.env.example

# Application Configuration
NEXT_PUBLIC_APP_URL=http://localhost:3001

# Local SQLite (alignment + survey). Default path: ./data/opengrimoire.sqlite (gitignored).
# OPENGRIMOIRE_DB_PATH=

# Operator login for /admin (POST /api/auth/login). Prefer bcrypt hash in production.
# OPENGRIMOIRE_ADMIN_PASSWORD=change-me
# OPENGRIMOIRE_ADMIN_PASSWORD_HASH=$2a$10$...   # bcrypt hash of operator password

# Signed session cookie for admin (required in production).
# OPENGRIMOIRE_SESSION_SECRET=change-me-long-random

# Alignment CLI / scripts: base URL for OpenGrimoire (port 3001 in local dev).
# OPENGRIMOIRE_BASE_URL=http://localhost:3001

# Optional
NODE_ENV=development

# Set to 1 in local dev only for verbose visualization hook logs (never with real survey PII in shared builds).
# NEXT_PUBLIC_DEBUG_VISUALIZATION=1

# Brain map: when BRAIN_MAP_SECRET is set, allow x-brain-map-key matching it OR opengrimoire_session cookie (UI uses credentials: include).
# NEXT_PUBLIC_BRAIN_MAP_SECRET is optional legacy obfuscation (exposed in bundle) — see docs/security/NEXT_PUBLIC_AND_SECRETS.md
# BRAIN_MAP_SECRET=
# NEXT_PUBLIC_BRAIN_MAP_SECRET=

# Callers send header x-alignment-context-key matching this value when set.
# Same secret currently gates /api/alignment-context AND /api/clarification-requests unless CLARIFICATION_QUEUE_API_SECRET is set (see docs/AGENT_INTEGRATION.md).
# ALIGNMENT_CONTEXT_API_SECRET=
# Recommended in production for harnesses that only use clarification: dedicated secret (blast-radius vs alignment key).
# Optional: dedicated secret for clarification queue only (header x-clarification-queue-key). When unset, clarification uses ALIGNMENT_CONTEXT_API_SECRET + x-alignment-context-key.
# CLARIFICATION_QUEUE_API_SECRET=
# Optional escape hatch: allow alignment API key to satisfy production survey read gate (PII). Default off — prefer SURVEY_VISUALIZATION_API_SECRET + x-survey-visualization-key for survey reads.
# ALIGNMENT_CONTEXT_KEY_ALLOWS_SURVEY_READ=true
# Development without a secret: set to true (localhost only). Never on public hosts.
# ALIGNMENT_CONTEXT_ALLOW_INSECURE_LOCAL=true

# Survey visualization + approved-quotes GET (production). When unset/false, require admin session, x-survey-visualization-key (when secret set), optional alignment key only if ALIGNMENT_CONTEXT_KEY_ALLOWS_SURVEY_READ=true, or allow-public below.
# SURVEY_VISUALIZATION_ALLOW_PUBLIC=true
# Optional dedicated secret for GET /api/survey/visualization and GET /api/survey/approved-qualities (header x-survey-visualization-key).
# SURVEY_VISUALIZATION_API_SECRET=

# Optional: require short-lived JWT on POST /api/survey (GET /api/survey/bootstrap-token for same-origin clients).
# SURVEY_POST_REQUIRE_TOKEN=true
# SURVEY_POST_BOOTSTRAP_SECRET=long-random-secret
# Optional: Cloudflare Turnstile — server verify on POST when SURVEY_POST_CAPTCHA_REQUIRED=true or production + TURNSTILE_SECRET_KEY set.
# TURNSTILE_SECRET_KEY=
# NEXT_PUBLIC_TURNSTILE_SITE_KEY=

# Optional: POST JSON to this URL when a clarification request is answered or superseded (fire-and-forget).
# CLARIFICATION_WEBHOOK_URL=https://your-harness.example/hooks/opengrimoire-clarification
# Optional HMAC-SHA256 of raw JSON body, sent as X-OpenGrimoire-Signature: sha256=<hex>
# CLARIFICATION_WEBHOOK_SECRET=

# Optional: Redis for caching
# REDIS_URL=redis://localhost:6379

# Optional: Monitoring
# GRAFANA_URL=http://localhost:3000
# PROMETHEUS_URL=http://localhost:9090

# Operator observability: POST /api/operator-probes/ingest from CI/scripts without operator cookie.
# Send header x-operator-probe-ingest-key matching this value. Do not reuse ALIGNMENT_CONTEXT_API_SECRET.
# OPERATOR_PROBE_INGEST_SECRET=
# Optional retention in days for new rows (default 30).
# OPERATOR_PROBE_RETENTION_DAYS=30

# Dev/demo routes: /test, /test-chord, /test-context, /test-sqlite (middleware). Legacy /test-supabase redirects to /test-sqlite.
# In production builds they return 404 unless set — use only on trusted staging hosts.
# OPENGRIMOIRE_ALLOW_TEST_ROUTES=1