-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.production.example
More file actions
139 lines (120 loc) · 6.14 KB
/
.env.production.example
File metadata and controls
139 lines (120 loc) · 6.14 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
# =============================================================================
# SerialMemory Production Environment Configuration
# =============================================================================
# Copy this file to .env and fill in ALL values before deploying.
#
# SECURITY NOTES:
# - Generate strong passwords using: openssl rand -base64 32
# - Generate JWT secret using: openssl rand -base64 64
# - Never commit .env to version control
# - Rotate secrets periodically
# =============================================================================
# -----------------------------------------------------------------------------
# PostgreSQL (REQUIRED)
# -----------------------------------------------------------------------------
# Admin user - only for initial setup and migrations
POSTGRES_ADMIN_USER=pgadmin
POSTGRES_ADMIN_PASSWORD= # Generate: openssl rand -base64 32
# Application user - limited privileges, used by all services
POSTGRES_USER=serialmemory_app
POSTGRES_PASSWORD= # Generate: openssl rand -base64 32
# -----------------------------------------------------------------------------
# Redis (REQUIRED)
# -----------------------------------------------------------------------------
REDIS_PASSWORD= # Generate: openssl rand -base64 32
# -----------------------------------------------------------------------------
# RabbitMQ (REQUIRED)
# -----------------------------------------------------------------------------
RABBITMQ_USER=serialmemory
RABBITMQ_PASSWORD= # Generate: openssl rand -base64 32
# -----------------------------------------------------------------------------
# JWT & Security (REQUIRED)
# -----------------------------------------------------------------------------
# Must be at least 32 characters
JWT_SECRET= # Generate: openssl rand -base64 64
JWT_ISSUER=serialmemory
JWT_AUDIENCE=serialmemory-api
# Internal service-to-service token (64 bytes base64)
INTERNAL_TOKEN_KEY= # Generate: openssl rand -base64 64 | tr -d '\n'
# Service API key for admin operations
SERVICE_API_KEY= # Generate: sm_live_svc_$(openssl rand -hex 24)
# Root admin email (receives system notifications)
SERIALMEMORY_ROOT_ADMIN_EMAIL=admin@yourdomain.com
# -----------------------------------------------------------------------------
# Azure Communication Services (Optional - for email)
# -----------------------------------------------------------------------------
SERIALMEMORY_ACS_CONNECTION=endpoint=https://...;accesskey=...
SERIALMEMORY_EMAIL_SENDER=noreply@yourdomain.com
# -----------------------------------------------------------------------------
# URLs (REQUIRED)
# -----------------------------------------------------------------------------
# Public URL where the service is accessible
SERIALMEMORY_BASE_URL=https://yourdomain.com
PUBLIC_API_URL=https://api.yourdomain.com
# -----------------------------------------------------------------------------
# LLM & Embeddings (CHOOSE ONE - OpenAI recommended for production VPS)
# -----------------------------------------------------------------------------
# RECOMMENDED FOR PRODUCTION VPS: Use OpenAI API
# The L0-L4 classification pipeline requires an LLM. For production VPS:
# - OpenAI API is recommended (reliable, no local GPU needed)
# - If using Ollama, ensure it's running on the VPS host and accessible
#
# Note: host.docker.internal works on Linux with extra_hosts configured in
# docker-compose.prod.yml. Ensure Ollama is listening on 0.0.0.0:11434
# not just localhost if accessing from Docker containers.
# Option 1: OpenAI API (RECOMMENDED for production)
# Enables classification pipeline (L0→L4) and embeddings without local GPU
OPENAI_API_KEY=sk-...
OPENAI_MODEL=gpt-4.1-mini
OPENAI_EMBED_MODEL=text-embedding-3-small
# Option 2: Ollama (self-hosted - requires GPU on VPS or adequate CPU)
# If using Ollama on Linux VPS, ensure it's bound to 0.0.0.0:
# OLLAMA_HOST=0.0.0.0 ollama serve
OLLAMA_URL=http://host.docker.internal:11434
OLLAMA_MODEL=nomic-embed-text
# -----------------------------------------------------------------------------
# MCP Client (Optional)
# -----------------------------------------------------------------------------
MCP_API_KEY= # API key for MCP client access
# -----------------------------------------------------------------------------
# Grafana Monitoring (REQUIRED)
# -----------------------------------------------------------------------------
GRAFANA_USER=admin
GRAFANA_PASSWORD= # Generate: openssl rand -base64 32
GRAFANA_ROOT_URL=https://monitoring.yourdomain.com
# -----------------------------------------------------------------------------
# Deployment Mode
# -----------------------------------------------------------------------------
# For self-hosted installations, use: SelfHosted
# For multi-tenant SaaS, use: PublicSaaS
SERIALMEMORY_DEPLOYMENT_MODE=SelfHosted
SERIALMEMORY_ENABLE_QUOTAS=false
SERIALMEMORY_DISABLE_POWER_MODE=false
# -----------------------------------------------------------------------------
# Port Configuration (Optional - defaults shown)
# -----------------------------------------------------------------------------
API_PORT=5000
DASHBOARD_API_PORT=5001
WEB_ADMIN_PORT=5002
# -----------------------------------------------------------------------------
# Memory Retention Intervals (days per layer before archival eligibility)
# -----------------------------------------------------------------------------
# Memories below confidence threshold with low access are archived after
# exceeding their layer's retention period. L4_HEURISTIC is never archived.
RETENTION_L0_RAW_DAYS=30
RETENTION_L1_CONTEXT_DAYS=90
RETENTION_L2_SUMMARY_DAYS=180
RETENTION_L3_KNOWLEDGE_DAYS=365
# -----------------------------------------------------------------------------
# Feature Flags (Production Defaults)
# -----------------------------------------------------------------------------
FEATURE_EMBEDDING_CACHE=true
FEATURE_DETERMINISTIC_INFERENCE=true
FEATURE_MEMORY_COMPILATION=true
FEATURE_CONTEXT_OPTIMIZATION=true
FEATURE_LOCAL_ENCRYPTION=true
FEATURE_DUAL_PASS_REASONING=true
FEATURE_GRAPH_RECRAWL=true
FEATURE_TIME_TRAVEL=true
FEATURE_OBSERVE_ONLY_MODE=false
FEATURE_MIN_TIER=free