-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathenv.example
More file actions
51 lines (40 loc) · 1.53 KB
/
Copy pathenv.example
File metadata and controls
51 lines (40 loc) · 1.53 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
# GovernsAI Precheck Environment Configuration
# Server Configuration
APP_BIND=0.0.0.0:8080
DEBUG=false
# Database Configuration
DB_URL=sqlite:///./local.db
# DATABASE_URL is also accepted as an alias.
# For PostgreSQL: DB_URL=postgresql://user:password@localhost/precheck
# Redis Configuration (optional)
# REDIS_URL=redis://localhost:6379
PRECHECK_ALLOW_CACHE_TTL_SECONDS=60
# Public Base URL (for cloud mode)
# PUBLIC_BASE=https://your-domain.com
# Presidio Configuration
USE_PRESIDIO=true
PRESIDIO_MODEL=en_core_web_sm
# API Configuration
API_KEY_HEADER=X-Governs-Key
# API_KEY=your-api-key-here # Optional: API key from .env (fallback if not in header)
# Webhook Configuration
# Base URL of the dashboard websocket gateway. Per-request URLs are built by
# appending ?org=<org_id>&key=<conn_key>&channels=org:<org_id>:decisions —
# org_id comes from the authenticated API key, never from this URL.
# WEBHOOK_BASE_URL=wss://governsai-console.onrender.com/ws/gateway
# Connection-level key the gateway uses to authenticate the precheck service
# itself (separate from per-request user keys).
# WEBHOOK_CONN_KEY=dev-webhook-conn-key-change-in-production
WEBHOOK_SECRET=dev-webhook-secret-change-in-production
PRECHECK_DLQ=/tmp/precheck.dlq.jsonl
WEBHOOK_TIMEOUT_S=2.5
WEBHOOK_MAX_RETRIES=3
WEBHOOK_BACKOFF_BASE_MS=150
# PII Tokenization
PII_TOKEN_SALT=dev-pii-token-salt-change-in-production
# Key hashing
KEY_HMAC_SECRET=dev-key-hmac-secret-change-in-production
# Error Handling
ON_ERROR=block
# Policy Configuration
POLICY_FILE=policy.tool_access.yaml