-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy path.env.example
More file actions
741 lines (594 loc) · 31.1 KB
/
.env.example
File metadata and controls
741 lines (594 loc) · 31.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
# ============================================================================
# ELIZA CLOUD V2 - ENVIRONMENT CONFIGURATION
# ============================================================================
# Copy this file to .env.local and fill in your values.
# This file must only contain placeholders and safe defaults.
# Never store live credentials in tracked env example files.
# Required variables are marked with [REQUIRED]
# Optional variables have sensible defaults
# ============================================================================
# ============================================================================
# DATABASE [REQUIRED]
# ============================================================================
# PostgreSQL connection string for platform + ElizaOS tables
# Recommended: Neon Serverless (https://neon.tech) or Supabase
DATABASE_URL=postgresql://user:password@host:5432/eliza_platform?sslmode=require
# ============================================================================
# MULTI-REGION DATABASE (optional - for production deployments)
# ============================================================================
# Architecture: NA Primary (read/write) + EU Read Replica (logical replication)
#
# ┌──────────────────┐ ┌──────────────────┐
# │ NA PRIMARY │ │ EU REPLICA │
# │ (Read/Write) │ ══════════════════►│ (Read-Only) │
# │ DATABASE_URL │ Logical Replication │ DATABASE_URL_EU_READ
# └──────────────────┘ (Pub/Sub) └──────────────────┘
#
# All WRITES always go to DATABASE_URL (NA primary)
# READS are routed based on detected region:
# - EU requests → DATABASE_URL_EU_READ (if set) → DATABASE_URL
# - NA/APAC requests → DATABASE_URL
#
# Setup:
# 1. DATABASE_URL: Your primary database in NA (required) - handles all writes and NA reads
# 2. DATABASE_URL_EU_READ: EU read replica via logical replication (optional, for EU reads)
#
# Note: Do NOT set DATABASE_URL_EU (write) - EU is read-only via pub/sub replication
# EU Region read replica (optional - for low-latency reads in Europe)
# Uses PostgreSQL logical replication (pub/sub) from NA primary
# DATABASE_URL_EU_READ=postgresql://user:password@eu-read-replica:5432/eliza_platform?sslmode=require
# Force specific region for reads (optional - auto-detected from VERCEL_REGION)
# DATABASE_REGION=na # or "eu" or "apac"
# ============================================================================
# AUTHENTICATION - PRIVY [REQUIRED]
# ============================================================================
# Get these from https://dashboard.privy.io
# IMPORTANT: For production, configure in Privy Dashboard:
# 1. Set allowed domains (remove dev/test domains)
# 2. Enable HttpOnly cookies for enhanced security
# 3. Configure MFA and authentication settings
# See docs/PRIVY_PRODUCTION_SECURITY.md for complete security checklist
# Your Privy Application ID (starts with 'cm...')
NEXT_PUBLIC_PRIVY_APP_ID=your_privy_app_id_here
# Your Privy Client ID (starts with 'client-...')
NEXT_PUBLIC_PRIVY_CLIENT_ID=your_privy_client_id_here
# Privy App Secret (server-side only, never expose to client)
PRIVY_APP_SECRET=your_privy_app_secret_here
# Webhook secret for Privy user sync (min 32 chars)
# Generate with: openssl rand -base64 32
PRIVY_WEBHOOK_SECRET=replace_with_strong_random_secret
# ============================================================================
# AI SERVICES [REQUIRED - at least one]
# Anthropic API Key (for Claude - used by AI App Builder)
# Get from: https://console.anthropic.com/settings/keys
ANTHROPIC_API_KEY=sk-ant-your_anthropic_key_here
# ============================================================================
# OpenAI API Key (for direct OpenAI access and ElizaOS)
# Get from: https://platform.openai.com/api-keys
OPENAI_API_KEY=sk-your_openai_key_here
# Vercel AI Gateway API Key (for multi-provider routing)
# Get from: https://vercel.com/docs/ai-gateway
# Provides automatic provider fallback, load balancing, and caching
AI_GATEWAY_API_KEY=your_ai_gateway_key_here
# Groq API Key (optional, enables Groq-native models like groq/compound)
# Get from: https://console.groq.com/keys
GROQ_API_KEY=your_groq_api_key_here
# Fal.ai API Key (for video generation)
# Get from: https://fal.ai/dashboard/keys
# Format: "key_id:key_secret"
FAL_KEY=your_fal_key_here
# ============================================================================
# VOICE SERVICES
# ============================================================================
# ElevenLabs API Key (for text-to-speech and voice cloning)
# Get from: https://elevenlabs.io/app/settings/api-keys
ELEVENLABS_API_KEY=sk_your_elevenlabs_key_here
# Optional: Custom ElevenLabs settings
# ELEVENLABS_VOICE_ID=EXAVITQu4vr4xnSDxMaL
# ELEVENLABS_MODEL_ID=eleven_flash_v2_5
# ELEVENLABS_VOICE_STABILITY=0.5
# ELEVENLABS_VOICE_SIMILARITY_BOOST=0.75
# ELEVENLABS_VOICE_STYLE=0
# ELEVENLABS_VOICE_USE_SPEAKER_BOOST=true
# ELEVENLABS_OUTPUT_FORMAT=mp3_44100_128
# ============================================================================
# STORAGE - VERCEL BLOB
# ============================================================================
# Vercel Blob storage token (for images, videos, generated media)
# Get from: Vercel Dashboard > Storage > Create Blob Store
# Required for Gallery feature
BLOB_READ_WRITE_TOKEN=vercel_blob_rw_your_token_here
# ============================================================================
# STRIPE BILLING
# ============================================================================
# Stripe Publishable Key (client-side, for checkout)
NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY=pk_test_your_publishable_key
# Stripe Secret Key (server-side only)
# Get from: https://dashboard.stripe.com/apikeys
STRIPE_SECRET_KEY=sk_test_your_secret_key_here
# Stripe Webhook Secret (for webhook verification)
# Get from: Stripe Dashboard > Developers > Webhooks
STRIPE_WEBHOOK_SECRET=whsec_your_webhook_secret_here
# Credit Pack Product/Price IDs (created by running: bun run seed:credit-packs)
STRIPE_SMALL_PACK_PRICE_ID=price_xxx
STRIPE_SMALL_PACK_PRODUCT_ID=prod_xxx
STRIPE_MEDIUM_PACK_PRICE_ID=price_xxx
STRIPE_MEDIUM_PACK_PRODUCT_ID=prod_xxx
STRIPE_LARGE_PACK_PRICE_ID=price_xxx
STRIPE_LARGE_PACK_PRODUCT_ID=prod_xxx
# ============================================================================
# REDIS CACHE (For caching, rate limiting, SSE events)
# ============================================================================
# Local development default: docker-compose redis on localhost:6379
# Start it with: docker compose up -d redis
REDIS_URL=redis://localhost:6379
KV_URL=redis://localhost:6379
# Upstash REST API (optional - leave blank for local development)
# KV_REST_API_URL=https://your-redis.upstash.io
# KV_REST_API_TOKEN=your_upstash_token_here
# KV_REST_API_READ_ONLY_TOKEN=your_readonly_token_here
KV_REST_API_URL=
KV_REST_API_TOKEN=
KV_REST_API_READ_ONLY_TOKEN=
# ============================================================================
# AWS CREDENTIALS (For container deployments)
# ============================================================================
AWS_REGION=us-east-1
AWS_ACCESS_KEY_ID=your_aws_access_key_id_here
AWS_SECRET_ACCESS_KEY=your_aws_secret_access_key_here
# AWS ACM Certificate (Required for HTTPS on containers)
# Request with: aws acm request-certificate --domain-name '*.containers.elizacloud.ai' --validation-method DNS --region us-east-1
ACM_CERTIFICATE_ARN=arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012
# ============================================================================
# AWS NETWORKING (For container deployments)
# ============================================================================
# VPC and subnets for ECS tasks
AWS_VPC_ID=vpc-0123456789abcdef0
AWS_SUBNET_IDS=subnet-abc123,subnet-def456
AWS_SECURITY_GROUP_IDS=sg-abc123,sg-def456
# ============================================================================
# AWS ECS (For container deployments)
# ============================================================================
ECS_CLUSTER_NAME=elizaos-production
ECS_EXECUTION_ROLE_ARN=arn:aws:iam::123456789012:role/ecsTaskExecutionRole
ECS_TASK_ROLE_ARN=arn:aws:iam::123456789012:role/ecsTaskRole
ECS_SHARED_ALB_ARN=arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/app/elizaos-shared-alb/abc123
ECS_SHARED_LISTENER_ARN=arn:aws:elasticloadbalancing:us-east-1:123456789012:listener/app/elizaos-shared-alb/abc123/def456
# ============================================================================
# AWS EC2
# ============================================================================
# Optional: EC2 key name for SSH access to ECS instances
EC2_KEY_NAME=your-ec2-key-name
# Environment identifier (affects stack naming)
ENVIRONMENT=production
# ============================================================================
# APPLICATION SETTINGS
# ============================================================================
# Application URLs (for redirects, webhooks, etc.)
NEXT_PUBLIC_APP_URL=http://localhost:3000
NEXT_PUBLIC_API_URL=http://localhost:3000
# ============================================
# Sandbox API Communication (for App Builder)
# ============================================
#
# LOCAL DEVELOPMENT (no ngrok required!):
# The sandbox uses a postMessage proxy bridge by default.
# How it works:
# 1. Sandbox app embeds an invisible iframe pointing to your localhost:/sandbox-proxy
# 2. SDK sends API requests via postMessage to this iframe
# 3. The iframe (running on localhost) makes the actual API calls
# 4. Responses are sent back via postMessage
#
# You don't need to set anything - it works automatically!
# The proxy URL is auto-configured to NEXT_PUBLIC_APP_URL (http://localhost:3000)
#
# OPTIONAL OVERRIDES:
# ELIZA_API_URL=https://your-ngrok-url.ngrok.io # Use ngrok instead of proxy bridge
# NEXT_PUBLIC_ELIZA_API_URL=https://elizacloud.ai # Direct API URL for production
# NEXT_PUBLIC_ELIZA_PROXY_URL=http://localhost:3000 # Custom proxy URL
# ============================================
# GitHub Repository Configuration (for App Builder)
# ============================================
# Each app is stored as a private GitHub repo for version control
#
# GitHub Organization where app repos are created
GITHUB_ORG_NAME=eliza-cloud-apps
# Template repo to clone for new apps (org/repo format)
GITHUB_TEMPLATE_REPO=eliza-cloud-apps/cloud-apps-template
# GitHub Personal Access Token or App Installation Token
# Required permissions: repo (full control), org:read
# GIT_ACCESS_TOKEN=github_pat_replace_me
# Or use a GitHub App token:
# GITHUB_APP_TOKEN=github_app_token_replace_me
# Auto-set in local dev
# Git Commit Author (for Vercel deployment attribution)
# IMPORTANT: For Vercel to properly attribute commits, use an email that matches
# your GitHub account. Without this, you'll see "No GitHub account was found
# matching the commit author email address" warning in Vercel.
GIT_COMMIT_AUTHOR_NAME=Your Name
GIT_COMMIT_AUTHOR_EMAIL=your-github-email@example.com
# CRON Secret (for scheduled job authentication)
# Generate with: openssl rand -hex 32
CRON_SECRET=random_secret_minimum_32_characters_here_generate_strong_secret
# CLI Integration (for elizaos CLI)
# Override default cloud URL for local development
ELIZA_CLOUD_URL=http://localhost:3000
# Optional canonical base domain for Milady/Open Web UI links like https://<agent-id>.<domain>
# Defaults to waifu.fun when unset.
ELIZA_CLOUD_AGENT_BASE_DOMAIN=agents.example.com
# ============================================================================
# COINBASE DEVELOPER PLATFORM (CDP)
# ============================================================================
# For x402 payment processing and crypto operations
# Get from: https://portal.cdp.coinbase.com
CDP_API_KEY_ID=your_cdp_api_key_id
CDP_API_KEY_SECRET=your_cdp_api_key_secret
CDP_WALLET_SECRET=your_cdp_wallet_secret
# ============================================================================
# BLOCKCHAIN NETWORK SETTINGS
# ============================================================================
# Default blockchain network for payments
NEXT_PUBLIC_NETWORK=base
# WalletConnect Project ID (for wallet connections in mobile app)
# Get from: https://cloud.walletconnect.com/
NEXT_PUBLIC_WALLETCONNECT_PROJECT_ID=your_walletconnect_project_id
# ============================================================================
# DISCORD NOTIFICATIONS
# ============================================================================
# For sending system notifications to Discord channels
# 1. Create a Discord bot at https://discord.com/developers/applications
# 2. Copy the bot token and set it here
# 3. Invite bot to your server with "Send Messages" permission
# 4. Get channel ID by right-clicking channel (enable Developer Mode first)
DISCORD_BOT_TOKEN=your_bot_token_here
DISCORD_CHANNEL_ID=your_channel_id_here
# ============================================================================
# DISCORD GATEWAY SERVICE (JWT Authentication)
# ============================================================================
# For the multi-tenant Discord gateway that handles bot connections
# The gateway uses JWT-based authentication for secure service-to-service communication
# Bootstrap secret - Gateway exchanges this for a JWT token at startup
# Generate with: openssl rand -hex 32
GATEWAY_BOOTSTRAP_SECRET=replace_with_strong_random_secret_for_gateway_auth
# JWT Signing Keys (ES256 - ECDSA with P-256 curve, PKCS#8 format required)
# These are used by Eliza Cloud to sign and verify JWT tokens
# Generate with:
# openssl ecparam -name prime256v1 -genkey -noout | openssl pkcs8 -topk8 -nocrypt -out private.pem
# openssl ec -in private.pem -pubout -out public.pem
# base64 -w 0 private.pem # For JWT_SIGNING_PRIVATE_KEY
# base64 -w 0 public.pem # For JWT_SIGNING_PUBLIC_KEY
# Note: The private key must be PKCS#8 PEM, not a raw EC private key.
JWT_SIGNING_PRIVATE_KEY=base64_encoded_es256_private_key_here
JWT_SIGNING_PUBLIC_KEY=base64_encoded_es256_public_key_here
# Optional: Key ID for JWKS rotation (defaults to "primary")
# JWT_SIGNING_KEY_ID=primary
# ============================================================================
# EXTERNAL API KEYS
# ============================================================================
# CoinGecko API Key (for cryptocurrency price data and TWAP oracle)
# Get from: https://www.coingecko.com/en/api/pricing
# Free tier works but has rate limits; Pro key recommended for production
COINGECKO_API_KEY=your_coingecko_api_key_here
# Brave Search API Key (for web search in agents)
# Get from: https://brave.com/search/api/
BRAVE_SEARCH_API_KEY=your_brave_search_api_key_here
# Twitter/X API Keys (for Twitter integration)
# Get from: https://developer.twitter.com/en/portal/dashboard
TWITTER_BEARER_TOKEN=your_twitter_bearer_token_here
X_API_KEY=your_x_api_key_here
X_API_KEY_SECRET=your_x_api_key_secret_here
# ============================================================================
# FEATURE FLAGS
# ============================================================================
# Enable/disable SSE for real-time credit updates
NEXT_PUBLIC_CREDITS_SSE_ENABLED=true
# ============================================================================
# DEVELOPMENT DEBUG FLAGS (all default to false)
# ============================================================================
# Performance monitoring tools - only work in development mode
# Set to "true" to enable
# Enable periodic performance summary logging to console
# NEXT_PUBLIC_ENABLE_DEBUG_LOGGING=false
# Enable React Profiler render tracking (tracks component render frequency/duration)
# NEXT_PUBLIC_ENABLE_RENDER_TRACKING=false
# Enable API call tracking (patches fetch() to track duplicates, slow responses, errors)
# NEXT_PUBLIC_ENABLE_API_TRACKING=false
# Enable/disable caching (critical for production performance)
CACHE_ENABLED=true
# Use Redis for rate limiting (recommended for production)
REDIS_RATE_LIMITING=false
# Force Redis for event streaming (vs in-memory)
FORCE_REDIS_EVENTS=false
# Feature toggles (all default to true)
# NEXT_PUBLIC_FEATURE_MCP=true
# NEXT_PUBLIC_FEATURE_CHARACTER_BUILDER=true
# NEXT_PUBLIC_FEATURE_CONTAINERS=true
# NEXT_PUBLIC_FEATURE_GALLERY=true
# NEXT_PUBLIC_FEATURE_MEMORIES=true
# NEXT_PUBLIC_FEATURE_VOICE_CLONING=true
# NEXT_PUBLIC_FEATURE_BILLING=true
# ============================================================================
# X402 PAYMENT CONFIGURATION
# ============================================================================
# Wallet address to receive x402 payments (USDC)
X402_RECIPIENT_ADDRESS=0xYourWalletAddress
# Enable x402 payments (enabled by default! Set to false to disable)
ENABLE_X402_PAYMENTS=true
# x402 network selection (defaults from config/x402.json)
X402_NETWORK=base-sepolia
# IPFS storage for metadata (get free JWT: https://app.pinata.cloud/)
PINATA_JWT=your_pinata_jwt_token
# ============================================================================
# ELIZAOS TOKEN PAYOUT CONFIGURATION
# ============================================================================
# For redeeming user credits into elizaOS tokens
# See docs/ELIZAOS_PAYOUT_SECURITY.md for complete security guide
# Hot wallet private keys (NEVER commit to git! Use secrets manager in production)
# EVM wallet - used for ETH, Base, and BNB payouts
# You can use either EVM_PAYOUT_PRIVATE_KEY or EVM_PRIVATE_KEY
EVM_PAYOUT_PRIVATE_KEY=0x...your_evm_private_key
# Alternative name (both work):
# EVM_PRIVATE_KEY=0x...
# Optional: Explicit wallet address (derived from private key if not set)
EVM_PAYOUT_WALLET_ADDRESS=0xYourEvmWalletAddress
# Solana wallet - used for Solana payouts
SOLANA_PAYOUT_PRIVATE_KEY=base58_encoded_solana_private_key
SOLANA_PAYOUT_WALLET_ADDRESS=YourSolanaPublicKey
# ============================================================================
# BLOCKCHAIN RPC ENDPOINTS
# ============================================================================
# Mainnet RPCs (defaults provided, recommend Alchemy/Infura for reliability)
# ETHEREUM_RPC_URL=https://eth.llamarpc.com
# BASE_RPC_URL=https://mainnet.base.org
# BNB_RPC_URL=https://bsc-dataseed.binance.org
SOLANA_RPC_URL=https://api.mainnet-beta.solana.com
# Testnet RPCs
SEPOLIA_RPC_URL=https://rpc.sepolia.org
BASE_SEPOLIA_RPC_URL=https://sepolia.base.org
BNB_TESTNET_RPC_URL=https://data-seed-prebsc-1-s1.binance.org:8545
SOLANA_DEVNET_RPC_URL=https://api.devnet.solana.com
# ============================================================================
# TESTNET CONFIGURATION (for testing payouts)
# ============================================================================
# Enable testnet mode (uses Sepolia, Base Sepolia, etc.)
PAYOUT_TESTNET=false
# Testnet token addresses (deploy your own or use these defaults)
# For Base Sepolia, you can use USDC for testing: 0x036CbD53842c5426634e7929541eC2318f3dCF7e
ELIZA_TOKEN_SEPOLIA=0x...
ELIZA_TOKEN_BASE_SEPOLIA=0x036CbD53842c5426634e7929541eC2318f3dCF7e
ELIZA_TOKEN_BNB_TESTNET=0x...
ELIZA_TOKEN_SOLANA_DEVNET=...
# ============================================================================
# PAYOUT PROCESSING
# ============================================================================
# Payout worker identification (for distributed processing)
PAYOUT_WORKER_ID=worker-1
# Emergency pause (set to "true" to pause all redemptions)
REDEMPTION_EMERGENCY_PAUSE=false
# Alerting (optional but recommended for production)
REDEMPTION_ALERT_SLACK_WEBHOOK=https://hooks.slack.com/...
REDEMPTION_ALERT_PAGERDUTY_KEY=your_pagerduty_key
# ============================================================================
# LOCAL DEVELOPMENT
# ============================================================================
# Use local Anvil for blockchain testing
USE_ANVIL=false
# ============================================================================
# MCP CONFIGURATION
# ============================================================================
# MCP request timeout in seconds (default: 60)
# MCP_TIMEOUT=60
# SSE max duration in seconds (default: 300)
# SSE_MAX_DURATION=300
# SSE poll interval in milliseconds (default: 500)
# SSE_POLL_INTERVAL_MS=500
# SSE heartbeat interval in seconds (default: 30)
# SSE_HEARTBEAT_INTERVAL=30
# Max SSE connections per organization (default: 10)
# SSE_MAX_CONNECTIONS_PER_ORG=10
# ============================================================================
# TESTING
# ============================================================================
# API key for integration tests. Run scripts/seed-test-data.sql to create this.
# TEST_API_KEY=eliza_test_0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
# Base URL for test server (default: http://localhost:3000)
# TEST_API_URL=http://localhost:3000
# ===========================================
# VERCEL SANDBOX (AI App Builder)
# ===========================================
# Required for Vercel deployments and sandbox
# Get your token from: https://vercel.com/account/tokens
# Get team ID from: Vercel Dashboard > Team Settings
# Vercel Access Token (required for sandbox and deployments)
# Create at: https://vercel.com/account/tokens
VERCEL_TOKEN=your_vercel_access_token_here
# Vercel Team ID (required for app deployments)
# Each app will get its own Vercel project under this team
# Find at: https://vercel.com/docs/accounts#find-your-team-id
# Example: team_5JEpO4iusbqhbhqTPHg11Lmt
VERCEL_TEAM_ID=team_your_team_id_here
# Vercel Project ID (optional - for main eliza-cloud project sandbox only)
# Find at: Vercel Dashboard > Project > Settings > General
VERCEL_PROJECT_ID=prj_your_project_id_here
# ============================================================================
# NEON DATABASE PROVISIONING
# ============================================================================
# For provisioning per-app databases via Neon API
# Get from: https://console.neon.tech/app/settings/api-keys
# Neon API Key (required for user database provisioning)
NEON_API_KEY=your_neon_api_key_here
# ============================================================================
# FIELD ENCRYPTION [REQUIRED for sensitive data protection]
# ============================================================================
# Master encryption key for encrypting sensitive fields in the database
# (e.g., user_database_uri, API keys, secrets)
#
# Key Hierarchy:
# Master Key (this) -> Per-Org DEKs -> Encrypted Fields
#
# Generate with: openssl rand -hex 32
# IMPORTANT: Back up this key securely! Losing it means losing access to encrypted data.
# In production, consider using AWS KMS or similar HSM-backed key management.
SECRETS_MASTER_KEY=your_64_hex_char_master_key_here_generate_with_openssl_rand_hex_32
# MICROSOFT OAUTH (For Outlook Mail & Calendar)
# ============================================================================
# Get from Azure Portal: https://portal.azure.com > App registrations
# Required for Microsoft/Outlook integration
# Your Azure App Client ID
MICROSOFT_CLIENT_ID=your_microsoft_client_id_here
# Your Azure App Client Secret
MICROSOFT_CLIENT_SECRET=your_microsoft_client_secret_here
# Optional: Tenant ID (use 'common' for multi-tenant, or specific tenant ID)
# MICROSOFT_TENANT_ID=common
# =============================================================================
# ELIZA APP - DISCORD (Optional)
# =============================================================================
# Eliza App frontend URL (the separate consumer-facing app, e.g. eliza.app)
# Used in welcome messages sent via Discord/Telegram bots
ELIZA_APP_URL=https://eliza.app
# Set to "true" to enable the Eliza App Discord bot in the gateway
# ELIZA_APP_DISCORD_BOT_ENABLED=false
# Discord bot token from Discord Developer Portal > Bot > Reset Token
# ELIZA_APP_DISCORD_BOT_TOKEN=
# Discord Application ID from Developer Portal > General Information
# Also used as the OAuth2 Client ID on the frontend (NEXT_PUBLIC_DISCORD_CLIENT_ID)
ELIZA_APP_DISCORD_APPLICATION_ID=
# Discord OAuth2 Client Secret from Developer Portal > OAuth2 > Client Secret
# Required for the Discord login flow
ELIZA_APP_DISCORD_CLIENT_SECRET=
# Leader election key for Discord bot (for distributed deployments)
# ELIZA_APP_LEADER_KEY=discord:eliza-app-bot:leader:local
# =============================================================================
# ELIZA APP - WHATSAPP (Optional)
# =============================================================================
# WhatsApp Business Cloud API integration for the Eliza App public bot.
# Requires a Meta Business account and WhatsApp Business App.
# Setup guide: https://developers.facebook.com/docs/whatsapp/cloud-api/get-started
# Permanent access token from Meta Business Settings > System Users
# Generate with whatsapp_business_messaging permission
# For testing, use the temporary token from Meta App Dashboard > WhatsApp > API Setup
ELIZA_APP_WHATSAPP_ACCESS_TOKEN=
# Phone Number ID from Meta App Dashboard > WhatsApp > API Setup
# This is NOT the phone number itself — it's Meta's internal ID for your number
ELIZA_APP_WHATSAPP_PHONE_NUMBER_ID=
# App Secret from Meta App Dashboard > Settings > Basic
# Used for HMAC-SHA256 webhook signature verification (X-Hub-Signature-256)
ELIZA_APP_WHATSAPP_APP_SECRET=
# Custom verify token for webhook handshake (you choose this value)
# Must match what you enter in Meta App Dashboard > WhatsApp > Configuration > Callback URL
# Generate with: openssl rand -hex 32
ELIZA_APP_WHATSAPP_VERIFY_TOKEN=
# Display phone number in E.164 format (e.g. +15551649988)
# Shown to users on the frontend so they know which number to message
ELIZA_APP_WHATSAPP_PHONE_NUMBER=
# =============================================================================
# ORGANIZATION-LEVEL WHATSAPP (Dashboard Connections)
# =============================================================================
# Per-organization WhatsApp Business integration via the dashboard.
# Credentials are stored in the database (secrets service) — NO env vars needed.
#
# How it works:
# 1. Go to Dashboard > Settings > Connections
# 2. Find "WhatsApp Business" card and enter your Meta credentials
# 3. After connecting, copy the Webhook URL and Verify Token
# 4. Configure the webhook in Meta App Dashboard > WhatsApp > Configuration
#
# For local development, expose your server via ngrok:
# ELIZA_API_URL=https://your-ngrok-url.ngrok.io
#
# Dev-only fallback env vars (used when org has no stored credentials):
# WHATSAPP_ACCESS_TOKEN=
# WHATSAPP_PHONE_NUMBER_ID=
# WHATSAPP_APP_SECRET=
# =============================================================================
# WEBHOOK DEVELOPMENT (Optional)
# =============================================================================
# Skip webhook signature verification in non-production environments.
# Useful for testing WhatsApp/Blooio/Telegram webhooks with curl.
# NEVER set this in production — it is ignored even if set.
# SKIP_WEBHOOK_VERIFICATION=true
# =============================================================================
# SOLANA RPC (Optional)
# =============================================================================
# Solana RPC provider API key (e.g., Helius)
# Enables Solana blockchain API access via /api/v1/solana/*
# Solana RPC (Helius)
# SOLANA_RPC_PROVIDER_API_KEY=your_api_key_here
# Optional: Custom Helius RPC URLs
# HELIUS_MAINNET_URL=https://mainnet.helius-rpc.com
# HELIUS_DEVNET_URL=https://devnet.helius-rpc.com
# Optional: Fallback RPC URLs (used when primary fails)
# HELIUS_MAINNET_FALLBACK_URL=https://mainnet-fallback.helius-rpc.com
# HELIUS_DEVNET_FALLBACK_URL=https://devnet-fallback.helius-rpc.com
# Optional: RPC Retry Configuration
# RPC_MAX_RETRIES=5
# RPC_INITIAL_RETRY_DELAY_MS=1000
# Optional: Service Proxy Configuration
# PRICING_CACHE_TTL=300
# PRICING_CACHE_STALE_TIME=150
# UPSTREAM_TIMEOUT_MS=25000
# MAX_BATCH_SIZE=20
# =============================================================================
# MARKET DATA API (Optional)
# =============================================================================
# Market data provider API key (e.g., Birdeye)
# Enables multi-chain token price and market data via /api/v1/market/*
# MARKET_DATA_PROVIDER_API_KEY=your_api_key_here
# Optional: Custom Market Data API Configuration
# MARKET_DATA_BASE_URL=https://public-api.birdeye.so
# MARKET_DATA_TIMEOUT_MS=15000
# MARKET_DATA_MAX_RETRIES=3
# MARKET_DATA_INITIAL_RETRY_DELAY_MS=500
# =============================================================================
# EVM RPC - ALCHEMY (Optional)
# =============================================================================
# Alchemy API key (enables EVM chain access via /api/v1/rpc/*)
# Supports: ethereum, polygon, arbitrum, optimism, base, zksync, avalanche
# Get from: https://dashboard.alchemy.com/apps
# ALCHEMY_API_KEY=your_alchemy_api_key_here
# Optional: Alchemy Configuration
# ALCHEMY_TIMEOUT_MS=25000
# ALCHEMY_MAX_RETRIES=3
# ALCHEMY_INITIAL_RETRY_DELAY_MS=500
# ALCHEMY_MAX_BATCH_SIZE=20
# ============================================================================
# DOCKER SSH (For Docker-provider container orchestration)
# ============================================================================
# SSH credentials for managing Docker containers on remote Hetzner VPS nodes.
#
# Option 1 (recommended for Vercel/serverless): Base64-encoded private key
# Generate with: base64 -w0 < ~/.ssh/id_ed25519
# MILADY_SSH_KEY=base64_encoded_private_key_here
#
# Option 2 (traditional servers): Filesystem path to PEM file
# MILADY_SSH_KEY_PATH=/path/to/ssh/private_key
#
# SSH user for Docker node connections (default: root)
# MILADY_SSH_USER=root
# ============================================================================
# HEADSCALE VPN (For container VPN enrollment)
# ============================================================================
# Headscale coordination server for Tailscale-based container networking.
# HEADSCALE_API_URL=http://localhost:8081
# HEADSCALE_API_KEY=your_headscale_api_key_here
# HEADSCALE_USER=milady
# Shared secret injected by the reverse proxy when resolving sandbox
# headscale IPs through /api/agents/[id]/headscale-ip.
# HEADSCALE_INTERNAL_TOKEN=replace_with_long_random_shared_secret
# Shared secret required by the internal agent-server control API.
# Add this to the Kubernetes secret referenced by Server.spec.secretRef.
# AGENT_SERVER_SHARED_SECRET=replace_with_long_random_shared_secret
# ============================================================================
# WAIFU.FUN SERVICE-TO-SERVICE API
# ============================================================================
# Shared secret that waifu.fun backend sends in the X-Service-Key header
# to provision and manage Milady cloud agents on behalf of token owners.
#
# Generate with: openssl rand -hex 32
# Must match MILADY_CLOUD_SERVICE_KEY on the waifu.fun side.
# WAIFU_SERVICE_KEY=your_shared_service_key_here
#
# Organization and user IDs that own service-provisioned agents.
# Create a dedicated org + user in the platform for this purpose.
# WAIFU_SERVICE_ORG_ID=uuid-of-waifu-service-org
# WAIFU_SERVICE_USER_ID=uuid-of-waifu-service-user