-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
129 lines (114 loc) · 6.06 KB
/
Copy path.env.example
File metadata and controls
129 lines (114 loc) · 6.06 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
# ----------------------------------------------------------------------------
# Application
# ----------------------------------------------------------------------------
APP_ENV=development # development | staging | production
APP_NAME=Prior Auth Assistant
DEBUG=true # MUST be false in production
LOG_LEVEL=INFO
# ----------------------------------------------------------------------------
# LLM / AI
# ----------------------------------------------------------------------------
ANTHROPIC_API_KEY=
LLM_MODEL=claude-sonnet-5
LLM_MAX_TOKENS_EXTRACTION=1024
LLM_MAX_TOKENS_GENERATION=4096
LLM_MAX_TOKENS_OCR=4096
LLM_MAX_INPUT_CHARS=50000
# Per-org daily LLM token budget (0 = unlimited); override per org in org_quotas.
ORG_DAILY_TOKEN_BUDGET=0
# Live count-tokens ping in /health (costs a trivial amount per check; enable
# from a scheduled probe, not every k8s poll).
HEALTH_CHECK_LLM_LIVE=false
# ----------------------------------------------------------------------------
# AWS region — only consumed by the optional CloudWatch audit sink. Leave
# blank to disable boto3 entirely. OCR runs through Claude now (same key as
# the extraction/generation calls); Textract is no longer used.
# ----------------------------------------------------------------------------
AWS_REGION=us-east-1
# ----------------------------------------------------------------------------
# Database
# ----------------------------------------------------------------------------
DATABASE_URL=postgresql+asyncpg://prior_auth:prior_auth_dev@localhost:5432/prior_auth
# Optional: separate DSN for privileged system paths (bootstrap seeder +
# webhook worker). Points at a Postgres role with BYPASSRLS. Leave blank
# to run everything through DATABASE_URL (small deployments). See
# docs/RUNBOOK.md §9 for the two-role production setup.
DATABASE_ADMIN_URL=
# Connection pool (runtime engine)
DATABASE_POOL_SIZE=5
DATABASE_MAX_OVERFLOW=10
DATABASE_POOL_TIMEOUT=30
# Apply alembic migrations on process start. Set false in multi-replica
# deployments (run `python -m scripts.migrate upgrade head` as an init job).
MIGRATE_ON_STARTUP=true
# ----------------------------------------------------------------------------
# Redis — opt-in. The in-memory rate-limit backend (default) is fine for a
# single API replica. Set RATE_LIMIT_BACKEND=redis below and start the
# redis profile (`docker compose --profile redis up`) when you scale out.
# ----------------------------------------------------------------------------
REDIS_URL=redis://localhost:6379/0
# ----------------------------------------------------------------------------
# Authentication
# ----------------------------------------------------------------------------
# JWT signing secret. In production this MUST be set explicitly (no default).
# Generate with: python -c "import secrets; print(secrets.token_urlsafe(64))"
JWT_SECRET_KEY=
JWT_ALGORITHM=HS256
JWT_EXPIRATION_HOURS=24
# Expired user_sessions rows are purged on this interval.
SESSION_CLEANUP_INTERVAL_MINUTES=60
# One-time bootstrap API keys — seeded into the DB on first boot, then
# the env var should be removed. Additional keys are managed in-DB.
# Comma-separated.
BOOTSTRAP_API_KEYS=
BOOTSTRAP_API_KEY_ORG=system
# ----------------------------------------------------------------------------
# PHI encryption at rest (field-level Fernet)
# ----------------------------------------------------------------------------
# MUST be set in production. Generate with:
# python -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())"
# Rotate by prepending a new key. All listed keys are tried for decryption;
# the first is used for new writes. Comma-separated.
PHI_ENCRYPTION_KEYS=
# ----------------------------------------------------------------------------
# Audit log integrity (HMAC chain key; MUST differ from JWT_SECRET_KEY)
# ----------------------------------------------------------------------------
# Generate with: python -c "import secrets; print(secrets.token_urlsafe(64))"
AUDIT_HMAC_KEY=
# ----------------------------------------------------------------------------
# CORS — comma-separated allowed origins. Must NOT contain '*' or localhost
# in production.
# ----------------------------------------------------------------------------
CORS_ORIGINS=http://localhost:3000,http://localhost:5173
# ----------------------------------------------------------------------------
# Rate limiting — "memory" works for a single API replica; switch to "redis"
# once you run multiple replicas so the window is shared across processes.
# ----------------------------------------------------------------------------
RATE_LIMIT_BACKEND=memory # memory | redis
RATE_LIMIT_REQUESTS=100
RATE_LIMIT_WINDOW_SECONDS=60
# ----------------------------------------------------------------------------
# HTTP / proxy trust
# ----------------------------------------------------------------------------
REQUIRE_HTTPS=false # MUST be true in production
# IPs/CIDRs whose X-Forwarded-For header is trusted. Blank = ignore the header.
TRUSTED_PROXIES=
# ----------------------------------------------------------------------------
# File upload
# ----------------------------------------------------------------------------
MAX_UPLOAD_SIZE_MB=10
# ----------------------------------------------------------------------------
# Audit sink — optional append-only external copy of audit events
# (CloudWatch Logs; pairs with AWS_REGION above). Blank = disabled.
# ----------------------------------------------------------------------------
AUDIT_SINK_CLOUDWATCH_GROUP=
# ----------------------------------------------------------------------------
# Webhooks — outbound delivery worker
# ----------------------------------------------------------------------------
WEBHOOK_DELIVERY_TIMEOUT_SECONDS=5
WEBHOOK_MAX_ATTEMPTS=5
# ----------------------------------------------------------------------------
# OpenTelemetry — blank endpoint disables tracing export
# ----------------------------------------------------------------------------
OTEL_EXPORTER_OTLP_ENDPOINT=
OTEL_SERVICE_NAME=prior-auth-assistant