# Uniro environment contract
# This file reflects actual runtime usage in the current codebase.

# Required
JWT_SECRET=change-me-to-a-long-random-secret
INITIAL_PASSWORD=change-me
DATA_DIR=/SSD_data2/shared/UniRo_shared/UniRo/uniro_frontend_v2/.data

# Recommended runtime variables
PORT=20128
NODE_ENV=production

# Recommended security and ops variables
API_KEY_SECRET=endpoint-proxy-api-key-secret
MACHINE_ID_SALT=endpoint-proxy-salt
ENABLE_REQUEST_LOGS=false
OBSERVABILITY_ENABLED=true
AUTH_COOKIE_SECURE=false
REQUIRE_API_KEY=false

# Cloud sync variables
# Must point to this running instance so internal sync jobs can call /api/sync/cloud.
# Server-side preferred variables:
BASE_URL=http://localhost:20128
# TODO(uniro-rebrand): replace 9router.com cloud worker with Uniro-owned infra once provisioned.
CLOUD_URL=https://9router.com
# Backward-compatible/public variables:
NEXT_PUBLIC_BASE_URL=http://localhost:20128
NEXT_PUBLIC_CLOUD_URL=https://9router.com

# Optional outbound proxy variables for upstream provider calls
# Lowercase variants are also supported: http_proxy, https_proxy, all_proxy, no_proxy
# HTTP_PROXY=http://127.0.0.1:7890
# HTTPS_PROXY=http://127.0.0.1:7890
# ALL_PROXY=socks5://127.0.0.1:7890
# NO_PROXY=localhost,127.0.0.1

# Currently unused by application runtime (kept as reference)
# INSTANCE_NAME=uniro

# ──────────────────────────────────────────────────────────────────────
# UniRo Connected Mode (Supabase-backed Management)
# Leave UNIRO_CONNECTED_MODE=false to run fully self-hosted (no quota, no cloud auth).
# ──────────────────────────────────────────────────────────────────────
UNIRO_CONNECTED_MODE=true
# Same flag, but client-visible (the Cloud button on the router-builder canvas
# and other client UI need this — server env vars aren't sent to the browser).
NEXT_PUBLIC_UNIRO_CONNECTED_MODE=true

# Supabase project credentials (project "Uniro" — hoswohlkkvhplavvvvyk)
# Supabase has deprecated the legacy `anon` and `service_role` JWTs. Use the
# new `sb_publishable_*` / `sb_secret_*` keys issued by JWT Signing Keys.
# Legacy var names are still read as a fallback for now.
NEXT_PUBLIC_SUPABASE_URL=https://hoswohlkkvhplavvvvyk.supabase.co
NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY=sb_publishable_NWaTQlxEyGRtjGAdKk70fw__PRyOVWz
# server-only — set in deployment env, never expose to the browser

# Legacy fallbacks (deprecated — only set if your project hasn't migrated):
# NEXT_PUBLIC_SUPABASE_ANON_KEY=
# SUPABASE_SERVICE_ROLE_KEY=

# Edge Function gateway secret (shared between Native App processes and the
# session-resolve / usage-events Edge Functions). Generate a long random value.

# Optional: Python Router Service (advanced routing engine)
UNIRO_ROUTER_SERVICE_URL=http://127.0.0.1:8858

# Feature flag for the new /v1/chat/completions coordinator path.
# When false, the legacy open-sse direct path is used.
UNIRO_USE_COORDINATOR=true

# UniRo Management Service — owns the Supabase service-role + gateway secret.
UNIRO_MGMT_URL=http://127.0.0.1:8859
