Login

.env.api-keys.template

@@ -0,0 +1,75 @@
+# ========================================
+# Friend-Lite API Keys Template
+# ========================================
+# Copy this file to .env.api-keys and fill in your actual values
+# .env.api-keys is gitignored and should NEVER be committed
+#
+# Usage: cp .env.api-keys.template .env.api-keys
+#
+# IMPORTANT: This file contains API KEYS for external services
+# These might be shared across environments or different per environment
+# For environment-specific credentials, see .env.secrets.template
+# ========================================
+
+# ========================================
+# LLM API KEYS
+# ========================================
+
+# OpenAI API key
+# Get from: https://platform.openai.com/api-keys
+OPENAI_API_KEY=sk-your-openai-key-here
+
+# Mistral API key (optional - only if using Mistral transcription)
+# Get from: https://console.mistral.ai/
+MISTRAL_API_KEY=
+
+# Groq API key (optional - only if using Groq as LLM provider)
+# Get from: https://console.groq.com/
+GROQ_API_KEY=
+
+# Ollama (no API key needed - local/self-hosted)
+# OLLAMA_BASE_URL is in .env (not secret)
+
+# ========================================
+# SPEECH-TO-TEXT API KEYS
+# ========================================
+
+# Deepgram API key
+# Get from: https://console.deepgram.com/
+DEEPGRAM_API_KEY=your-deepgram-key-here
+
+# ========================================
+# MODEL PROVIDERS
+# ========================================
+
+# Hugging Face token for speaker recognition models
+# Get from: https://huggingface.co/settings/tokens
+HF_TOKEN=hf_your_huggingface_token_here
+
+# OpenAI compatible endpoints (optional)
+# OPENAI_API_BASE=
+
+# ========================================
+# MEMORY PROVIDERS (OPTIONAL)
+# ========================================
+
+# Mem0 API key (if using hosted Mem0)
+# MEM0_API_KEY=
+
+# OpenMemory MCP (no API key - self-hosted)
+# Configuration is in .env (not secret)
+
+# ========================================
+# NOTES
+# ========================================
+#
+# Sharing API Keys Across Environments:
+# - Development: Use separate API keys with lower rate limits
+# - Staging: Can share with development or use production keys
+# - Production: Always use dedicated production API keys
+#
+# Security Best Practices:
+# - Rotate API keys regularly
+# - Use API key restrictions where available (IP restrictions, etc.)
+# - Monitor API usage for unusual activity
+# - Never commit API keys to version control

.env.default

@@ -0,0 +1,85 @@
+# Chronicle Default Configuration
+# This file is committed to the repository and provides base defaults.
+# To customize for your environment, run ./quick-start.sh which will generate .env
+
+# ==========================================
+# DOCKER COMPOSE PROJECT NAME
+# ==========================================
+COMPOSE_PROJECT_NAME=chronicle
+
+# ==========================================
+# AUTHENTICATION & SECURITY
+# ==========================================
+# REQUIRED: Run ./quick-start.sh to generate a secure AUTH_SECRET_KEY
+# This is needed for JWT token signing and must be set before backend starts
+AUTH_SECRET_KEY=
+
+# Admin account setup (two options):
+# Option 1: Set ADMIN_PASSWORD here for automatic admin creation on startup (good for Docker/CI)
+# Option 2: Leave ADMIN_PASSWORD empty to create admin via web UI setup screen at /setup
+ADMIN_NAME=admin
+ADMIN_EMAIL=admin@example.com
+ADMIN_PASSWORD=
+
+# ==========================================
+# GRACEFUL DEGRADATION SETTINGS
+# ==========================================
+ALLOW_MISSING_API_KEYS=true
+LLM_REQUIRED=false
+TRANSCRIPTION_REQUIRED=false
+
+# ==========================================
+# DATABASE CONFIGURATION (Shared Infrastructure)
+# ==========================================
+# All worktrees share the same MongoDB/Redis/Qdrant instances
+# Isolation is achieved via database names (MongoDB) and database numbers (Redis)
+MONGODB_URI=mongodb://mongo:27017
+MONGODB_DATABASE=chronicle
+REDIS_URL=redis://redis:6379/0
+REDIS_DATABASE=0
+QDRANT_BASE_URL=qdrant
+QDRANT_PORT=6333
+
+# ==========================================
+# NETWORK CONFIGURATION (Application Ports Only)
+# ==========================================
+# Port offset for running multiple worktree instances (default: 0)
+# Each worktree should use a different offset: blue=0, gold=10, green=20, red=30
+PORT_OFFSET=0
+BACKEND_PORT=8000
+WEBUI_PORT=3000
+HOST_IP=localhost
+
+# CORS origins with port offset support
+# For multi-worktree setups, this uses BACKEND_PORT and WEBUI_PORT variables
+CORS_ORIGINS=http://localhost:${WEBUI_PORT:-3000},http://127.0.0.1:${WEBUI_PORT:-3000},http://localhost:${BACKEND_PORT:-8000},http://127.0.0.1:${BACKEND_PORT:-8000}
+VITE_BACKEND_URL=http://localhost:${BACKEND_PORT:-8000}
+
+# ==========================================
+# ENVIRONMENT IDENTIFICATION
+# ==========================================
+ENV_NAME=default
+
+# ==========================================
+# TEST ENVIRONMENT PORTS (for parallel testing)
+# ==========================================
+# Tests use SHARED infrastructure (MongoDB:27017, Redis:6379, Qdrant:6333)
+# Only backend/webui ports are offset to support parallel testing across worktrees
+TEST_BACKEND_PORT=8001
+TEST_WEBUI_PORT=3001
+
+# ==========================================
+# SERVICE CONFIGURATION
+# ==========================================
+LLM_PROVIDER=openai
+OPENAI_MODEL=gpt-4o-mini
+MEMORY_PROVIDER=chronicle
+TRANSCRIPTION_PROVIDER=deepgram
+
+# ==========================================
+# API KEYS
+# ==========================================
+# Add your API keys here or run ./quick-start.sh
+# OPENAI_API_KEY=
+# DEEPGRAM_API_KEY=
+# MISTRAL_API_KEY=

.env.secrets.template

@@ -0,0 +1,48 @@
+# ========================================
+# Friend-Lite Secrets Template
+# ========================================
+# Copy this file to .env.secrets and fill in your actual values
+# .env.secrets is gitignored and should NEVER be committed
+#
+# Usage: cp .env.secrets.template .env.secrets
+#
+# IMPORTANT: This file contains ENVIRONMENT-SPECIFIC credentials
+# For API keys that might be shared, see .env.api-keys.template
+# ========================================
+
+# ========================================
+# AUTHENTICATION & SECURITY (Environment-Specific)
+# ========================================
+
+# JWT secret key - MUST be different per environment
+# Generate with: openssl rand -base64 32
+AUTH_SECRET_KEY=your-super-secret-jwt-key-change-this-to-something-random
+
+# Admin account credentials - Should be different per environment
+ADMIN_EMAIL=admin@example.com
+ADMIN_PASSWORD=change-this-secure-password
+
+# ========================================
+# DATABASE CREDENTIALS (Environment-Specific)
+# ========================================
+
+# Neo4j password - Different per environment
+NEO4J_PASSWORD=your-neo4j-password
+
+# MongoDB credentials (if using auth)
+# MONGODB_USERNAME=
+# MONGODB_PASSWORD=
+
+# Redis password (if using auth)
+# REDIS_PASSWORD=
+
+# ========================================
+# EXTERNAL SERVICE CREDENTIALS (Environment-Specific)
+# ========================================
+
+# Ngrok authtoken (optional - for external access in dev/staging)
+NGROK_AUTHTOKEN=
+
+# Langfuse telemetry (optional - different per environment)
+LANGFUSE_PUBLIC_KEY=
+LANGFUSE_SECRET_KEY=

.gitignore

@@ -2,6 +2,15 @@
 *.wav
 **/*.env
 !**/.env.template
+backends/advanced/.env  # Generated by quick-start.sh
+.env.secrets
+.env.api-keys
+.env.quick-start
+.env.backup.*
+config.env.backup.*
+backends/advanced/config/config.yaml
+backends/advanced/config/config.yaml.backup
+backends/advanced/config/config.yaml.lock
 **/memory_config.yaml
 !**/memory_config.yaml.template
 example/*
@@ -71,6 +80,7 @@ backends/advanced-backend/data/speaker_model_cache/
 backends/charts/advanced-backend/env-configmap.yaml
 
 extras/openmemory-mcp/data/*
+extras/openmemory/data/*
 .env.backup.*
 
 backends/advanced/nginx.conf
@@ -82,3 +92,27 @@ log.html
 output.xml
 report.html
 .secrets
+extras/openmemory-mcp/.env.openmemory
+extras/openmemory/.env
+certs
+
+# Environment-specific configuration files (added 2025-12-09)
+environments/
+*.env.backup.*
+backends/advanced/.env.*
+!backends/advanced/.env.template
+
+# SSL certificates
+*.crt
+*.key
+
+# IDE and tool directories
+.playwright-mcp/
+.serena/
+
+# Docker compose data directories
+**/compose/data/
+
+# Deprecated compose files (moved to root compose/)
+backends/advanced/compose/infrastructure.yml
+backends/advanced/compose/mycelia.yml

DEV_README.md

@@ -0,0 +1,4 @@
+# Development Branch
+
+This is ushadow/dev - integration point for all worktrees.
+test update