# Project Velocity production environment template.
# Copy to backend/.env.production on the deployment host, or map these names into
# your secrets manager / systemd EnvironmentFile. Keep real values out of git.

# -----------------------------------------------------------------------------
# Runtime / Deployment
# -----------------------------------------------------------------------------
ENVIRONMENT=production
VELOCITY_ENV_FILE=/opt/velocity/backend/.env.production
VELOCITY_PUBLIC_BACKEND_URL=https://api.desineuron.in
VELOCITY_API_BASE_URL=https://api.desineuron.in
VELOCITY_DREAM_WEAVER_URL=https://dreamweaver.desineuron.in
VELOCITY_DEFAULT_TENANT_ID=tenant_velocity
VELOCITY_DEMO_TENANT_ID=tenant_velocity
VELOCITY_DEMO_OPERATOR_EMAIL=
CORS_ORIGINS=https://velocity.desineuron.in,https://api.desineuron.in
TRUSTED_HOSTS=api.desineuron.in,dreamweaver.desineuron.in,velocity.desineuron.in
LOG_LEVEL=INFO

# -----------------------------------------------------------------------------
# PostgreSQL
# -----------------------------------------------------------------------------
# Prefer DATABASE_URL in production. VELOCITY_DB_* is retained for services and
# seed scripts that construct asyncpg pools from discrete credentials.
DATABASE_URL=
VELOCITY_DB_HOST=
VELOCITY_DB_PORT=5432
VELOCITY_DB_NAME=
VELOCITY_DB_USER=
VELOCITY_DB_PASSWORD=
VELOCITY_DB_SSLMODE=require

# Optional read-only Oracle database credentials for natural-language DB agent.
ORACLE_READ_DATABASE_URL=
VELOCITY_DB_READ_HOST=
VELOCITY_DB_READ_PORT=5432
VELOCITY_DB_READ_NAME=
VELOCITY_DB_READ_USER=
VELOCITY_DB_READ_PASSWORD=

# -----------------------------------------------------------------------------
# Auth / JWT / Sessions
# -----------------------------------------------------------------------------
VELOCITY_JWT_SECRET=
SECRET_KEY=
VELOCITY_PASSWORD_RECOVERY_MINUTES=30
# Set to true only in a sealed internal test environment; never on public prod.
VELOCITY_AUTH_RETURN_RECOVERY_TOKEN=false

# -----------------------------------------------------------------------------
# Enterprise SSO: OAuth / OIDC / SAML
# -----------------------------------------------------------------------------
# Comma-separated provider IDs exposed to the iPad Settings screen.
# Example: VELOCITY_SSO_PROVIDERS=azure_ad,okta
VELOCITY_SSO_PROVIDERS=
VELOCITY_DEFAULT_SSO_PROVIDER=

# OAuth/OIDC provider: Azure AD.
VELOCITY_SSO_AZURE_AD_TYPE=oauth
VELOCITY_SSO_AZURE_AD_NAME=Azure AD
VELOCITY_SSO_AZURE_AD_ISSUER=
VELOCITY_SSO_AZURE_AD_METADATA_URL=
VELOCITY_SSO_AZURE_AD_AUTH_URL=
VELOCITY_SSO_AZURE_AD_TOKEN_URL=
VELOCITY_SSO_AZURE_AD_CLIENT_ID=
VELOCITY_SSO_AZURE_AD_CLIENT_SECRET=
VELOCITY_SSO_AZURE_AD_REDIRECT_URI=https://api.desineuron.in/api/auth/sso/azure_ad/callback

# OAuth/OIDC provider: Okta.
VELOCITY_SSO_OKTA_TYPE=oauth
VELOCITY_SSO_OKTA_NAME=Okta
VELOCITY_SSO_OKTA_ISSUER=
VELOCITY_SSO_OKTA_METADATA_URL=
VELOCITY_SSO_OKTA_AUTH_URL=
VELOCITY_SSO_OKTA_TOKEN_URL=
VELOCITY_SSO_OKTA_CLIENT_ID=
VELOCITY_SSO_OKTA_CLIENT_SECRET=
VELOCITY_SSO_OKTA_REDIRECT_URI=https://api.desineuron.in/api/auth/sso/okta/callback

# SAML provider values for enterprise tenants that require SAML.
VELOCITY_SAML_ENTITY_ID=
VELOCITY_SAML_SSO_URL=
VELOCITY_SAML_CERTIFICATE_PEM=
VELOCITY_SAML_PRIVATE_KEY_PEM=
VELOCITY_SAML_ASSERTION_CONSUMER_SERVICE_URL=https://api.desineuron.in/api/auth/saml/acs

# -----------------------------------------------------------------------------
# MDM / Managed App Configuration
# -----------------------------------------------------------------------------
VELOCITY_MDM_REQUIRED=true
VELOCITY_MDM_ORG_NAME=
VELOCITY_MDM_SUPPORT_EMAIL=

# -----------------------------------------------------------------------------
# Communications: WAHA / Evolution / Meta WhatsApp
# -----------------------------------------------------------------------------
# COMMS_PROVIDER valid values: waha, evolution, mock.
COMMS_PROVIDER=waha
COMMS_PROVIDER_BASE_URL=
COMMS_PROVIDER_API_KEY=
COMMS_INSTANCE_ID=
COMMS_DEFAULT_COUNTRY_CODE=91
COMMS_WEBHOOK_SECRET=
COMMS_MEDIA_STORAGE_DIR=/opt/dlami/nvme/assets/comms

# WAHA-specific values, if production uses WAHA directly.
WAHA_BASE_URL=
WAHA_API_KEY=
WAHA_SESSION=velocity-production
WAHA_WEBHOOK_SECRET=
WAHA_WEBHOOK_CALLBACK_URL=https://api.desineuron.in/api/comms/webhooks/waha

# Evolution API-specific values, if production uses Evolution.
EVOLUTION_BASE_URL=
EVOLUTION_API_KEY=
EVOLUTION_INSTANCE_ID=
EVOLUTION_WEBHOOK_SECRET=
EVOLUTION_WEBHOOK_CALLBACK_URL=https://api.desineuron.in/api/comms/webhooks/evolution

# Meta Graph / WhatsApp Cloud API values.
META_ACCESS_TOKEN=
META_APP_ID=
META_APP_SECRET=
META_BUSINESS_ID=
META_AD_ACCOUNT_ID=
META_PAGE_ACCESS_TOKEN=
META_PAGE_ID=
META_INSTAGRAM_BUSINESS_ID=
META_PHONE_NUMBER_ID=
META_WHATSAPP_BUSINESS_ACCOUNT_ID=
META_WEBHOOK_VERIFY_TOKEN=
META_API_VERSION=v21.0

# -----------------------------------------------------------------------------
# Communications Transcription Providers
# -----------------------------------------------------------------------------
# COMMS_TRANSCRIPTION_PROVIDER valid values: openai, deepgram, http, none.
COMMS_TRANSCRIPTION_PROVIDER=openai
COMMS_TRANSCRIPTION_LANGUAGE=en
OPENAI_API_KEY=
COMMS_OPENAI_TRANSCRIPTION_MODEL=whisper-1
DEEPGRAM_API_KEY=
COMMS_DEEPGRAM_MODEL=nova-2
COMMS_TRANSCRIPTION_ENDPOINT=
COMMS_TRANSCRIPTION_ENDPOINT_TOKEN=

# -----------------------------------------------------------------------------
# Media Storage / AWS S3
# -----------------------------------------------------------------------------
AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY=
AWS_SESSION_TOKEN=
AWS_REGION=ap-south-1
AWS_S3_BUCKET=
AWS_S3_PUBLIC_BASE_URL=
AWS_S3_MEDIA_PREFIX=velocity-production
VELOCITY_ASSET_DIR=/opt/dlami/nvme/assets
VELOCITY_VIDEO_DIR=/opt/dlami/nvme/assets/videos

# -----------------------------------------------------------------------------
# Dream Weaver / ComfyUI / GPU Gateway
# -----------------------------------------------------------------------------
COMFY_BASE_URL=http://127.0.0.1:8188
DREAM_WEAVER_GATEWAY_URL=https://dreamweaver.desineuron.in
DREAM_WEAVER_API_KEY=
COMFY_CHECKPOINT_NAME=
COMFY_WORKFLOW_DIR=/opt/dlami/nvme/velocity/comfy_workflows

# -----------------------------------------------------------------------------
# LLM / NemoClaw Runtime
# -----------------------------------------------------------------------------
LLM_BASE_URL=https://llm.desineuron.in
SGLANG_BASE_URL=https://llm.desineuron.in
SGLANG_CHAT_URL=https://llm.desineuron.in/v1/chat/completions
SGLANG_MODELS_URL=https://llm.desineuron.in/v1/models
SGLANG_MODEL=qwen3.6:35b-a3b
SGLANG_API_TOKEN=
RUNTIME_LLM_TIMEOUT_S=90.0
RUNTIME_LLM_BATCH_CONCURRENCY=2

NEMOCLAW_BASE_URL=https://llm.desineuron.in
NEMOCLAW_CHAT_URL=https://llm.desineuron.in/v1/chat/completions
NEMOCLAW_MODEL=qwen3.6:35b-a3b
NEMOCLAW_API_TOKEN=
NEMOCLAW_WEBHOOK_SECRET=
NEMOCLAW_PROMPT_DIR=/opt/dlami/nvme/nemoclaw/prompts
NEMOCLAW_TIMEOUT_S=45.0
NEMOCLAW_TEMPERATURE=0.2

# -----------------------------------------------------------------------------
# Oracle / Sentinel Runtime
# -----------------------------------------------------------------------------
ORACLE_DEFAULT_TENANT_ID=tenant_velocity
ORACLE_DEFAULT_TIMEZONE=Asia/Dubai
ORACLE_DEFAULT_LOCALE=en-AE
ORACLE_POLICY_PROFILE_ID=policy_sales_director_standard_v4
ORACLE_DEFAULT_PAGE_TITLE=Oracle Main Canvas
ORACLE_ALLOW_IN_MEMORY_FALLBACK=false
SENTINEL_PERCEPTION_INTERVAL_SECONDS=3

# -----------------------------------------------------------------------------
# Legacy / Adjacent Integrations
# -----------------------------------------------------------------------------
# Supabase is retained only for legacy Catalyst CRM/marketing surfaces.
SUPABASE_URL=
SUPABASE_ANON_KEY=
SUPABASE_SERVICE_ROLE_KEY=

# Ad-network integrations for Catalyst surfaces.
GOOGLE_ADS_DEVELOPER_TOKEN=
GOOGLE_ADS_CLIENT_ID=
GOOGLE_ADS_CLIENT_SECRET=
GOOGLE_ADS_REFRESH_TOKEN=
GOOGLE_ADS_CUSTOMER_ID=
LINKEDIN_ACCESS_TOKEN=
LINKEDIN_ORG_ID=
TWITTER_BEARER_TOKEN=
BRAVE_API_KEY=

# Colony orchestration service. Required for /api/colony mission dispatch.
COLONY_SERVICE_URL=
COLONY_TIMEOUT_SECONDS=30

# -----------------------------------------------------------------------------
# Observability / Alerts
# -----------------------------------------------------------------------------
SENTRY_DSN=
OTEL_EXPORTER_OTLP_ENDPOINT=
SLACK_WEBHOOK_URL=
PAGERDUTY_ROUTING_KEY=

# -----------------------------------------------------------------------------
# Fastlane / Apple Release Automation
# -----------------------------------------------------------------------------
# These are consumed from the operator Mac when running fastlane, not by the
# backend service. They are documented here so release secrets are tracked.
FASTLANE_APPLE_ID=
FASTLANE_TEAM_ID=
FASTLANE_ITC_TEAM_ID=
FASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORD=
FASTLANE_FORCE_CERT=0
FASTLANE_FORCE_PROFILE=0
FASTLANE_SKIP_WAITING=true
FASTLANE_DISTRIBUTE_EXTERNAL=0
FASTLANE_NOTIFY_EXTERNAL_TESTERS=0
FASTLANE_CHANGELOG=
APP_STORE_CONNECT_API_KEY_KEY_ID=
APP_STORE_CONNECT_API_KEY_ISSUER_ID=
APP_STORE_CONNECT_API_KEY_KEY=