From a8fe7d6d29bef10f74e9a201c64224afc9e39d0b Mon Sep 17 00:00:00 2001 From: Aljaz Ceru Date: Mon, 22 Sep 2025 11:47:09 +0200 Subject: [PATCH] Backup before security middleware removal MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude --- .env | 152 +++++++++++++++++++++++++++++++++++++++++++++++++++ backend/.env | 0 2 files changed, 152 insertions(+) create mode 100644 .env create mode 100644 backend/.env diff --git a/.env b/.env new file mode 100644 index 0000000..9e074ae --- /dev/null +++ b/.env @@ -0,0 +1,152 @@ +# =================================== +# ENCLAVA MINIMAL CONFIGURATION +# =================================== +# Only essential environment variables that CANNOT have defaults +# Other settings should be configurable through the app UI + +# =================================== +# INFRASTRUCTURE (Required) +# =================================== +DATABASE_URL=postgresql://enclava_user:enclava_pass@enclava-postgres:5432/enclava_db +REDIS_URL=redis://enclava-redis:6379 + +# =================================== +# SECURITY CRITICAL (Required) +# =================================== +JWT_SECRET=your-super-secret-jwt-key-here-change-in-production +PRIVATEMODE_API_KEY=dfaea90e-df15-48d4-94ff-5ee243b846bb + +# Admin user (created on first startup only) +ADMIN_EMAIL=admin@example.com +ADMIN_PASSWORD=admin123 +API_RATE_LIMITING_ENABLED=false +# =================================== +# ADDITIONAL SECURITY SETTINGS (Optional but recommended) +# =================================== +# JWT Algorithm (default: HS256) +# JWT_ALGORITHM=HS256 + +# Token expiration times (in minutes) +# ACCESS_TOKEN_EXPIRE_MINUTES=30 +# REFRESH_TOKEN_EXPIRE_MINUTES=10080 +# SESSION_EXPIRE_MINUTES=1440 + +# API Key prefix (default: en_) +# API_KEY_PREFIX=en_ + +# Security thresholds (0.0-1.0) +# API_SECURITY_RISK_THRESHOLD=0.8 +# API_SECURITY_WARNING_THRESHOLD=0.6 +# API_SECURITY_ANOMALY_THRESHOLD=0.7 + +# IP security (comma-separated for multiple IPs) +# API_BLOCKED_IPS= +# API_ALLOWED_IPS= + +# =================================== +# APPLICATION BASE URL (Required - derives all URLs and CORS) +# =================================== +BASE_URL=localhost +# Frontend derives: APP_URL=http://localhost, API_URL=http://localhost, WS_URL=ws://localhost +# Backend derives: CORS_ORIGINS=["http://localhost"] + +# =================================== +# DOCKER NETWORKING (Required for containers) +# =================================== +BACKEND_INTERNAL_PORT=8000 +FRONTEND_INTERNAL_PORT=3000 +# Hosts are fixed: enclava-backend, enclava-frontend +# Upstreams derive: enclava-backend:8000, enclava-frontend:3000 + +# =================================== +# QDRANT (Required for RAG) +# =================================== +QDRANT_HOST=enclava-qdrant +QDRANT_PORT=6333 +QDRANT_URL=http://enclava-qdrant:6333 + +# =================================== +# OPTIONAL PRIVATEMODE SETTINGS (Have defaults) +# =================================== +# PRIVATEMODE_CACHE_MODE=none # Optional: defaults to 'none' +# PRIVATEMODE_CACHE_SALT= # Optional: defaults to empty + +# =================================== +# OPTIONAL CONFIGURATION (All have sensible defaults) +# =================================== + +# Application Settings +# APP_NAME=Enclava +# APP_DEBUG=false +# APP_LOG_LEVEL=INFO +# APP_HOST=0.0.0.0 +# APP_PORT=8000 + +# Security Features +API_SECURITY_ENABLED=false +# API_THREAT_DETECTION_ENABLED=true +# API_IP_REPUTATION_ENABLED=true +# API_ANOMALY_DETECTION_ENABLED=true +API_RATE_LIMITING_ENABLED=false +# API_SECURITY_HEADERS_ENABLED=true + +# Content Security Policy +# API_CSP_HEADER=default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' + +# Rate Limiting (requests per minute/hour) +# API_RATE_LIMIT_AUTHENTICATED_PER_MINUTE=300 +# API_RATE_LIMIT_AUTHENTICATED_PER_HOUR=5000 +# API_RATE_LIMIT_API_KEY_PER_MINUTE=1000 +# API_RATE_LIMIT_API_KEY_PER_HOUR=20000 +# API_RATE_LIMIT_PREMIUM_PER_MINUTE=5000 +# API_RATE_LIMIT_PREMIUM_PER_HOUR=100000 + +# Request Size Limits (in bytes) +# API_MAX_REQUEST_BODY_SIZE=10485760 # 10MB +# API_MAX_REQUEST_BODY_SIZE_PREMIUM=52428800 # 50MB +# MAX_UPLOAD_SIZE=10485760 # 10MB + +# Monitoring +# PROMETHEUS_ENABLED=true +# PROMETHEUS_PORT=9090 + +# Logging +# LOG_FORMAT=json +# LOG_LEVEL=INFO +# LOG_LLM_PROMPTS=false + +# Module Configuration +# MODULES_CONFIG_PATH=config/modules.yaml + +# Plugin Configuration +# PLUGINS_DIR=/plugins +# PLUGINS_CONFIG_PATH=config/plugins.yaml +# PLUGIN_REPOSITORY_URL=https://plugins.enclava.com +# PLUGIN_ENCRYPTION_KEY= + +# =================================== +# RAG EMBEDDING ENHANCED SETTINGS +# =================================== +# Enhanced embedding service configuration +RAG_EMBEDDING_MAX_REQUESTS_PER_MINUTE=60 +RAG_EMBEDDING_BATCH_SIZE=5 +RAG_EMBEDDING_RETRY_COUNT=3 +RAG_EMBEDDING_RETRY_DELAYS=1,2,4,8,16 +RAG_EMBEDDING_DELAY_BETWEEN_BATCHES=0.5 + +# Fallback embedding behavior +RAG_ALLOW_FALLBACK_EMBEDDINGS=true +RAG_WARN_ON_FALLBACK=true + +# Processing timeouts (in seconds) +RAG_DOCUMENT_PROCESSING_TIMEOUT=300 +RAG_EMBEDDING_GENERATION_TIMEOUT=120 +RAG_INDEXING_TIMEOUT=120 + +# =================================== +# SUMMARY +# =================================== +# Required: DATABASE_URL, REDIS_URL, JWT_SECRET, ADMIN_EMAIL, ADMIN_PASSWORD, BASE_URL +# Recommended: PRIVATEMODE_API_KEY, QDRANT_HOST, QDRANT_PORT +# Optional: All other settings have secure defaults +# =================================== diff --git a/backend/.env b/backend/.env new file mode 100644 index 0000000..e69de29