================
# AI Analysis (Fireworks AI)
# =============================================================================

# Provider configuration
LCC_LLM_PROVIDER=fireworks
LCC_FIREWORKS_API_KEY=your-fireworks-api-key-here
LCC_LLM_MODEL=accounts/fireworks/models/llama-v3p1-70b-instruct


# =============================================================================
# Notes
# =============================================================================

# 1. Generate secure random keys:
#    openssl rand -hex 32
#
# 2. For production, ensure:
#    - All *_PASSWORD and *_SECRET values are changed
#    - DEBUG=false
#    - Strong passwords (min 16 characters)
#    - CORS_ORIGINS restricted to your domain
#    - SSL/TLS certificates configured
#
# 3. Backup your .env file securely
#
# 4. Use secrets management in production (e.g., HashiCorp Vault, AWS Secrets Manager)