gemini-flow/backend/.env.example at bc2e557a4f44cfa62216f770e330bf3916b3372f · clduab11/gemini-flow · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
# =============================================================================
# Gemini Flow Backend Environment Configuration
# =============================================================================
# Copy this file to .env and customize for your environment
#
# Security Notice:
# - Never commit .env files to version control
# - Use strong, randomly generated keys for production
# - Rotate API keys periodically
# - Store production secrets in secure vaults (AWS Secrets Manager, HashiCorp Vault)
# =============================================================================

# =============================================================================
# REQUIRED IN PRODUCTION
# =============================================================================

# Node environment (development, production, test)
# Affects error reporting, logging verbosity, and security settings
NODE_ENV=development

# Google Gemini API Key (REQUIRED)
# Get your API key from: https://makersuite.google.com/app/apikey
# Alternative names: GOOGLE_AI_API_KEY (both are checked)
# Security: Use different keys for dev/staging/prod environments
GEMINI_API_KEY=your_gemini_api_key_here

# API Key for authentication (REQUIRED in production)
# Generate with: openssl rand -hex 32
# Minimum 32 characters recommended for security
# Used for authenticating backend API requests
API_KEY=your-secure-random-key-minimum-32-characters-recommended-64

# =============================================================================
# SERVER CONFIGURATION
# =============================================================================

# Port for backend HTTP server
# Default: 3001
# Production: Use reverse proxy (nginx) to expose on standard ports
PORT=3001

# Host to bind to
# 0.0.0.0 = all network interfaces (Docker, cloud deployments)
# 127.0.0.1 = localhost only (local development)
# Default: 0.0.0.0
HOST=0.0.0.0

# CORS allowed origins (comma-separated)
# Development: Include local dev servers
# Production: Restrict to your actual domain(s)
# Default: http://localhost:5173,http://localhost:3000
CORS_ORIGINS=http://localhost:5173,http://localhost:3000

# Enable credentials in CORS (true/false)
# Set to true if your frontend needs to send cookies or auth headers
CORS_CREDENTIALS=true

# =============================================================================
# LOGGING CONFIGURATION
# =============================================================================

# Log level (debug, info, warn, error)
# Development: debug or info
# Production: warn or error
# Default: info
LOG_LEVEL=info

# Enable pretty logging in development (true/false)
# Pretty logs are easier to read but slower
# Use false (JSON format) in production for log aggregation
LOG_PRETTY=true

# Structured logging format (json, pretty)
# json = machine-readable for log aggregation (Datadog, ELK)
# pretty = human-readable for development
LOG_FORMAT=pretty

# =============================================================================
# RATE LIMITING
# =============================================================================

# Time window in milliseconds for rate limiting
# 60000 = 1 minute
# Default: 60000
RATE_LIMIT_WINDOW_MS=60000

# Maximum number of requests per window
# Development: 100 (permissive for testing)
# Production: 1000 or higher based on load
# Default: 100
RATE_LIMIT_MAX_REQUESTS=100

# Rate limit storage (memory, redis)
# memory = in-process (single server only)
# redis = distributed (required for multi-server deployments)
# Default: memory
RATE_LIMIT_STORE=memory

# =============================================================================
# DATABASE CONFIGURATION
# =============================================================================

# Directory for database files
# Relative paths resolve from project root
# Absolute paths are recommended for production
# Default: .data
DATA_DIR=.data

# Backup configuration
# Backup interval in hours (0 to disable automatic backups)
# Default: 24
BACKUP_INTERVAL_HOURS=24

# Maximum number of backups to retain
# Older backups are automatically deleted
# Default: 30
MAX_BACKUPS=30

# Database file path (SQLite)
# Leave empty to use DATA_DIR/database.db
# DB_PATH=/path/to/database.db

# =============================================================================
# WORKFLOW & STORE LIMITS
# =============================================================================

# Maximum number of nodes per workflow
# Prevents resource exhaustion from overly complex workflows
# Default: 1000
MAX_NODES=1000

# Maximum number of edges per workflow
# Default: 5000
MAX_EDGES=5000

# Maximum workflow name length
# Default: 200
MAX_NAME_LENGTH=200

# Maximum workflow description length
# Default: 5000
MAX_DESCRIPTION_LENGTH=5000

# =============================================================================
# REDIS CONFIGURATION (Optional - for distributed systems)
# =============================================================================

# Redis host for rate limiting and caching
# Leave empty to use in-memory storage
# Production: Use Redis for horizontal scaling
# REDIS_HOST=localhost

# Redis port
# Default: 6379
# REDIS_PORT=6379

# Redis password (if authentication is enabled)
# REDIS_PASSWORD=your-redis-password

# Redis database number (0-15)
# Use different databases for dev/staging/prod
# REDIS_DB=0

# Redis connection timeout (milliseconds)
# REDIS_CONNECT_TIMEOUT=10000

# =============================================================================
# MULTIPLE API KEYS (Optional - advanced configuration)
# =============================================================================

# Support for multiple API keys with different scopes
# Uncomment to enable multi-key authentication

# Admin key (full access to all endpoints)
# API_KEY_ADMIN=admin-key-with-full-access

# TUI client key (terminal user interface)
# API_KEY_TUI=tui-client-key

# Browser client key (web frontend)
# API_KEY_BROWSER=browser-client-key

# Read-only key (monitoring and reporting)
# API_KEY_READONLY=readonly-key-for-monitoring

# =============================================================================
# MONITORING & OBSERVABILITY (Optional)
# =============================================================================

# Enable Prometheus metrics endpoint
# Exposes metrics at /metrics endpoint
# METRICS_ENABLED=true

# Metrics port (separate from main application port)
# METRICS_PORT=9090

# Enable health check endpoints
# Provides /health and /ready endpoints
# Default: true
HEALTH_CHECK_ENABLED=true

# Enable request logging
# Logs all HTTP requests (useful for debugging)
# Default: true
REQUEST_LOGGING=true

# =============================================================================
# SECURITY HEADERS (Optional)
# =============================================================================

# Enable HTTPS redirect
# Forces all HTTP requests to redirect to HTTPS
# Only enable if behind a reverse proxy with SSL termination
# FORCE_HTTPS=false

# Enable security headers (Helmet.js)
# Adds various security headers to responses
# SECURITY_HEADERS=true

# Content Security Policy
# Restricts resource loading to prevent XSS attacks
# CSP_DIRECTIVES=default-src 'self'; script-src 'self' 'unsafe-inline'

# =============================================================================
# DEVELOPMENT SETTINGS
# =============================================================================

# Enable debug mode (additional logging, error details in responses)
# NEVER enable in production (exposes stack traces)
# DEBUG=false

# Disable authentication (DANGEROUS - development only)
# Allows API access without API key validation
# NEVER enable in production
# DISABLE_AUTH=false

# Enable hot reload
# Automatically restart server on file changes
# Development only
# HOT_RELOAD=true

# Mock external APIs (development/testing)
# Replace real API calls with mock responses
# MOCK_APIS=false

# =============================================================================
# EXAMPLE CONFIGURATIONS
# =============================================================================

# Development Example:
# --------------------
# NODE_ENV=development
# GEMINI_API_KEY=your_dev_gemini_key
# API_KEY=dev-key-for-local-testing
# PORT=3001
# HOST=127.0.0.1
# LOG_LEVEL=debug
# LOG_PRETTY=true
# CORS_ORIGINS=http://localhost:5173,http://localhost:3000
# DISABLE_AUTH=true
# DEBUG=true

# Production Example:
# -------------------
# NODE_ENV=production
# GEMINI_API_KEY=your_production_gemini_key
# API_KEY=$(openssl rand -hex 32)
# PORT=3001
# HOST=0.0.0.0
# LOG_LEVEL=warn
# LOG_FORMAT=json
# RATE_LIMIT_MAX_REQUESTS=1000
# RATE_LIMIT_STORE=redis
# REDIS_HOST=redis.example.com
# REDIS_PASSWORD=secure-redis-password
# SECURITY_HEADERS=true
# FORCE_HTTPS=true
# METRICS_ENABLED=true

# Docker Example:
# ---------------
# NODE_ENV=production
# GEMINI_API_KEY=${DOCKER_SECRET_GEMINI_KEY}
# API_KEY=${DOCKER_SECRET_API_KEY}
# PORT=3001
# HOST=0.0.0.0
# DATA_DIR=/data
# LOG_FORMAT=json
# REDIS_HOST=redis
# REDIS_PORT=6379