CMMC/.env.example at main · AGI-Corporation/CMMC · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
# CMMC Hackathon Platform - Environment Variables
# Copy this file to .env and fill in your values

# =====================
# Application
# =====================
APP_NAME="CMMC Compliance Platform"
APP_VERSION="1.0.0"
DEBUG=true
ENVIRONMENT=development

# =====================
# Server
# =====================
HOST=0.0.0.0
PORT=8000

# =====================
# Database
# =====================
# SQLite (development)
DATABASE_URL=sqlite:///./cmmc.db

# PostgreSQL (production)
# DATABASE_URL=postgresql://user:password@localhost:5432/cmmc_db

# =====================
# Security
# =====================
SECRET_KEY=your-secret-key-change-this-in-production
ALGORITHM=HS256
ACCESS_TOKEN_EXPIRE_MINUTES=30

# =====================
# AI / LLM
# =====================
OPENAI_API_KEY=your-openai-api-key
ANTHROPIC_API_KEY=your-anthropic-api-key

# Ollama (local AI - optional)
OLLAMA_BASE_URL=http://localhost:11434
OLLAMA_MODEL=llama3.2

# Default AI provider: openai | anthropic | ollama
AI_PROVIDER=openai
AI_MODEL=gpt-4o

# =====================
# GitHub MCP
# =====================
GITHUB_TOKEN=your-github-personal-access-token
GITHUB_MCP_URL=https://api.githubcopilot.com/mcp/

# =====================
# ComplianceCow MCP
# =====================
COMPLIANCECOW_API_KEY=your-compliancecow-api-key
COMPLIANCECOW_BASE_URL=https://api.compliancecow.com

# =====================
# OSCAL Schema
# =====================
OSCAL_CATALOG_PATH=./schema/cmmc_oscal_catalog.json
NIST_800_171_JSON_URL=https://csrc.nist.gov/extensions/nudp/services/json/nudp/framework/version/sp_800_171_3_0_0/export/json

# =====================
# CORS
# =====================
CORS_ORIGINS=["http://localhost:3000","http://localhost:5173"]

# =====================
# File Storage
# =====================
UPLOAD_DIR=./uploads
MAX_FILE_SIZE_MB=50

# =====================
# Reporting
# =====================
SSP_OUTPUT_DIR=./reports/ssp
POAM_OUTPUT_DIR=./reports/poam

# =====================
# DoD / SPRS
# =====================
# SPRS = Supplier Performance Risk System score
# Max score: 110, each unimplemented control deducts points
SPRS_ORGANIZATION_NAME=AGI Corporation
SPRS_SYSTEM_NAME=CMMC Compliance Platform