# neuronetz-gateway — environment configuration (SPEC §7).
#
# Copy to `.env` and adjust. `.env` is gitignored and MUST NOT be committed.
# All values here are SAFE EXAMPLES — change every secret before any real deploy.

# ──────────────────────────── Service ────────────────────────────
GATEWAY_BIND_HOST=0.0.0.0
GATEWAY_BIND_PORT=8080
GATEWAY_LOG_LEVEL=INFO
GATEWAY_LOG_FORMAT=json                  # json|console
GATEWAY_REQUEST_ID_HEADER=X-Request-ID
GATEWAY_TRUSTED_PROXIES=127.0.0.1,caddy  # for X-Forwarded-For

# ──────────────────────────── Upstream ───────────────────────────
OLLAMA_BASE_URL=http://ollama:11434
OLLAMA_CONNECT_TIMEOUT_S=5
OLLAMA_READ_TIMEOUT_S=600
OLLAMA_MAX_CONNECTIONS=64

# ──────────────────────── Model discovery (§4.6) ─────────────────
MODEL_DISCOVERY_REFRESH_S=60
MODEL_DISCOVERY_CACHE_TTL_S=120

# ──────────────────────────── Database ───────────────────────────
# Compose builds DATABASE_URL from the POSTGRES_* parts below, but the gateway
# also accepts a full DATABASE_URL directly.
DATABASE_URL=postgresql+asyncpg://gateway:changeme@postgres:5432/neuronetz
DATABASE_POOL_SIZE=10
DATABASE_POOL_OVERFLOW=20

# Postgres container credentials (consumed by docker-compose).
POSTGRES_USER=gateway
POSTGRES_PASSWORD=changeme
POSTGRES_DB=neuronetz

# ──────────────────────────── Redis ──────────────────────────────
REDIS_URL=redis://redis:6379/0
REDIS_KEY_CACHE_TTL_S=60

# ────────────────── Limits (defaults; DB overrides) ──────────────
DEFAULT_RPM=60
DEFAULT_TPM=100000
DEFAULT_CONCURRENT=8
MAX_REQUEST_BODY_BYTES=262144
MAX_NUM_PREDICT=4096

# ──────────────────────────── Security ───────────────────────────
ARGON2_TIME_COST=3
ARGON2_MEMORY_COST_KIB=65536
ARGON2_PARALLELISM=4
AUTH_FAILURE_RATE_LIMIT_PER_IP_PER_MIN=20

# ──────────────────────────── Audit ──────────────────────────────
AUDIT_BUFFER_SIZE=1000
PROMPT_LOG_DEFAULT_RETENTION_DAYS=30
AUDIT_LOG_DEFAULT_RETENTION_DAYS=365

# ──────────────── Playground / API docs (prod-safe: OFF) ─────────
# Serve the playground HTML (owned by the docs agent) at /playground.
PLAYGROUND_ENABLED=false
PLAYGROUND_FILE=/app/playground/index.html
# Enable FastAPI's /docs + /openapi.json (default off in production).
DOCS_ENABLED=false