-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
180 lines (140 loc) · 12.2 KB
/
.env.example
File metadata and controls
180 lines (140 loc) · 12.2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
# ─── Database ────────────────────────────────────────────────────────────────
# PostgreSQL (production / Docker)
DATABASE_URL=postgresql://maschina:secret@localhost:5432/maschina
# SQLite (local dev — comment out PostgreSQL above and use this instead)
# DATABASE_URL=file:./local.db
# ─── Redis ───────────────────────────────────────────────────────────────────
REDIS_URL=redis://localhost:6379
# ─── Auth ────────────────────────────────────────────────────────────────────
JWT_SECRET=change-me-to-a-long-random-string
JWT_EXPIRES_IN=7d
# Separate secret for HMAC email indexes — use a different value from JWT_SECRET in production
HMAC_SECRET=change-me-to-a-different-random-string
# ─── API Keys ────────────────────────────────────────────────────────────────
API_KEY_SALT=change-me-to-a-long-random-string
# ─── Anthropic ───────────────────────────────────────────────────────────────
ANTHROPIC_API_KEY=sk-ant-...
# ─── Voyage AI (embeddings — Anthropic's recommended partner) ─────────────────
VOYAGE_API_KEY=pa-...
# ─── Brave Search (web_search skill) ─────────────────────────────────────────
BRAVE_SEARCH_API_KEY=BSA...
# ─── OpenAI (model routing + embedding fallback) ──────────────────────────────
OPENAI_API_KEY=sk-...
# ─── Qdrant (vector DB — agent memory, document RAG) ─────────────────────────
QDRANT_URL=http://localhost:6333
QDRANT_API_KEY= # leave empty for local dev
# ─── Stripe (billing) ────────────────────────────────────────────────────────
STRIPE_SECRET_KEY=sk_test_...
STRIPE_WEBHOOK_SECRET=whsec_...
STRIPE_PUBLISHABLE_KEY=pk_test_...
# ─── Solana / Chain ──────────────────────────────────────────────────────────
SOLANA_CLUSTER=devnet # devnet | mainnet-beta
SOLANA_WALLET_PATH=~/.config/solana/id.json # Path to authority keypair
# Helius — Solana RPC + webhooks (https://helius.dev)
HELIUS_API_KEY= # Required for prod; falls back to public RPC
HELIUS_WEBHOOK_ID= # Set after running scripts/setup-devnet.ts
HELIUS_WEBHOOK_SECRET= # Random secret for webhook auth header
# Settlement program (update after anchor deploy --provider.cluster devnet)
SETTLEMENT_PROGRAM_ID=DysEiPCWKkcMUemm1YHftCQv2UVH3JvDJsdAGbyBW4Md
# Settlement wallets — generate with: solana-keygen new -o wallets/<name>.json --no-bip39-passphrase
# Keypair files live in wallets/ (gitignored). Only pubkeys go here.
SETTLEMENT_AUTHORITY_KEYPAIR=wallets/authority.json # Signs settle_earnings, initialize_config
SETTLEMENT_TREASURY_PUBKEY= # Receives 15% of all earnings
SETTLEMENT_DEVELOPER_PUBKEY= # Receives 10% marketplace fee
SETTLEMENT_VALIDATORS_PUBKEY= # Receives 5% validators pool
# MACH token (set after running scripts/setup-mach-token.ts)
MACH_MINT_ADDRESS=
# Realms DAO (set after running scripts/setup-realms.ts)
REALM_ADDRESS= # Maschina DAO realm address
# USDC mint addresses
USDC_MINT_DEVNET=4zMMC9srt5Ri5X14GAgXhaHii3GnPAEERYPJgZJDncDU
USDC_MINT_MAINNET=EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v
# Maschina treasury USDC token account (set after creating treasury wallet)
TREASURY_USDC_ADDRESS=
# Validators pool USDC token account
VALIDATORS_USDC_ADDRESS=
# ─── Services ────────────────────────────────────────────────────────────────
GATEWAY_PORT=3001
DAEMON_PORT=3002
REALTIME_PORT=3003
API_PORT=4000
# ─── Telemetry ───────────────────────────────────────────────────────────────
OTEL_EXPORTER_OTLP_ENDPOINT=http://localhost:4318
LOG_LEVEL=info
# ─── Storage ─────────────────────────────────────────────────────────────────
S3_BUCKET=maschina-dev
S3_REGION=us-east-1
S3_ACCESS_KEY_ID=
S3_SECRET_ACCESS_KEY=
S3_ENDPOINT= # set for local MinIO
CLOUDFRONT_URL= # optional CDN URL e.g. https://cdn.maschina.ai
# ─── Email ───────────────────────────────────────────────────────────────────
RESEND_API_KEY=re_...
EMAIL_FROM=noreply@maschina.ai
# ─── Push notifications ───────────────────────────────────────────────────────
# APNs (iOS) — requires an Apple Developer account + AuthKey_*.p8
APNS_KEY_ID= # 10-char key ID from developer.apple.com
APNS_TEAM_ID= # 10-char team ID from developer.apple.com
APNS_BUNDLE_ID= # e.g. ai.maschina.app
APNS_PRIVATE_KEY= # contents of AuthKey_*.p8 (newlines as \n)
# FCM (Android + web via Firebase) — service account JSON
FCM_PROJECT_ID= # Firebase project ID
FCM_SERVICE_ACCOUNT= # full service account JSON (one line, JSON-encoded)
# Web Push / VAPID (Linux, Mac, Windows, browser)
# Generate once: node -e "const wp=require('web-push'); console.log(wp.generateVAPIDKeys())"
VAPID_PUBLIC_KEY=
VAPID_PRIVATE_KEY=
VAPID_SUBJECT=mailto:team@maschina.ai
# ─── Sandboxing ──────────────────────────────────────────────────────────────
SANDBOX_ENABLED=true
SANDBOX_MEMORY_LIMIT_MB=128
SANDBOX_CPU_LIMIT_SECS=10
# ─── Proof of Compute ────────────────────────────────────────────────────────
PROOF_SECRET= # HMAC-SHA256 key for signing execution receipts — generate with: openssl rand -hex 32
# ─── NATS ────────────────────────────────────────────────────────────────────
NATS_URL=nats://localhost:4222
# NATS_URL=tls://localhost:4222 # enable after running scripts/gen-nats-certs.sh
# NATS_CA_CERT=/path/to/docker/nats/certs/ca.pem
# ─── Encryption ──────────────────────────────────────────────────────────────
DATA_ENCRYPTION_KEY= # AES-256-GCM key — generate with: openssl rand -hex 32
ACTIVE_KEY_VERSION=1 # increment when rotating keys
# ─── Webhooks ────────────────────────────────────────────────────────────────
WEBHOOK_SECRET= # HMAC signing key for outbound webhooks — generate with: openssl rand -hex 32
# ─── Internal service-to-service auth ────────────────────────────────────────
INTERNAL_SECRET= # Shared secret for daemon→API internal calls — generate with: openssl rand -hex 32
API_URL=http://localhost:3000
REALTIME_URL=http://localhost:4000
RUNTIME_URL=http://localhost:8001 # Python runtime service URL
# ─── Service base URLs ────────────────────────────────────────────────────────
API_BASE_URL=http://localhost:3000 # Self-referencing base URL for the API
APP_BASE_URL=http://localhost:5173 # Frontend URL (used in emails, OAuth redirects)
APP_URL=http://localhost:5173 # Alias for APP_BASE_URL
# ─── Third-party webhook secrets ─────────────────────────────────────────────
GITHUB_WEBHOOK_SECRET= # GitHub webhook verification — generate with: openssl rand -hex 32
LINEAR_WEBHOOK_SECRET= # Linear webhook verification — generate with: openssl rand -hex 32
SLACK_SIGNING_SECRET= # Slack Events API signing secret
# ─── Daemon tuning ────────────────────────────────────────────────────────────
WATCHDOG_TIMEOUT_SECS=600 # Seconds before the daemon watchdog marks a stuck run as failed (default: 600)
# ─── Daemon tuning ────────────────────────────────────────────────────────────
MAX_CONCURRENT_AGENTS=8 # max agent runs executing in parallel on this daemon
POLL_INTERVAL_MS=500 # how often to poll NATS for queued jobs
AGENT_TIMEOUT_SECS=300 # hard kill timeout per agent run (5 min default)
WATCHDOG_TIMEOUT_SECS=600 # force-fail runs stuck in "running" longer than this (10 min default)
RUNTIME_URL=http://localhost:8001
# ─── Observability ───────────────────────────────────────────────────────────
OTEL_ENABLED=false
OTEL_EXPORTER_OTLP_ENDPOINT=http://localhost:4318
# ─── Grafana ─────────────────────────────────────────────────────────────────
GF_SECURITY_ADMIN_PASSWORD= # admin UI password — generate: openssl rand -hex 16
GF_ROOT_URL=http://localhost:3030 # set to your public URL if tunnelled
# ─── Discord Webhooks ────────────────────────────────────────────────────────
DISCORD_HEALTH_WEBHOOK= # Grafana alerts + backup notifications
DISCORD_CI_WEBHOOK= # GitHub CI pass/fail notifications (set in GitHub secrets)
# ─── Feature Flags ───────────────────────────────────────────────────────────
NODE_ENV=development
# ─── App ─────────────────────────────────────────────────────────────────────
APP_URL=http://localhost:3000 # public-facing URL for magic link emails etc.
CORS_ORIGINS=http://localhost:5173 # comma-separated allowed origins
PORT=3000 # API listen port (alias for API_PORT in some services)
DAEMON_HEALTH_PORT=3002 # daemon health-check HTTP port
RUST_LOG=info # Rust log level: error | warn | info | debug | trace