Mobile refresh

.env.api-keys.template

@@ -0,0 +1,75 @@
+# ========================================
+# Friend-Lite API Keys Template
+# ========================================
+# Copy this file to .env.api-keys and fill in your actual values
+# .env.api-keys is gitignored and should NEVER be committed
+#
+# Usage: cp .env.api-keys.template .env.api-keys
+#
+# IMPORTANT: This file contains API KEYS for external services
+# These might be shared across environments or different per environment
+# For environment-specific credentials, see .env.secrets.template
+# ========================================
+
+# ========================================
+# LLM API KEYS
+# ========================================
+
+# OpenAI API key
+# Get from: https://platform.openai.com/api-keys
+OPENAI_API_KEY=sk-your-openai-key-here
+
+# Mistral API key (optional - only if using Mistral transcription)
+# Get from: https://console.mistral.ai/
+MISTRAL_API_KEY=
+
+# Groq API key (optional - only if using Groq as LLM provider)
+# Get from: https://console.groq.com/
+GROQ_API_KEY=
+
+# Ollama (no API key needed - local/self-hosted)
+# OLLAMA_BASE_URL is in .env (not secret)
+
+# ========================================
+# SPEECH-TO-TEXT API KEYS
+# ========================================
+
+# Deepgram API key
+# Get from: https://console.deepgram.com/
+DEEPGRAM_API_KEY=your-deepgram-key-here
+
+# ========================================
+# MODEL PROVIDERS
+# ========================================
+
+# Hugging Face token for speaker recognition models
+# Get from: https://huggingface.co/settings/tokens
+HF_TOKEN=hf_your_huggingface_token_here
+
+# OpenAI compatible endpoints (optional)
+# OPENAI_API_BASE=
+
+# ========================================
+# MEMORY PROVIDERS (OPTIONAL)
+# ========================================
+
+# Mem0 API key (if using hosted Mem0)
+# MEM0_API_KEY=
+
+# OpenMemory MCP (no API key - self-hosted)
+# Configuration is in .env (not secret)
+
+# ========================================
+# NOTES
+# ========================================
+#
+# Sharing API Keys Across Environments:
+# - Development: Use separate API keys with lower rate limits
+# - Staging: Can share with development or use production keys
+# - Production: Always use dedicated production API keys
+#
+# Security Best Practices:
+# - Rotate API keys regularly
+# - Use API key restrictions where available (IP restrictions, etc.)
+# - Monitor API usage for unusual activity
+# - Never commit API keys to version control

.env.secrets.template

@@ -0,0 +1,48 @@
+# ========================================
+# Friend-Lite Secrets Template
+# ========================================
+# Copy this file to .env.secrets and fill in your actual values
+# .env.secrets is gitignored and should NEVER be committed
+#
+# Usage: cp .env.secrets.template .env.secrets
+#
+# IMPORTANT: This file contains ENVIRONMENT-SPECIFIC credentials
+# For API keys that might be shared, see .env.api-keys.template
+# ========================================
+
+# ========================================
+# AUTHENTICATION & SECURITY (Environment-Specific)
+# ========================================
+
+# JWT secret key - MUST be different per environment
+# Generate with: openssl rand -base64 32
+AUTH_SECRET_KEY=your-super-secret-jwt-key-change-this-to-something-random
+
+# Admin account credentials - Should be different per environment
+ADMIN_EMAIL=admin@example.com
+ADMIN_PASSWORD=change-this-secure-password
+
+# ========================================
+# DATABASE CREDENTIALS (Environment-Specific)
+# ========================================
+
+# Neo4j password - Different per environment
+NEO4J_PASSWORD=your-neo4j-password
+
+# MongoDB credentials (if using auth)
+# MONGODB_USERNAME=
+# MONGODB_PASSWORD=
+
+# Redis password (if using auth)
+# REDIS_PASSWORD=
+
+# ========================================
+# EXTERNAL SERVICE CREDENTIALS (Environment-Specific)
+# ========================================
+
+# Ngrok authtoken (optional - for external access in dev/staging)
+NGROK_AUTHTOKEN=
+
+# Langfuse telemetry (optional - different per environment)
+LANGFUSE_PUBLIC_KEY=
+LANGFUSE_SECRET_KEY=

.github/workflows/claude-code-review.yml

@@ -0,0 +1,57 @@
+name: Claude Code Review
+
+on:
+  pull_request:
+    types: [opened, synchronize]
+    # Optional: Only run on specific file changes
+    # paths:
+    #   - "src/**/*.ts"
+    #   - "src/**/*.tsx"
+    #   - "src/**/*.js"
+    #   - "src/**/*.jsx"
+
+jobs:
+  claude-review:
+    # Optional: Filter by PR author
+    # if: |
+    #   github.event.pull_request.user.login == 'external-contributor' ||
+    #   github.event.pull_request.user.login == 'new-developer' ||
+    #   github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR'
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: read
+      issues: read
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Run Claude Code Review
+        id: claude-review
+        uses: anthropics/claude-code-action@v1
+        with:
+          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
+          prompt: |
+            REPO: ${{ github.repository }}
+            PR NUMBER: ${{ github.event.pull_request.number }}
+
+            Please review this pull request and provide feedback on:
+            - Code quality and best practices
+            - Potential bugs or issues
+            - Performance considerations
+            - Security concerns
+            - Test coverage
+
+            Use the repository's CLAUDE.md for guidance on style and conventions. Be constructive and helpful in your feedback.
+
+            Use `gh pr comment` with your Bash tool to leave your review as a comment on the PR.
+
+          # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
+          # or https://code.claude.com/docs/en/cli-reference for available options
+          claude_args: '--allowed-tools "Bash(gh issue view:*),Bash(gh search:*),Bash(gh issue list:*),Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*)"'
+

.github/workflows/claude.yml

@@ -35,7 +35,7 @@ jobs:
         uses: anthropics/claude-code-action@v1
         with:
           claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
-          
+
           # This is an optional setting that allows Claude to read CI results on PRs
           additional_permissions: |
             actions: read
@@ -45,6 +45,6 @@ jobs:
 
           # Optional: Add claude_args to customize behavior and configuration
           # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
-          # or https://docs.anthropic.com/en/docs/claude-code/sdk#command-line for available options
-          # claude_args: '--model claude-opus-4-1-20250805 --allowed-tools Bash(gh pr:*)'
+          # or https://code.claude.com/docs/en/cli-reference for available options
+          # claude_args: '--allowed-tools Bash(gh pr:*)'
 

.github/workflows/robot-tests.yml

@@ -110,10 +110,6 @@ jobs:
         echo "LLM_PROVIDER: $LLM_PROVIDER"
         echo "TRANSCRIPTION_PROVIDER: $TRANSCRIPTION_PROVIDER"
 
-        # Create memory_config.yaml from template (file is gitignored)
-        echo "Creating memory_config.yaml from template..."
-        cp memory_config.yaml.template memory_config.yaml
-
         # Clean any existing test containers for fresh start
         echo "Cleaning up any existing test containers..."
         docker compose -f docker-compose-test.yml down -v || true
@@ -145,7 +141,7 @@ jobs:
           # Show logs every 10 attempts to help debug
           if [ $((i % 10)) -eq 0 ]; then
             echo "Still waiting... showing recent logs:"
-            docker compose -f docker-compose-test.yml logs --tail=20 friend-backend-test
+            docker compose -f docker-compose-test.yml logs --tail=20 chronicle-backend-test
           fi
           if [ $i -eq 40 ]; then
             echo "✗ Backend failed to start - showing full logs:"
@@ -223,7 +219,7 @@ jobs:
       working-directory: backends/advanced
       run: |
         echo "=== Backend Logs (last 50 lines) ==="
-        docker compose -f docker-compose-test.yml logs --tail=50 friend-backend-test
+        docker compose -f docker-compose-test.yml logs --tail=50 chronicle-backend-test
         echo ""
         echo "=== Worker Logs (last 50 lines) ==="
         docker compose -f docker-compose-test.yml logs --tail=50 workers-test

.gitignore

@@ -2,6 +2,15 @@
 *.wav
 **/*.env
 !**/.env.template
+.env.secrets
+.env.api-keys
+.env.quick-start
+.env.default
+.env.backup.*
+config.env.backup.*
+backends/advanced/config/config.yaml
+backends/advanced/config/config.yaml.backup
+backends/advanced/config/config.yaml.lock
 **/memory_config.yaml
 !**/memory_config.yaml.template
 example/*
@@ -71,6 +80,7 @@ backends/advanced-backend/data/speaker_model_cache/
 backends/charts/advanced-backend/env-configmap.yaml
 
 extras/openmemory-mcp/data/*
+extras/openmemory/data/*
 .env.backup.*
 
 backends/advanced/nginx.conf
@@ -82,3 +92,27 @@ log.html
 output.xml
 report.html
 .secrets
+extras/openmemory-mcp/.env.openmemory
+extras/openmemory/.env
+certs
+
+# Environment-specific configuration files (added 2025-12-09)
+environments/
+*.env.backup.*
+backends/advanced/.env.*
+!backends/advanced/.env.template
+
+# SSL certificates
+*.crt
+*.key
+
+# IDE and tool directories
+.playwright-mcp/
+.serena/
+
+# Docker compose data directories
+**/compose/data/
+
+# Deprecated compose files (moved to root compose/)
+backends/advanced/compose/infrastructure.yml
+backends/advanced/compose/mycelia.yml

CLAUDE.md

@@ -13,6 +13,49 @@ This supports a comprehensive web dashboard for management.
 
 **❌ No Backward Compatibility**: Do NOT add backward compatibility code unless explicitly requested. This includes fallback logic, legacy field support, or compatibility layers. Always ask before adding backward compatibility - in most cases the answer is no during active development.
 
+## Initial Setup & Configuration
+
+Chronicle includes an **interactive setup wizard** for easy configuration. The wizard guides you through:
+- Service selection (backend + optional services)
+- Authentication setup (admin account, JWT secrets)
+- Transcription provider configuration (Deepgram, Mistral, or offline ASR)
+- LLM provider setup (OpenAI or Ollama)
+- Memory provider selection (Chronicle Native with Qdrant or OpenMemory MCP)
+- Network configuration and HTTPS setup
+- Optional services (speaker recognition, Parakeet ASR)
+
+### Quick Start
+```bash
+# Run the interactive setup wizard from project root
+uv run python wizard.py
+
+# Or use the quickstart guide for step-by-step instructions
+# See quickstart.md for detailed walkthrough
+```
+
+### Setup Documentation
+For detailed setup instructions and troubleshooting, see:
+- **[@quickstart.md](quickstart.md)**: Beginner-friendly step-by-step setup guide
+- **[@Docs/init-system.md](Docs/init-system.md)**: Complete initialization system architecture and design
+- **[@Docs/getting-started.md](Docs/getting-started.md)**: Technical quickstart with advanced configuration
+- **[@backends/advanced/SETUP_SCRIPTS.md](backends/advanced/SETUP_SCRIPTS.md)**: Setup scripts reference and usage examples
+- **[@backends/advanced/Docs/quickstart.md](backends/advanced/Docs/quickstart.md)**: Backend-specific setup guide
+
+### Wizard Architecture
+The initialization system uses a **root orchestrator pattern**:
+- **`wizard.py`**: Root setup orchestrator for service selection and delegation
+- **`backends/advanced/init.py`**: Backend configuration wizard
+- **`extras/speaker-recognition/init.py`**: Speaker recognition setup
+- **Service setup scripts**: Individual setup for ASR services and OpenMemory MCP
+
+Key features:
+- Interactive prompts with validation
+- API key masking and secure credential handling
+- Environment file generation with placeholders
+- HTTPS configuration with SSL certificate generation
+- Service status display and health checks
+- Automatic backup of existing configurations
+
 ## Development Commands
 
 ### Backend Development (Advanced Backend - Primary)

DEV_README.md

@@ -0,0 +1,4 @@
+# Development Branch
+
+This is ushadow/dev - integration point for all worktrees.
+test update

Docs/getting-started.md

@@ -342,7 +342,7 @@ curl -X POST "http://localhost:8000/api/process-audio-files" \
 
 **Implementation**: 
 - **Memory System**: `src/advanced_omi_backend/memory/memory_service.py` + `src/advanced_omi_backend/controllers/memory_controller.py`
-- **Configuration**: `memory_config.yaml` + `src/advanced_omi_backend/memory_config_loader.py`
+- **Configuration**: memory settings in `config.yml` (memory section)
 
 ### Authentication & Security
 - **Email Authentication**: Login with email and password
@@ -396,7 +396,7 @@ uv sync --group (whatever group you want to sync)
 ## Troubleshooting
 
 **Service Issues:**
-- Check logs: `docker compose logs friend-backend`
+- Check logs: `docker compose logs chronicle-backend`
 - Restart services: `docker compose restart`
 - View all services: `docker compose ps`
 
@@ -541,10 +541,10 @@ OPENMEMORY_MCP_URL=http://host.docker.internal:8765
 
 > 🎯 **New to memory configuration?** Read our [Memory Configuration Guide](./memory-configuration-guide.md) for a step-by-step setup guide with examples.
 
-The system uses **centralized configuration** via `memory_config.yaml` for all memory extraction settings. All hardcoded values have been removed from the code to ensure consistent, configurable behavior.
+The system uses **centralized configuration** via `config.yml` for all models (LLM, embeddings, vector store) and memory extraction settings.
 
 ### Configuration File Location
-- **Path**: `backends/advanced-backend/memory_config.yaml`
+- **Path**: repository `config.yml` (override with `CONFIG_FILE` env var)
 - **Hot-reload**: Changes are applied on next processing cycle (no restart required)
 - **Fallback**: If file is missing, system uses safe defaults with environment variables
 
@@ -613,7 +613,7 @@ If you experience JSON parsing errors in fact extraction:
 
 2. **Enable fact extraction** with reliable JSON output:
    ```yaml
-   # In memory_config.yaml
+   # In config.yml (memory section)
    fact_extraction:
      enabled: true  # Safe to enable with GPT-4o
    ```
@@ -727,5 +727,5 @@ curl -H "Authorization: Bearer $ADMIN_TOKEN" \
 - **Connect audio clients** using the WebSocket API
 - **Explore the dashboard** to manage conversations and users
 - **Review the user data architecture** for understanding data organization
-- **Customize memory extraction** by editing `memory_config.yaml`
-- **Monitor processing performance** using debug API endpoints
+- **Customize memory extraction** by editing the `memory` section in `config.yml`
+- **Monitor processing performance** using debug API endpoints

Docs/init-system.md

@@ -230,7 +230,7 @@ curl http://localhost:8767/health
 docker compose logs [service-name]
 
 # Backend logs
-cd backends/advanced && docker compose logs friend-backend
+cd backends/advanced && docker compose logs chronicle-backend
 
 # Speaker Recognition logs
 cd extras/speaker-recognition && docker compose logs speaker-service