.env.example

# ============================================================================== 
# ExtensionShield - Environment Variables Example
# ==============================================================================
# Copy this file to .env for local development. Add your real keys only in .env
# DO NOT commit .env to version control (it is in .gitignore).
# Never paste real API keys or secrets into this file.
# ==============================================================================

# ------------------------------------------------------------------------------
# Open-Core Mode (controls feature availability)
# ------------------------------------------------------------------------------
# "oss"   (default) - Core scanner, CLI. Cloud-only routes return 501.
# "cloud" - All features enabled (auth, history, telemetry admin, etc.)
EXTSHIELD_MODE=oss

# Production vs local:
# - Production (Railway/hosted): Set ENVIRONMENT=production (or ENV=prod) and
#   SUPABASE_URL + SUPABASE_SERVICE_ROLE_KEY so the app uses Supabase; results
#   and connection match the hosted app.
# - Local: Leave ENV/ENVIRONMENT unset (or ENV=local). With EXTSHIELD_MODE=oss
#   (default) the app uses SQLite so you can run without Supabase.
#   For local Supabase parity set DB_BACKEND=supabase and Supabase env vars.

# Individual feature overrides (optional — override mode defaults):
# AUTH_ENABLED=false
# HISTORY_ENABLED=false
# TELEMETRY_ENABLED=false
# COMMUNITY_QUEUE_ENABLED=false
# ENTERPRISE_FORMS_ENABLED=false
# In OSS only: allow local pageview/event metrics in SQLite (default false; no outbound)
# OSS_TELEMETRY_ENABLED=false

# ------------------------------------------------------------------------------
# LLM Configuration (REQUIRED - choose one provider OR use fallback chain)
# ------------------------------------------------------------------------------

# Option 1: Single Provider (Legacy - still supported)
# LLM Provider: openai, watsonx, rits, ollama
LLM_PROVIDER=openai

# OpenAI Configuration (use placeholder; put real key only in .env)
OPENAI_API_KEY=YOUR_OPENAI_KEY_HERE
LLM_MODEL=gpt-4o

# OR WatsonX Configuration (IBM Cloud)
# LLM_PROVIDER=watsonx
# WATSONX_API_KEY=YOUR_WATSONX_KEY_HERE
# WATSONX_PROJECT_ID=your-project-id
# WATSONX_API_ENDPOINT=https://us-south.ml.cloud.ibm.com

# OR RITS Configuration (Red Hat)
# LLM_PROVIDER=rits
# RITS_API_KEY=YOUR_RITS_KEY_HERE
# RITS_API_BASE_URL=https://api.rits.example.com

# OR Ollama Configuration (Self-hosted)
# LLM_PROVIDER=ollama
# OLLAMA_BASE_URL=http://localhost:11434
# LLM_MODEL=llama3

# ------------------------------------------------------------------------------
# Option 2: Multi-Provider Fallback (Recommended for Production)
# ------------------------------------------------------------------------------
# ExtensionShield can automatically try multiple providers in order if one fails.
# This provides better reliability and cost optimization.

# Example A: Development (cheap first, then fallback to paid)
# LLM_FALLBACK_CHAIN=ollama,openai,watsonx
# LLM_MODEL=llama3
# OLLAMA_BASE_URL=http://localhost:11434
# OPENAI_API_KEY=YOUR_OPENAI_KEY_HERE
# WATSONX_API_KEY=YOUR_WATSONX_KEY_HERE
# WATSONX_PROJECT_ID=your-project-id
# WATSONX_API_ENDPOINT=https://us-south.ml.cloud.ibm.com

# Example B: Production (GROQ free tier first, then OpenAI; recommended for Railway)
# LLM_FALLBACK_CHAIN=groq,openai
# LLM_MODEL=gpt-4o-mini
# GROQ_API_KEY=YOUR_GROQ_KEY_HERE  # Free at console.groq.com
# OPENAI_API_KEY=YOUR_OPENAI_KEY_HERE

# Example C: Production (OpenAI + WatsonX - ensure both keys are valid)
# LLM_FALLBACK_CHAIN=openai,watsonx
# LLM_MODEL=gpt-4o-mini
# OPENAI_API_KEY=YOUR_OPENAI_KEY_HERE
# WATSONX_API_KEY=YOUR_WATSONX_KEY_HERE
# WATSONX_PROJECT_ID=your-project-id
# WATSONX_API_ENDPOINT=https://us-south.ml.cloud.ibm.com

# Fallback Configuration (optional - defaults shown)
# LLM_PROVIDER_PRIMARY=openai  # Optional: override primary provider
# LLM_TIMEOUT_SECONDS=25       # Timeout per provider attempt (default: 25)
# LLM_MAX_RETRIES_PER_PROVIDER=1  # Retries per provider before fallback (default: 1)

# ------------------------------------------------------------------------------
# Optional Integrations
# ------------------------------------------------------------------------------

# VirusTotal API (optional - for malware hash checking)
# Get your free API key at: https://www.virustotal.com/gui/join-us
VIRUSTOTAL_API_KEY=

# ------------------------------------------------------------------------------
# Application Configuration
# ------------------------------------------------------------------------------

# Storage paths (usually set by Docker/Railway automatically)
EXTENSION_STORAGE_PATH=/app/extensions_storage
# Only used when DB_BACKEND=sqlite (local file). Ignored when using Supabase.
DATABASE_PATH=/app/data/extension-shield.db

# ------------------------------------------------------------------------------
# Database: Supabase (recommended — same data in local and production)
# ------------------------------------------------------------------------------
#
# Use Supabase so your LOCAL app sees the SAME data as production. Without these,
# the API falls back to SQLite (local file only; different data from prod).
# Use the SERVICE ROLE key on the server only (never expose it to the browser).
#
# DB_BACKEND=supabase
# SUPABASE_URL=https://xxxx.supabase.co
# SUPABASE_SERVICE_ROLE_KEY=YOUR_SUPABASE_SERVICE_ROLE_KEY_HERE
# Optional: Supabase Management API token (for scripts/supabase-set-smtp.mjs to set Auth SMTP from CLI)
# Create at https://supabase.com/dashboard/account/tokens
# SUPABASE_ACCESS_TOKEN=sbp_xxxx
# Optional: override the table name (default: scan_results)
# SUPABASE_SCAN_RESULTS_TABLE=scan_results
#
# Resend API key: for Supabase Auth SMTP and/or enterprise pilot confirmation emails.
# Get an API key at https://resend.com (optional; pilot form still works without email).
# RESEND_API_KEY=YOUR_RESEND_API_KEY_HERE
#
# Enterprise pilot emails (optional; only used when RESEND_API_KEY is set):
# After verifying extensionshield.com at resend.com/domains, use your domain for "from" and any recipient:
# ENTERPRISE_FROM_EMAIL=ExtensionShield <notify@extensionshield.com>
# ENTERPRISE_NOTIFY_EMAIL=support@extensionshield.com
#
# Careers apply emails (optional; only used when RESEND_API_KEY is set):
# CAREERS_NOTIFY_EMAIL=careers@extensionshield.com
# CAREERS_FROM_EMAIL=ExtensionShield <noreply@extensionshield.com>
# CAREERS_CONFIRM_TO_APPLICANT=true
#
# ------------------------------------------------------------------------------
# Local dev = same data as production (use Supabase, not SQLite)
# ------------------------------------------------------------------------------
# 1. In .env set (so backend uses Supabase instead of SQLite):
#    DB_BACKEND=supabase
#    SUPABASE_URL=https://<project-ref>.supabase.co
#    SUPABASE_SERVICE_ROLE_KEY=YOUR_SUPABASE_SERVICE_ROLE_KEY_HERE
#
# 2. In frontend/.env point at your local API: VITE_API_URL=http://localhost:8007
#
# 3. Run backend locally; you will see the same scans as production.
#
# Migrations (optional): python scripts/run_supabase_migrations.py
# Direct Postgres (migrations, psql): get URI from Dashboard → Database.
# DATABASE_URL=postgresql://postgres.[project-ref]:[YOUR-PASSWORD]@aws-0-[region].pooler.supabase.com:6543/postgres

# Server port (Railway sets PORT automatically, but we default to 8007)
PORT=8007

# ------------------------------------------------------------------------------
# Production-Only Settings
# ------------------------------------------------------------------------------

# Your custom domain (if configured in Railway)
# CUSTOM_DOMAIN=extension-shield.yourdomain.com

# Enable production mode
# ENVIRONMENT=production

# CORS allowed origins (comma-separated, or * for all)
# CORS_ORIGINS=https://extension-shield.yourdomain.com,https://extension-shield.up.railway.app

# CSP Report-Only Mode (optional - for testing CSP without blocking)
# CSP_REPORT_ONLY=false