# agiliton-account — copy to .env and fill in values
# Secrets are read from vault on the infra VM via entrypoint.sh

PORT=4100
HOST=0.0.0.0
LOG_LEVEL=info
NODE_ENV=production

# Database (shared agiliton Postgres)
DATABASE_URL=postgres://agiliton:PASSWORD@postgres:5432/agiliton

# Redis
REDIS_URL=redis://redis:6379

# JWT (32+ random bytes, hex)
JWT_SECRET=changeme-generate-with-openssl-rand-hex-32
JWT_EXPIRES_IN=7d

# AES-256-GCM encryption for LiteLLM virtual keys (64 hex chars = 32 bytes)
ENCRYPTION_KEY=changeme-generate-with-openssl-rand-hex-32

# LiteLLM
LITELLM_URL=http://litellm:4000
LITELLM_MASTER_KEY=sk-litellm-master-key

# Shared secret for LiteLLM→agiliton-account MCP bridge calls
MCP_BRIDGE_SECRET=changeme-generate-with-openssl-rand-hex-32

# Google OAuth (create at console.cloud.google.com)
GOOGLE_CLIENT_ID=xxx.apps.googleusercontent.com
GOOGLE_CLIENT_SECRET=GOCSPX-xxx

# Microsoft OAuth (optional, create at portal.azure.com)
MS_CLIENT_ID=
MS_TENANT_ID=common

# Customer defaults
DEFAULT_BUDGET_USD=30.0
DEFAULT_BUDGET_DURATION=30d
DEFAULT_RPM_LIMIT=30
DEFAULT_MODELS=claude-sonnet-4-6,claude-opus-4-6,grok-heavy
MCP_BRIDGE_TIMEOUT_MS=15000