app/.env.example

# ════════════════════════════════════════════════════════════════════
# CTXD — Context Dossier Environment Configuration
# Copy to .env and fill in your values. All variables are optional
# unless running in Docker (DATABASE_URL, CTXD_API_KEY, OAUTH_* required).
#
# Precedence: env var > ctxd.yaml (in /data) > built-in defaults
# ════════════════════════════════════════════════════════════════════

# ── Database ────────────────────────────────────────────────────────
# Full PostgreSQL connection string. If empty, CTXD falls back to SQLite
# at /data/ctxd.db (or CTXD_HOME/ctxd.db).
DATABASE_URL=postgresql://ctxd:ctxd_local_dev@postgres:5432/ctxd

# Postgres container settings (only used when running the bundled PG)
POSTGRES_USER=ctxd
POSTGRES_PASSWORD=ctxd_local_dev
POSTGRES_DB=ctxd

# ── Server ──────────────────────────────────────────────────────────
# Bind address and port inside the container
CTXD_HOST=0.0.0.0
CTXD_PORT=9091

# Data directory (inside container)
CTXD_HOME=/data

# Uvicorn log level: debug, info, warning, error
LOG_LEVEL=info

# ── Auth ────────────────────────────────────────────────────────────
# Enable authentication globally
CTXD_AUTH_ENABLED=true

# Shared API key for Hermes/internal MCP + HTTP auth
CTXD_API_KEY=

# Legacy read-only key for /readonly/sse ?key= migration
CTXD_EXTERNAL_READONLY_KEY=

# ── OAuth ───────────────────────────────────────────────────────────
# Enable the OAuth authorization server
OAUTH_ENABLED=true

# Public URL of the server (used in OAuth discovery metadata)
OAUTH_ISSUER=https://ctxd.example.com

# Fallback approval key for /oauth/authorize
OAUTH_APPROVAL_KEY=

# Which user ID to attribute OAuth approvals to
OAUTH_APPROVAL_USER_ID=admin

# Token lifetimes in seconds
OAUTH_ACCESS_TOKEN_TTL=3600
OAUTH_REFRESH_TOKEN_TTL=2592000

# ── Web Sessions ────────────────────────────────────────────────────
# Session cookie lifetime in seconds (default: 7 days)
WEB_SESSION_TTL=604800

# ── Snapshots ───────────────────────────────────────────────────────
# Min/max snapshots retained per project before rotation
SNAPSHOT_MIN_KEEP=5
SNAPSHOT_MAX_KEEP=25
feat: PostgreSQL migration, OAuth write MCP, Streamable HTTP, env-driven config, admin UI, landing page 2026-06-24 22:50:54 +00:00			`# ════════════════════════════════════════════════════════════════════`
			`# CTXD — Context Dossier Environment Configuration`
			`# Copy to .env and fill in your values. All variables are optional`
			`# unless running in Docker (DATABASE_URL, CTXD_API_KEY, OAUTH_* required).`
			`#`
			`# Precedence: env var > ctxd.yaml (in /data) > built-in defaults`
			`# ════════════════════════════════════════════════════════════════════`

			`# ── Database ────────────────────────────────────────────────────────`
			`# Full PostgreSQL connection string. If empty, CTXD falls back to SQLite`
			`# at /data/ctxd.db (or CTXD_HOME/ctxd.db).`
			`DATABASE_URL=postgresql://ctxd:ctxd_local_dev@postgres:5432/ctxd`

			`# Postgres container settings (only used when running the bundled PG)`
			`POSTGRES_USER=ctxd`
			`POSTGRES_PASSWORD=ctxd_local_dev`
			`POSTGRES_DB=ctxd`

			`# ── Server ──────────────────────────────────────────────────────────`
			`# Bind address and port inside the container`
			`CTXD_HOST=0.0.0.0`
			`CTXD_PORT=9091`

			`# Data directory (inside container)`
			`CTXD_HOME=/data`

			`# Uvicorn log level: debug, info, warning, error`
			`LOG_LEVEL=info`

			`# ── Auth ────────────────────────────────────────────────────────────`
			`# Enable authentication globally`
			`CTXD_AUTH_ENABLED=true`

			`# Shared API key for Hermes/internal MCP + HTTP auth`
			`CTXD_API_KEY=`

			`# Legacy read-only key for /readonly/sse ?key= migration`
			`CTXD_EXTERNAL_READONLY_KEY=`

			`# ── OAuth ───────────────────────────────────────────────────────────`
			`# Enable the OAuth authorization server`
			`OAUTH_ENABLED=true`

			`# Public URL of the server (used in OAuth discovery metadata)`
			`OAUTH_ISSUER=https://ctxd.example.com`

			`# Fallback approval key for /oauth/authorize`
			`OAUTH_APPROVAL_KEY=`

			`# Which user ID to attribute OAuth approvals to`
			`OAUTH_APPROVAL_USER_ID=admin`

			`# Token lifetimes in seconds`
			`OAUTH_ACCESS_TOKEN_TTL=3600`
			`OAUTH_REFRESH_TOKEN_TTL=2592000`

			`# ── Web Sessions ────────────────────────────────────────────────────`
			`# Session cookie lifetime in seconds (default: 7 days)`
			`WEB_SESSION_TTL=604800`

			`# ── Snapshots ───────────────────────────────────────────────────────`
			`# Min/max snapshots retained per project before rotation`
			`SNAPSHOT_MIN_KEEP=5`
			`SNAPSHOT_MAX_KEEP=25`