tractatus/deployment-quickstart/.env.example

# Tractatus Framework - Environment Configuration Template
# Copy this file to .env and fill in your actual values

#=============================================================================
# REQUIRED: Database Configuration
#=============================================================================
MONGODB_USERNAME=tractatus
MONGODB_PASSWORD=YOUR_SECURE_PASSWORD_HERE  # CHANGE THIS!
MONGODB_DATABASE=tractatus_prod
MONGODB_PORT=27017
MONGODB_URI=mongodb://tractatus:YOUR_SECURE_PASSWORD_HERE@mongodb:27017/tractatus_prod?authSource=admin

#=============================================================================
# REQUIRED: Application Configuration
#=============================================================================
NODE_ENV=production
APP_PORT=9000
BASE_URL=https://your-domain.com  # Your production URL

# JWT Secret (generate with: openssl rand -base64 32)
JWT_SECRET=YOUR_JWT_SECRET_HERE  # CHANGE THIS!

# Session Secret (generate with: openssl rand -base64 32)
SESSION_SECRET=YOUR_SESSION_SECRET_HERE  # CHANGE THIS!

#=============================================================================
# REQUIRED: Admin Account
#=============================================================================
ADMIN_EMAIL=admin@your-domain.com
ADMIN_PASSWORD=YOUR_ADMIN_PASSWORD_HERE  # CHANGE THIS!

#=============================================================================
# REQUIRED: Anthropic API (for AI-assisted features)
#=============================================================================
ANTHROPIC_API_KEY=sk-ant-your-api-key-here  # Get from console.anthropic.com

#=============================================================================
# Governance Services (5 Core Components)
#=============================================================================
BOUNDARY_ENFORCER_ENABLED=true
CONTEXT_PRESSURE_ENABLED=true
CROSS_REF_VALIDATOR_ENABLED=true
PERSISTENCE_CLASSIFIER_ENABLED=true
METACOGNITIVE_VERIFIER_ENABLED=true

#=============================================================================
# Rate Limiting & Performance
#=============================================================================
RATE_LIMIT_WINDOW_MS=900000  # 15 minutes
RATE_LIMIT_MAX_REQUESTS=100  # Max requests per window
MAX_FILE_SIZE=10485760       # 10MB max upload size

#=============================================================================
# Feature Flags
#=============================================================================
BLOG_ENABLED=true
KOHA_ENABLED=true          # Donation system
DEMOS_ENABLED=true         # Interactive demos
ANALYTICS_ENABLED=false    # Privacy-preserving analytics

#=============================================================================
# Optional: Email Configuration (for notifications)
#=============================================================================
# SMTP_HOST=smtp.example.com
# SMTP_PORT=587
# SMTP_USER=noreply@your-domain.com
# SMTP_PASSWORD=your-email-password
# SMTP_FROM_NAME=Tractatus Framework
# SMTP_FROM_EMAIL=noreply@your-domain.com

#=============================================================================
# Optional: Stripe (for Koha donations)
#=============================================================================
# STRIPE_SECRET_KEY=sk_live_your-stripe-key
# STRIPE_PUBLIC_KEY=pk_live_your-stripe-key
# STRIPE_WEBHOOK_SECRET=whsec_your-webhook-secret

#=============================================================================
# Optional: Umami Analytics (Privacy-Preserving, GDPR-Compliant)
#=============================================================================
# Umami provides cookie-free, privacy-first web analytics
# Default login after first setup: admin / umami (change immediately!)

# Generate APP_SECRET with: openssl rand -base64 32
UMAMI_APP_SECRET=YOUR_UMAMI_SECRET_HERE  # CHANGE THIS!

# Database credentials for Umami PostgreSQL
UMAMI_DB_NAME=umami
UMAMI_DB_USER=umami
UMAMI_DB_PASSWORD=YOUR_UMAMI_DB_PASSWORD_HERE  # CHANGE THIS!

# Port for Umami dashboard (internal, proxy via nginx)
UMAMI_PORT=3000

# Custom tracker script name (optional, for additional privacy)
# Default: 'umami' - Access at /script.js
# Custom: 'analytics' - Access at /analytics.js
UMAMI_TRACKER_SCRIPT=umami

# Disable Umami's own telemetry (privacy-first)
UMAMI_DISABLE_TELEMETRY=1

#=============================================================================
# Security Headers
#=============================================================================
HELMET_ENABLED=true
CSP_ENABLED=true
CORS_ORIGIN=https://your-domain.com  # Comma-separated for multiple origins

#=============================================================================
# Logging
#=============================================================================
LOG_LEVEL=info  # debug, info, warn, error
LOG_TO_FILE=true
LOG_TO_CONSOLE=true

#=============================================================================
# Development/Testing (disable in production)
#=============================================================================
# DEBUG=false
# VERBOSE_LOGGING=false
# ENABLE_DEBUGGING_ENDPOINTS=false