forked from vercel/chatbot
-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy path.env.example
More file actions
156 lines (130 loc) · 6.29 KB
/
Copy path.env.example
File metadata and controls
156 lines (130 loc) · 6.29 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
# Database
# The POSTGRES_ALEMBIC_USER/PASSWORD may be different from the POSTGRES_USER/PASSWORD if you have a different user for migration and app access.
POSTGRES_HOST=localhost
POSTGRES_PORT=5432
POSTGRES_USER=user
POSTGRES_PASSWORD=password
POSTGRES_DB=chatbot_db
POSTGRES_ALEMBIC_USER=adminuser
POSTGRES_ALEMBIC_PASSWORD=adminpassword
# Optional: Explicit sync URL for Alembic (if different from async URL)
# If not set, ALEMBIC_POSTGRES_URL will be converted from async to sync format
# POSTGRES_URL_SYNC=postgresql://user:password@localhost:5432/chatbot_db # pragma: allowlist secret
# Authentication
# Generate a random secret: https://generate-secret.vercel.app/32 or `openssl rand -base64 32` **keep this!!!**
JWT_SECRET_KEY=your-secret-key-change-this-in-production
# Optional: Old JWT secret key for key rotation (allows validating old tokens during rotation)
# JWT_SECRET_KEY_OLD=your-old-secret-key
JWT_ALGORITHM=HS256
JWT_ACCESS_TOKEN_EXPIRE_MINUTES=30
# Session Token Secret (optional - falls back to JWT_SECRET_KEY if not set)
# For better security isolation, use a separate key for session tokens
# Generate: openssl rand -hex 32
# SESSION_SECRET_KEY=
# AI/LLM - Azure OpenAI (used by LiteLLM)
# Option A: API key (simplest)
AZURE_API_KEY=your-azure-openai-api-key
AZURE_API_BASE=https://your-resource-name.openai.azure.com
AZURE_API_VERSION=2024-02-15-preview
# Option B: Client credentials (for Azure APIM, no API key)
# Use when authenticating via OAuth2 client credentials instead of a static API key.
# All four must be set together. LiteLLM reads these from the environment.
# AZURE_CLIENT_ID=<app-registration-client-id>
# AZURE_CLIENT_SECRET=<client-secret> # pragma: allowlist secret
# AZURE_TENANT_ID=<azure-ad-tenant-id>
# AZURE_SCOPE=api://your-api-app-id/.default
# AI/LLM - Model Configuration
# These override the defaults in ModelSettings
MODEL_PROVIDER=azure/
CHAT_MODEL=gpt-4o-mini
CHAT_MODEL_REASONING=o1-mini
TITLE_MODEL=gpt-4o-mini
ARTIFACT_MODEL=gpt-4o-mini
# Application
ENVIRONMENT=development
CORS_ORIGINS=http://localhost:3000,http://localhost:3001
# Require Origin/Referer for all state-changing requests (closes "Absence of Origin" finding). Set true in production if API clients send Origin.
# CSRF_REQUIRE_ORIGIN_ALWAYS=false
# Next.js server URL for proxy requests
NEXTJS_URL=http://localhost:3001
# Cookie Domain (optional - for subdomain sharing)
# Set to ".yourdomain.com" to share cookies across subdomains
# COOKIE_DOMAIN=
# File upload (multimodal images). Keep in sync with frontend NEXT_PUBLIC_* if you override.
# MAX_UPLOAD_FILE_SIZE_BYTES=5242880
# ALLOWED_UPLOAD_IMAGE_TYPES=image/jpeg,image/png
# Redis (optional - only needed for resumable streams)
# REDIS_URL=redis://localhost:6379
# Rate limiting (global API) – per user or per IP; returns 429 when exceeded
# RATE_LIMIT_ENABLED=true
# RATE_LIMIT_REQUESTS=50
# RATE_LIMIT_WINDOW_SECONDS=60
# Password Security (optional)
# Enable Have I Been Pwned password checking
# ENABLE_HIBP_CHECK=false
# Chat tools: when true, createDocument/updateDocument local tools are enabled (default is false set in config.py)
# ENABLE_LOCAL_TOOLS=true
# Public chat / share-via-link. Default false. Set true with frontend NEXT_PUBLIC_ENABLE_SHARE_CONVERSATION.
# ENABLE_SHARE_CONVERSATION=true
# Charts API ingestion token (required by POST /api/v1/charts for machine clients).
# Generate with: openssl rand -hex 32
# CHARTS_API_WRITE_TOKEN=
# GET /ready: when false, skips all dependency checks (always 200). When true (default), runs MCP probe unless MCP_READINESS_ENABLED=false.
# READINESS_ENABLED=true
# MCP_READINESS_ENABLED=true
# Max seconds for MCP get_tools during /ready; 0 uses MCP_LOAD_TIMEOUT (default 15).
# MCP_READINESS_TIMEOUT=0
# MCP Server (Model Context Protocol)
MCP_SERVER_URL=https://ai4data-ai4data-mcp.hf.space/gradio_api/mcp/sse
# MCP_SERVER_URL=http://host.docker.internal:8022/mcp
MCP_SSL_VERIFY=false
MCP_TIMEOUT=30.0
# LangChain MCP adapter: sse | http | streamable_http | empty (auto from URL)
# MCP_TRANSPORT=
# Optional JSON object for HTTP headers (APIM), e.g. {"X-Custom":"value"}
# MCP_HEADERS_JSON=
# Optional Bearer token (adds Authorization header). Not needed when MCP_INTERNAL=true.
# MCP_AUTHORIZATION_BEARER=
# Internal deployment (Azure APIM authentication)
# Set MCP_INTERNAL=true when the data360-mcp server is deployed internally behind Azure APIM.
# The chatbot will then acquire a bearer token via Azure AD client credentials and attach it
# to every MCP request. APIM validates the token before forwarding to the MCP server.
# Credentials are read from the global AZURE_TENANT_ID / AZURE_CLIENT_ID / AZURE_CLIENT_SECRET
# env vars (same ones used for Azure OpenAI) -- no need to duplicate them here.
# MCP_INTERNAL=false
# MCP_AUTH_SCOPE=a1dd6401-acf2-43b5-a37c-c3230ef1be7d/.default
# LiteLLM Configuration (optional)
# Controls LiteLLM logging verbosity
LITELLM_LOG=DEBUG
LOG_FILE=logs/chatbot.log
# Optional:
# LOG_LEVEL=DEBUG
# LOG_MAX_BYTES=10485760
# LOG_BACKUP_COUNT=5
# Log full LangGraph flow: user input, every astream_events step (all nodes), LLM streams/completions,
# tools, chain state updates, final answer (dev only; may contain PII). Token streams go to the file at DEBUG on console.
# GRAPH_DEBUG_LOG_LLM=true
# Optional: append the same records to this file (default if unset: backend/logs/graph_llm_debug.log).
# GRAPH_DEBUG_LOG_LLM_FILE=/tmp/graph_llm_debug.log
# Auth: guest (login = Try as guest only) | user (email/password + Try as guest) | msal
# AUTH_PROVIDER=guest
# AUTH_PROVIDER=user
# AUTH_PROVIDER=msal
# MSAL_AUTH_COOKIE_NAME=UIT
# AZURE_AD_TENANT_ID=<tenant-id>
# AZURE_AD_CLIENT_ID=<client-id>
# # AZURE_AD_VALID_AUDIENCES=
# AZURE_AD_SKIP_SIGNATURE_VERIFY=true # Must be set to false in prod
#
# FEEDBACK_REVIEWER_EMAILS=<comma-separated list of allowed reviewers>
# OpenTelemetry (backend traces)
# Deployed (qa/uat/prod): set ENVIRONMENT and Application Insights connection string.
# ENVIRONMENT=production
# APPLICATIONINSIGHTS_CONNECTION_STRING=InstrumentationKey=...;IngestionEndpoint=...
#
# Local dev (optional): console spans or OTLP to Jaeger/collector
# CHATBOT_OTEL_CONSOLE=1
# OTEL_SERVICE_NAME=ai-chatbot-backend
# docker run --rm -d --name jaeger -p 16686:16686 -p 4317:4317 -p 4318:4318 jaegertracing/jaeger:latest
# OTEL_EXPORTER_OTLP_ENDPOINT=http://localhost:4318
# OTEL_EXPORTER_OTLP_PROTOCOL=http/protobuf