mirror of
https://github.com/Memo-2023/mana-monorepo.git
synced 2026-05-14 17:41:09 +02:00
5635598a58
managarten redet jetzt nicht mehr direkt mit Better-Auth — Login,
Register, Passwort-Reset, 2FA-Verify, Magic-Link, Passkey-Login laufen
ALLE über `auth.mana.how` (mana-auth-web portal). managarten ist nur
noch Consumer einer existierenden Session.
## Architektur
- Unauthenticated: `redirectToPortal({ next })` macht hartes Redirect zu
`auth.mana.how/login?app=mana&redirect=<callback>`. AuthGate
(`(app)/+layout.svelte`) und `require-auth` triggern das.
- Nach Login: Portal setzt SSO-Cookie auf `.mana.how`. Browser landet
auf `/auth/callback?next=<deep-link>`.
- Callback: `session.tryRefresh()` holt frischen JWT via Cookie,
`loadUserFromToken()` setzt User, `goto(next)` renderet (app)-Layout
mit unlocked Vault (Root-Layout-$effect feuert auf User-ID-Wechsel).
## Files
NEU:
- `lib/auth/portal-redirect.ts` — Helper für Portal-URL-Bau + hard redirect.
- `lib/auth/session.svelte.ts` — schlanke Session-Klasse: Token-Refresh
via SSO-Cookie, ensureFresh, signOut. Storage: `mana.auth.accessToken`,
`mana.auth.user`.
- `lib/auth/settings-client.ts` — Passkey-CRUD, 2FA-Setup, Sessions,
Audit-Events. Pflegt keinen State, ruft direkt mana-auth API.
GELÖSCHT:
- `routes/(auth)/login|register|forgot-password|reset-password|+layout`
- `routes/auth/reset-password` (war Alias-Redirect)
- Komplette `(auth)` route group.
UMGESCHRIEBEN:
- `lib/stores/auth.svelte.ts` — re-exportiert `session` als `authStore`
(keine 47-Methoden-Factory aus `@mana/shared-auth-ui` mehr).
- `routes/auth/callback/+page.svelte` — Token-Refresh + Deep-Link statt
Legacy-Supabase-Stub.
- `lib/components/settings/sections/SecuritySection.svelte` — alle
`authStore.registerPasskey/enableTwoFactor/...` Calls auf neuen
`settings-client` umgelenkt. UI-Komponenten (PasskeyManager,
TwoFactorSetup, …) aus `@mana/shared-auth-ui` bleiben — sind reine
Render-Components.
ANGEPASST (Portal-Redirect statt `goto('/login')`):
- `(app)/+layout.svelte`, `RouteTierGate`, `email-verified`,
`verification-failed`, `feedback/+layout`, `quotes/lists`,
`quotes/favorites`, `citycorners/favorites`, `feedback/DetailView`,
`feedback/ListView`, `profile/ListView`, `guest-prompt`,
`require-auth.svelte.ts`.
ENV:
- `.env.development`: `MANA_AUTH_WEB_URL=http://localhost:3002`.
- `scripts/generate-env.mjs`: schreibt `PUBLIC_MANA_AUTH_URL` +
`PUBLIC_AUTH_WEB_URL` ins `apps/mana/apps/web/.env`.
## Status
- `pnpm run check`: 0 errors, 0 warnings, 7672 files.
- `pnpm build` (8 GB heap): grün.
- E2E lokal + Production-Deploy stehen aus — Plan siehe
`mana/docs/playbooks/MANAGARTEN_AUTH_PORTAL_MIGRATION.md`.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
563 lines
24 KiB
Text
563 lines
24 KiB
Text
# ============================================
|
||
# Mana Core Monorepo - Development Environment
|
||
# ============================================
|
||
# This is the central source of truth for all dev environment variables.
|
||
# Run `pnpm setup:env` to generate app-specific .env files.
|
||
#
|
||
# DO NOT commit real API keys or production values here.
|
||
# This file contains development/local values only.
|
||
# ============================================
|
||
|
||
# ============================================
|
||
# SHARED - Used across multiple apps
|
||
# ============================================
|
||
|
||
# GlitchTip Error Tracking (self-hosted Sentry-compatible)
|
||
# Set DSN after creating projects in GlitchTip admin
|
||
# Format: https://<key>@glitchtip.mana.how/<project-id>
|
||
GLITCHTIP_DSN=
|
||
|
||
# GlitchTip Frontend DSN (empty in dev, set per-app in production)
|
||
# These are separate GlitchTip projects from backends
|
||
PUBLIC_GLITCHTIP_DSN=
|
||
|
||
# Mana Core Auth Service
|
||
MANA_AUTH_URL=http://localhost:3001
|
||
# Auth-Portal-UI (Login/Register/Reset, getrennt vom Auth-API-Service).
|
||
# In Prod identisch mit MANA_AUTH_URL (nginx splittet /api/* zu mana-auth,
|
||
# Rest zu mana-auth-web), lokal aber eigener Port (mana-auth-web :3002).
|
||
MANA_AUTH_WEB_URL=http://localhost:3002
|
||
# Mana Credits Service
|
||
MANA_CREDITS_URL=http://localhost:3061
|
||
# Mana Media Service (CAS, thumbnails, Photos gallery)
|
||
MANA_MEDIA_URL=http://localhost:3015
|
||
# Mana Events Service (public RSVP & event sharing)
|
||
MANA_EVENTS_URL=http://localhost:3115
|
||
PUBLIC_MANA_EVENTS_URL=http://localhost:3115
|
||
# Service key for service-to-service communication
|
||
MANA_SERVICE_KEY=dev-service-key-for-bot-sso-2024
|
||
|
||
# WebAuthn / Passkeys (localhost for dev, mana.how for production)
|
||
WEBAUTHN_RP_ID=localhost
|
||
WEBAUTHN_ORIGINS=http://localhost:5173,http://localhost:5174,http://localhost:5175,http://localhost:5176,http://localhost:5177,http://localhost:5178,http://localhost:5179,http://localhost:5180,http://localhost:5181,http://localhost:5182,http://localhost:5183,http://localhost:5184,http://localhost:5185,http://localhost:3001
|
||
|
||
# JWT Keys (shared across apps for token verification)
|
||
JWT_PRIVATE_KEY="-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDGRsOXROB4lprw\n9oXaOIt+cwHe3UxBOoiWiUXcpFuXwb+kBWn/LyjeCIOXtefOwE0S10JEodK+6foe\naqGHanq86qAmmkb4a8sjj5LAxXkHL35sJo8HaYcx5NkJQLxQSRHpTfdfxsKsKwxa\n4R4uqrvToqdo6tl/VMsGDPS8L7KzaiKaSdGugvlVtXWgV1soeXSUPyPwpyAXQg7h\nY4CkTSkJAplrs77RLdj8u6jbHKR3F7QkwiU1JocjhM1GP/suKiqXRu8omLFnu45C\ns09SNSRsOpNY5csrKA4PZ2LCks9VHH7HafFvB+BbRw4+Ssr6myOysAztqi3bZMRW\nLTakWpBbAgMBAAECggEAF5zi0IzaghHxhtkyYfrSRgSynX9+WYBRNu2ch8/SZqAj\neghOXMkZgAPEjtiSMDGqRsr4ReMoYtB2Qea8sOX8kwC1gj4Po1Mhtez0cwexclUf\nebLH3X/y9/1YiZJk5YImOMIuaoC/ELDvFOhIEhJcMbKREbIc+oiMcH6HgN0vViVh\nJptgHTnqnGHNARkEpf+xnxqJJxEgrEMz50b4fApKpoZsWXNnZ3Atc/i2ziGew5z4\npnGJxs9TWSukBZaQvl9iluBBvqmPkCOId+L7CmB44bNURpqQOm8gxEgLcdn06y5j\nIKee3Z4H6OTseFvSIYYqBqCyyyZWHICBZXUCDQKUbQKBgQDnFe+O+pQc5looLFiF\nxuYsfDtJqvoMgQ0BaVAo6wVpPe6w+1NA6ZxghcM0+8zyc70jZvdMXINhdsfWD5Gi\nJ/NEDI8EXJJKMfnFQ7F1Ad5NyTnnn/TsLda4GIGQznPRS6uxUP4ljFtxmU9G8Diz\nUQ47XsLjwzzbTedMTSYoQ46kdwKBgQDbp0dIq047o4A72/BBttKdZbgQmjFmqCXF\n8YRUquIDXh/CJ4OQwOIaOvk2398Rg53c3MsV+XCJaMmWYqnJ4BdITLsqeGKsczoS\nI0DMehDr++aOoX/f29r1c+7J/fV5jtAEUcwIEOR1vyAM+WdiWnnTvdpMPVUDsgaT\ntuH0E8WgPQKBgQCCINci87Z+Q7VXVAmRY7zwJhEY3eArNGzHc6+BKz+D0S1dmll6\nf1LhA9I2PuldSpGiovP1m08cjk/gGipPXyHdGxlaQmravyPA0urWUfQGZ59k8K1y\nZim4x4wGqEuN+4e2tT44lL5VzRhYgSPcznMuOaGTsrjNYiQy0mr/V3O25wKBgHvV\nryaVDaIp553XvXgO7ma2djNF+xv5KHKUWxqwzINBiX4YcOAnHlHTdbUuOcDSByoB\ngK1+16dgYGZccYTSxc2JFOw4usimndKj9WBSYT/p4G4BNuqqNKO1HKbceoxxq20E\nAJd7jpGjkxo9cb/Nammp22yoF0niEDsvG+xTSVOxAoGBAMfxHYCMdPc625upCbqG\nkPSJJGYREKGad80OtXilYXLvBPzV65q32k2YZGjaicPKRAzj72KO4nfIu9SY6bfO\nBvXCtIcvllZQuxyd3Cd8MirujJodKwThLTMd4bAYYMXGz1/W6R6pzunZs5KEpgEr\nczy9Gk9WNp0t8vfzyZZ9aago\n-----END PRIVATE KEY-----"
|
||
JWT_PUBLIC_KEY="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxkbDl0TgeJaa8PaF2jiL\nfnMB3t1MQTqIlolF3KRbl8G/pAVp/y8o3giDl7XnzsBNEtdCRKHSvun6Hmqhh2p6\nvOqgJppG+GvLI4+SwMV5By9+bCaPB2mHMeTZCUC8UEkR6U33X8bCrCsMWuEeLqq7\n06KnaOrZf1TLBgz0vC+ys2oimknRroL5VbV1oFdbKHl0lD8j8KcgF0IO4WOApE0p\nCQKZa7O+0S3Y/Luo2xykdxe0JMIlNSaHI4TNRj/7Lioql0bvKJixZ7uOQrNPUjUk\nbDqTWOXLKygOD2diwpLPVRx+x2nxbwfgW0c+Ssr6myOysAztqi3bZMRWLTakWpBb\nwIDAQAB\n-----END PUBLIC KEY-----"
|
||
|
||
# Database (shared Postgres for local Docker)
|
||
POSTGRES_USER=mana
|
||
POSTGRES_PASSWORD=devpassword
|
||
|
||
# Redis
|
||
REDIS_HOST=localhost
|
||
REDIS_PORT=6379
|
||
REDIS_PASSWORD=devpassword
|
||
|
||
# MinIO Object Storage (local S3-compatible storage)
|
||
MINIO_ROOT_USER=minioadmin
|
||
MINIO_ROOT_PASSWORD=minioadmin
|
||
S3_ENDPOINT=http://localhost:9000
|
||
S3_REGION=us-east-1
|
||
S3_ACCESS_KEY=minioadmin
|
||
S3_SECRET_KEY=minioadmin
|
||
|
||
# ============================================
|
||
# MANA-CORE-AUTH SERVICE
|
||
# ============================================
|
||
|
||
MANA_AUTH_PORT=3001
|
||
MANA_AUTH_DATABASE_URL=postgresql://mana:devpassword@localhost:5432/mana_platform
|
||
|
||
# Encryption Vault Key Encryption Key (KEK)
|
||
# Wraps each user's master key in auth.encryption_vaults. In development
|
||
# this can stay empty (a deterministic dev fallback is used + a loud
|
||
# warning is logged at boot). In production it MUST be set to a base64-
|
||
# encoded 32-byte random value: `openssl rand -base64 32`
|
||
# Future: migrate to KMS / Vault — keep the env var for now.
|
||
MANA_AUTH_KEK=
|
||
|
||
JWT_ACCESS_TOKEN_EXPIRY=15m
|
||
JWT_REFRESH_TOKEN_EXPIRY=7d
|
||
JWT_ISSUER=mana
|
||
JWT_AUDIENCE=mana
|
||
CORS_ORIGINS=http://localhost:3000,http://localhost:3002,http://localhost:5173,http://localhost:5174,http://localhost:5175,http://localhost:5176,http://localhost:5177,http://localhost:5178,http://localhost:5179,http://localhost:5180,http://localhost:5181,http://localhost:5182,http://localhost:5183,http://localhost:5184,http://localhost:5185,http://localhost:5186,http://localhost:5187,http://localhost:5188,http://localhost:5189,http://localhost:5190,http://localhost:5191,http://localhost:5195,http://localhost:8081
|
||
CREDITS_SIGNUP_BONUS=150
|
||
CREDITS_DAILY_FREE=5
|
||
RATE_LIMIT_TTL=60
|
||
RATE_LIMIT_MAX=100
|
||
|
||
# Stripe Configuration
|
||
# Get your keys from https://dashboard.stripe.com/apikeys
|
||
STRIPE_SECRET_KEY=sk_live_YOUR_STRIPE_SECRET_KEY
|
||
STRIPE_PUBLISHABLE_KEY=pk_test_YOUR_KEY
|
||
STRIPE_WEBHOOK_SECRET=whsec_YOUR_WEBHOOK_SECRET
|
||
|
||
# Stripe Product & Price IDs - Mana Quellen (Subscriptions, Live)
|
||
# S: 4.99€/month, 47.90€/year - 500 Mana
|
||
STRIPE_S_PRODUCT_ID=prod_UDzZl1uKIHplam
|
||
STRIPE_S_PRICE_MONTHLY=price_1TFXaKAZjQCYS0ZJGQFSxm8v
|
||
STRIPE_S_PRICE_YEARLY=price_1TFXaLAZjQCYS0ZJwFnGP29S
|
||
|
||
# M: 9.99€/month, 95.90€/year - 1000 Mana
|
||
STRIPE_M_PRODUCT_ID=prod_UDzZXZxEVoyQMF
|
||
STRIPE_M_PRICE_MONTHLY=price_1TFXaMAZjQCYS0ZJMRmTgQvb
|
||
STRIPE_M_PRICE_YEARLY=price_1TFXaNAZjQCYS0ZJ6AS1vRkx
|
||
|
||
# L: 19.99€/month, 191.90€/year - 2000 Mana
|
||
STRIPE_L_PRODUCT_ID=prod_UDzZcDxsDS3q1T
|
||
STRIPE_L_PRICE_MONTHLY=price_1TFXaNAZjQCYS0ZJaqXjJ0HC
|
||
STRIPE_L_PRICE_YEARLY=price_1TFXaOAZjQCYS0ZJVndo98Pf
|
||
|
||
# XL: 39.99€/month, 383.90€/year - 4000 Mana
|
||
STRIPE_XL_PRODUCT_ID=prod_UDzZum6MMQkc0b
|
||
STRIPE_XL_PRICE_MONTHLY=price_1TFXaPAZjQCYS0ZJ0q7OysMg
|
||
STRIPE_XL_PRICE_YEARLY=price_1TFXaQAZjQCYS0ZJ6rDqh2FU
|
||
|
||
# XXL: 99.99€/month, 959.90€/year - 10000 Mana
|
||
STRIPE_XXL_PRODUCT_ID=prod_UDzZreFcbGxdJj
|
||
STRIPE_XXL_PRICE_MONTHLY=price_1TFXaQAZjQCYS0ZJ3A6QB2sv
|
||
STRIPE_XXL_PRICE_YEARLY=price_1TFXaRAZjQCYS0ZJCuYSesCA
|
||
|
||
# Mana Tränke (One-time purchases, 1 Mana = 1.4 Cent)
|
||
STRIPE_POTION_SMALL_PRODUCT_ID=prod_UDKn8rXX0Crz0T
|
||
STRIPE_POTION_SMALL_PRICE=price_1TEu8UAZjQCYS0ZJUGnsu9SH
|
||
STRIPE_POTION_MEDIUM_PRODUCT_ID=prod_UDKnANMuSvWMIE
|
||
STRIPE_POTION_MEDIUM_PRICE=price_1TEu8UAZjQCYS0ZJQr2FbDm0
|
||
STRIPE_POTION_LARGE_PRODUCT_ID=prod_UDKnTxFN6xD0ID
|
||
STRIPE_POTION_LARGE_PRICE=price_1TEu8VAZjQCYS0ZJDX6i2jwv
|
||
STRIPE_POTION_HUGE_PRODUCT_ID=prod_UDKncb3tyAlGKy
|
||
STRIPE_POTION_HUGE_PRICE=price_1TEu8VAZjQCYS0ZJ7AO86Jrt
|
||
|
||
# Customer Portal Configuration
|
||
STRIPE_PORTAL_CONFIG_ID=bpc_1T1PFdAZjQCYS0ZJEhF9ob7q
|
||
|
||
# ============================================
|
||
# UMAMI ANALYTICS
|
||
# ============================================
|
||
# All app modules are tracked under the unified Mana website ID.
|
||
# Module segmentation happens via the `module` event property (see analytics.ts).
|
||
# Register new sites at https://stats.mana.how
|
||
UMAMI_WEBSITE_ID_MANA=32777167-e026-4618-933a-3429120b479b
|
||
|
||
# Landing Page Website IDs (separate Astro sites, each needs its own ID)
|
||
UMAMI_WEBSITE_ID_CHAT_LANDING=a264b165-80d2-47ab-91f4-2efc01de0b66
|
||
UMAMI_WEBSITE_ID_MANA_LANDING=cef3798d-85ae-47df-a44a-e9bee09dbcf9
|
||
UMAMI_WEBSITE_ID_CARDS_LANDING=2ac83d50-107f-4d4e-ac23-5540946e96e3
|
||
UMAMI_WEBSITE_ID_CALENDAR_LANDING=84862d98-727e-4e25-8645-639241dd1544
|
||
UMAMI_WEBSITE_ID_CLOCK_LANDING=0332b471-a022-46af-a726-0f45932bfd58
|
||
UMAMI_WEBSITE_ID_PICTURE_LANDING=d3ac98e6-0d1a-47a3-a218-2a81fff596bd
|
||
UMAMI_WEBSITE_ID_TODO_LANDING=538eb4b6-2241-45a3-994d-cdb9bdb0c250
|
||
UMAMI_WEBSITE_ID_FOOD_LANDING=15610d03-b280-4b92-9c71-0ef89c23202b
|
||
UMAMI_WEBSITE_ID_PRESI_LANDING=dd485016-0077-47b9-9f59-ab2c6c1730ee
|
||
UMAMI_WEBSITE_ID_MUKKE_LANDING=b2c9ab34-3c53-4463-9dde-1ecf098886a5
|
||
|
||
# ============================================
|
||
# CHAT PROJECT
|
||
# ============================================
|
||
|
||
# Chat Backend
|
||
CHAT_BACKEND_PORT=3002
|
||
CHAT_DATABASE_URL=postgresql://mana:devpassword@localhost:5432/mana_platform
|
||
DEV_BYPASS_AUTH=true
|
||
DEV_USER_ID=00000000-0000-0000-0000-000000000000
|
||
|
||
# OpenRouter API (all AI models via OpenRouter)
|
||
# Get your API key at https://openrouter.ai/keys
|
||
OPENROUTER_API_KEY=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
|
||
|
||
# Ollama (local LLM server - runs on Mac Mini)
|
||
# Use SSH tunnel: ssh -L 11434:localhost:11434 mana-server
|
||
# Or set to direct URL if Ollama is exposed (e.g., https://ollama.mana.how)
|
||
OLLAMA_URL=http://localhost:11434
|
||
|
||
# mana-llm (OpenAI-compatible gateway, port 3025 locally / llm.mana.how prod)
|
||
# Used by server-side voice quick-add proxies (parse-task, parse-habit).
|
||
# Defaults to the shared dev gateway because nobody runs mana-llm in
|
||
# local Docker — same convention as STT_URL above. If you want a fully
|
||
# offline local stack, override this to http://localhost:3025 and run
|
||
# `docker compose up mana-llm`. API key is required when pointing at
|
||
# the GPU LLM proxy (gpu-llm.mana.how).
|
||
MANA_LLM_URL=https://llm.mana.how
|
||
MANA_LLM_API_KEY=
|
||
# Legacy: MANA_LLM_DEFAULT_MODEL / WRITING_MODEL / COMIC_STORYBOARD_MODEL
|
||
# / VISION_MODEL — removed in M5 of llm-fallback-aliases. Backend code
|
||
# now requests `mana/<class>` aliases (see packages/shared-ai/src/llm-
|
||
# aliases.ts) which mana-llm resolves via services/mana-llm/aliases.yaml.
|
||
|
||
# mana-research — unified research orchestration (port 3068). Fronts
|
||
# search + extract + sync/async research agents behind one API. mana-ai
|
||
# calls the service-to-service /api/v1/internal/research/async path
|
||
# for cross-tick Deep Research Max jobs.
|
||
MANA_RESEARCH_URL=http://localhost:3068
|
||
|
||
# mana-ai deep-research opt-in. When true AND a mission's objective
|
||
# matches DEEP_RESEARCH_TRIGGER (see services/mana-ai/src/cron/tick.ts),
|
||
# mana-ai submits a gemini-deep-research-max task (~$3–7 / 1500 credits
|
||
# per run) and polls across ticks instead of the shallow RSS path.
|
||
# Keep this off in dev unless you're actively testing the feature.
|
||
MANA_AI_DEEP_RESEARCH_ENABLED=false
|
||
|
||
# mana-crawler — Go service. Default binary port is 3023 (local dev);
|
||
# the macmini docker-compose overrides to 3014 internally. Used by the
|
||
# Kontext URL import endpoint (POST /api/v1/kontext/import-url) to
|
||
# fetch and convert web pages to markdown. No public ingress —
|
||
# apps/api reaches it via localhost in dev, via mana-crawler:3014
|
||
# hostname in the Docker network.
|
||
MANA_CRAWLER_URL=http://localhost:3023
|
||
|
||
# ============================================
|
||
# MAERCHENZAUBER PROJECT
|
||
# ============================================
|
||
|
||
MAERCHENZAUBER_BACKEND_PORT=3013
|
||
MAERCHENZAUBER_APP_ID=8d2f5ddb-e251-4b3b-8802-84022a7ac77f
|
||
|
||
# Azure OpenAI for story generation
|
||
MAERCHENZAUBER_AZURE_OPENAI_KEY=YOUR_KEY
|
||
MAERCHENZAUBER_AZURE_OPENAI_ENDPOINT=https://your-endpoint.openai.azure.com/openai/deployments/gpt-4o/chat/completions?api-version=2024-08-01-preview
|
||
|
||
# Replicate for image generation
|
||
MAERCHENZAUBER_REPLICATE_API_KEY=YOUR_KEY
|
||
|
||
# ============================================
|
||
# CARDS PROJECT
|
||
# ============================================
|
||
|
||
CARDS_BACKEND_PORT=3009
|
||
CARDS_DATABASE_URL=postgresql://mana:devpassword@localhost:5432/mana_platform
|
||
CARDS_APP_ID=cea4bfc6-a4de-4e17-91e2-54275940156e
|
||
|
||
# ============================================
|
||
# PICTURE PROJECT
|
||
# ============================================
|
||
|
||
PICTURE_BACKEND_PORT=3006
|
||
PICTURE_BACKEND_URL=http://localhost:3006
|
||
PICTURE_DATABASE_URL=postgresql://mana:devpassword@localhost:5432/mana_platform
|
||
|
||
# Replicate API Token for AI image generation
|
||
PICTURE_REPLICATE_API_TOKEN=r8_QlvkstNhIc6NBX1ktpQ6ibvzOE2d2UQ1Emamd
|
||
|
||
# Storage Configuration (uses MinIO locally)
|
||
# Uses shared S3_* variables from above - no project-specific override needed for local dev
|
||
PICTURE_STORAGE_PUBLIC_URL=http://localhost:9000/picture-storage
|
||
|
||
# Credit System (staging only - freemium: 3 free images, then credits)
|
||
PICTURE_APP_ID=picture-app
|
||
PICTURE_MANA_SERVICE_KEY=
|
||
|
||
# ============================================
|
||
# FOOD PROJECT
|
||
# ============================================
|
||
|
||
FOOD_BACKEND_PORT=3023
|
||
FOOD_DATABASE_URL=postgresql://mana:devpassword@localhost:5432/mana_platform
|
||
FOOD_APP_ID=food
|
||
|
||
# Google Gemini API — feeds food image analysis AND mana-api Wardrobe
|
||
# Try-On (Nano Banana edits). Rotated 2026-04-24: previous key
|
||
# AIzaSyBR9... expired with "API_KEY_INVALID / API key expired".
|
||
# Matches GOOGLE_GENAI_API_KEY used by mana-research + mana-auth.
|
||
GEMINI_API_KEY=AIzaSyA0rTThrAXgz1BLPqALeyMFG64GSgtu88A
|
||
|
||
# S3 Storage (uses MinIO locally via shared S3_* variables)
|
||
FOOD_S3_PUBLIC_URL=http://localhost:9000/food-storage
|
||
|
||
# ============================================
|
||
# QUOTES PROJECT
|
||
# ============================================
|
||
|
||
QUOTES_BACKEND_PORT=3007
|
||
QUOTES_DATABASE_URL=postgresql://mana:devpassword@localhost:5432/mana_platform
|
||
|
||
# ============================================
|
||
# QUOTES TELEGRAM BOT
|
||
# ============================================
|
||
|
||
QUOTES_BOT_PORT=3303
|
||
QUOTES_BOT_DATABASE_URL=postgresql://mana:devpassword@localhost:5432/mana_platform
|
||
QUOTES_BOT_TELEGRAM_TOKEN=8489424174:AAHHG_mlLVeu6xAWY6U2ZGXO0D8JKWnqBvg
|
||
|
||
# ============================================
|
||
# TODO TELEGRAM BOT
|
||
# ============================================
|
||
|
||
TODO_BOT_PORT=3304
|
||
TODO_BOT_DATABASE_URL=postgresql://mana:devpassword@localhost:5432/mana_platform
|
||
TODO_BOT_TELEGRAM_TOKEN=8363906368:AAHzNC1DPSb0TUb2a3UGWWH1_rrAQFdBv2w
|
||
TODO_BOT_API_URL=http://localhost:3018
|
||
|
||
# ============================================
|
||
# PRESI PROJECT
|
||
# ============================================
|
||
|
||
PRESI_BACKEND_PORT=3008
|
||
PRESI_DATABASE_URL=postgresql://mana:devpassword@localhost:5432/mana_platform
|
||
|
||
# ============================================
|
||
# VOXEL-LAVA PROJECT
|
||
# ============================================
|
||
|
||
VOXEL_LAVA_BACKEND_PORT=3010
|
||
VOXEL_LAVA_DATABASE_URL=postgresql://mana:devpassword@localhost:5432/mana_platform
|
||
VOXEL_LAVA_API_URL=http://localhost:3010
|
||
|
||
# ============================================
|
||
# CONTACTS PROJECT
|
||
# ============================================
|
||
|
||
CONTACTS_BACKEND_PORT=3015
|
||
CONTACTS_DATABASE_URL=postgresql://mana:devpassword@localhost:5432/mana_platform
|
||
|
||
# S3 Storage for contact photos
|
||
CONTACTS_S3_BUCKET=contacts-photos
|
||
CONTACTS_S3_PUBLIC_URL=http://localhost:9000/contacts-photos
|
||
|
||
# Google OAuth for contacts import
|
||
# Get credentials from https://console.cloud.google.com/apis/credentials
|
||
# Required scopes: https://www.googleapis.com/auth/contacts.readonly
|
||
CONTACTS_GOOGLE_CLIENT_ID=your-google-client-id.apps.googleusercontent.com
|
||
CONTACTS_GOOGLE_CLIENT_SECRET=your-google-client-secret
|
||
CONTACTS_GOOGLE_REDIRECT_URI=http://localhost:5184/import?tab=google
|
||
|
||
# ============================================
|
||
# CALENDAR PROJECT
|
||
# ============================================
|
||
|
||
CALENDAR_BACKEND_PORT=3014
|
||
CALENDAR_BACKEND_URL=http://localhost:3014
|
||
CALENDAR_DATABASE_URL=postgresql://mana:devpassword@localhost:5432/mana_platform
|
||
|
||
# Speech-to-Text Service (mana-stt)
|
||
# Production: https://gpu-stt.mana.how (Cloudflare tunnel → Windows GPU box)
|
||
# Local dev: http://localhost:3020 (or http://192.168.178.11:3020 from LAN)
|
||
STT_URL=https://gpu-stt.mana.how
|
||
# API key for mana-stt — DO NOT COMMIT a real key.
|
||
# See docs/ENVIRONMENT_VARIABLES.md for where to obtain it.
|
||
MANA_STT_API_KEY=
|
||
|
||
# ============================================
|
||
# CONTEXT PROJECT
|
||
# ============================================
|
||
|
||
CONTEXT_BACKEND_PORT=3020
|
||
CONTEXT_DATABASE_URL=postgresql://mana:devpassword@localhost:5432/mana_platform
|
||
|
||
# AI API Keys (server-side only)
|
||
CONTEXT_AZURE_OPENAI_API_KEY=YOUR_KEY
|
||
CONTEXT_AZURE_OPENAI_ENDPOINT=https://memoroseopenai.openai.azure.com/
|
||
CONTEXT_GOOGLE_API_KEY=YOUR_KEY
|
||
|
||
# ============================================
|
||
# STORAGE PROJECT (Cloud Drive)
|
||
# ============================================
|
||
|
||
STORAGE_BACKEND_PORT=3016
|
||
STORAGE_DATABASE_URL=postgresql://mana:devpassword@localhost:5432/mana_platform
|
||
STORAGE_S3_PUBLIC_URL=http://localhost:9000/storage-storage
|
||
STORAGE_MAX_FILE_SIZE=104857600
|
||
STORAGE_MAX_FILES_PER_UPLOAD=10
|
||
|
||
# ============================================
|
||
# CLOCK PROJECT
|
||
# ============================================
|
||
|
||
CLOCK_BACKEND_PORT=3017
|
||
CLOCK_DATABASE_URL=postgresql://mana:devpassword@localhost:5432/mana_platform
|
||
|
||
# ============================================
|
||
# TODO PROJECT
|
||
# ============================================
|
||
|
||
TODO_BACKEND_PORT=3018
|
||
TODO_BACKEND_URL=http://localhost:3018
|
||
TODO_DATABASE_URL=postgresql://mana:devpassword@localhost:5432/mana_platform
|
||
|
||
# ============================================
|
||
# MOODLIT PROJECT
|
||
# ============================================
|
||
|
||
MOODLIT_BACKEND_PORT=3012
|
||
MOODLIT_DATABASE_URL=postgresql://mana:devpassword@localhost:5432/mana_platform
|
||
|
||
# ============================================
|
||
# MANA-GAMES PROJECT
|
||
# ============================================
|
||
|
||
MANA_GAMES_BACKEND_PORT=3011
|
||
|
||
# Google Gemini API (primary, fast)
|
||
MANA_GAMES_GOOGLE_GENAI_API_KEY=your_google_genai_key_here
|
||
|
||
# Anthropic Claude API (best code quality)
|
||
MANA_GAMES_ANTHROPIC_API_KEY=your_anthropic_key_here
|
||
|
||
# Azure OpenAI API (alternative)
|
||
MANA_GAMES_AZURE_OPENAI_ENDPOINT=https://your-endpoint.openai.azure.com
|
||
MANA_GAMES_AZURE_OPENAI_API_KEY=your_azure_openai_key_here
|
||
MANA_GAMES_AZURE_OPENAI_DEPLOYMENT=gpt-4o
|
||
|
||
# GitHub (for community submissions)
|
||
MANA_GAMES_GITHUB_TOKEN=your_github_token_here
|
||
MANA_GAMES_GITHUB_OWNER=tillschneider
|
||
MANA_GAMES_GITHUB_REPO=mana-games
|
||
|
||
# ============================================
|
||
# MANA-RESEARCH SERVICE (Port 3068)
|
||
# ============================================
|
||
# Unified web research orchestration across 16+ providers.
|
||
# Phase 1: SearXNG, DuckDuckGo, Brave, Tavily.
|
||
|
||
MANA_RESEARCH_PORT=3068
|
||
MANA_RESEARCH_DATABASE_URL=postgresql://mana:devpassword@localhost:5432/mana_platform
|
||
MANA_RESEARCH_CACHE_TTL_SECONDS=3600
|
||
|
||
# Search APIs (pay-per-use only, no subscriptions)
|
||
BRAVE_API_KEY=
|
||
TAVILY_API_KEY=
|
||
EXA_API_KEY=
|
||
SERPER_API_KEY=
|
||
|
||
# Extract APIs
|
||
JINA_API_KEY=
|
||
FIRECRAWL_API_KEY=
|
||
SCRAPINGBEE_API_KEY=
|
||
|
||
# Research Agents (Phase 3)
|
||
PERPLEXITY_API_KEY=
|
||
ANTHROPIC_API_KEY=
|
||
OPENAI_API_KEY=
|
||
|
||
# ============================================
|
||
# FINANCE PROJECT
|
||
# ============================================
|
||
|
||
FINANCE_BACKEND_PORT=3019
|
||
FINANCE_DATABASE_URL=postgresql://mana:devpassword@localhost:5432/mana_platform
|
||
|
||
# ============================================
|
||
# INVENTORY PROJECT
|
||
# ============================================
|
||
|
||
INVENTORY_BACKEND_PORT=3020
|
||
INVENTORY_DATABASE_URL=postgresql://mana:devpassword@localhost:5432/mana_platform
|
||
INVENTORY_S3_PUBLIC_URL=http://localhost:9000/inventory-storage
|
||
|
||
# ============================================
|
||
# TECHBASE PROJECT
|
||
# ============================================
|
||
|
||
TECHBASE_BACKEND_PORT=3021
|
||
TECHBASE_DATABASE_URL=postgresql://mana:devpassword@localhost:5432/mana_platform
|
||
|
||
# ============================================
|
||
# PLANTA PROJECT
|
||
# ============================================
|
||
|
||
PLANTA_BACKEND_PORT=3022
|
||
PLANTA_DATABASE_URL=postgresql://mana:devpassword@localhost:5432/mana_platform
|
||
PLANTA_S3_PUBLIC_URL=http://localhost:9000/planta-storage
|
||
|
||
# Google Gemini API for plant vision analysis
|
||
PLANTA_GEMINI_API_KEY=AIzaSyC_-hPWpVttTlqJdU4jbXR5H0OAnRi2LgI
|
||
|
||
# ============================================
|
||
# TRACES PROJECT
|
||
# ============================================
|
||
|
||
TRACES_BACKEND_PORT=3026
|
||
TRACES_DATABASE_URL=postgresql://mana:devpassword@localhost:5432/mana_platform
|
||
|
||
# ============================================
|
||
# SKILLTREE PROJECT
|
||
# ============================================
|
||
|
||
SKILLTREE_BACKEND_PORT=3024
|
||
SKILLTREE_DATABASE_URL=postgresql://mana:devpassword@localhost:5432/mana_platform
|
||
|
||
# ============================================
|
||
# MUKKE PROJECT
|
||
# ============================================
|
||
|
||
MUKKE_BACKEND_PORT=3010
|
||
MUKKE_DATABASE_URL=postgresql://mana:devpassword@localhost:5432/mana_platform
|
||
|
||
# ============================================
|
||
# CITYCORNERS PROJECT
|
||
# ============================================
|
||
CITYCORNERS_BACKEND_PORT=3025
|
||
CITYCORNERS_DATABASE_URL=postgresql://mana:devpassword@localhost:5432/mana_platform
|
||
CITYCORNERS_WEB_PORT=5196
|
||
|
||
# ============================================
|
||
# MEMORO PROJECT
|
||
# ============================================
|
||
|
||
# Server ports
|
||
MEMORO_SERVER_PORT=3015
|
||
MEMORO_AUDIO_SERVER_PORT=3016
|
||
MEMORO_SERVER_URL=http://localhost:3015
|
||
MEMORO_AUDIO_SERVER_URL=http://localhost:3016
|
||
|
||
# Shared service key (server ↔ audio-server communication)
|
||
MEMORO_SERVICE_KEY=dev-memoro-service-key-change-in-prod
|
||
|
||
# Supabase (Memoro has its own Supabase project)
|
||
MEMORO_SUPABASE_URL=https://your-memoro-project.supabase.co
|
||
MEMORO_SUPABASE_SERVICE_KEY=your-memoro-supabase-service-role-key
|
||
|
||
# Azure Speech Services (load-balanced across up to 4 keys)
|
||
AZURE_SPEECH_KEY_1=your-azure-speech-key-1
|
||
AZURE_SPEECH_KEY_2=
|
||
AZURE_SPEECH_KEY_3=
|
||
AZURE_SPEECH_KEY_4=
|
||
AZURE_SPEECH_REGION=germanywestcentral
|
||
AZURE_SPEECH_ENDPOINT=https://germanywestcentral.api.cognitive.microsoft.com
|
||
|
||
# Azure Blob Storage (for batch transcription jobs)
|
||
AZURE_STORAGE_ACCOUNT_NAME=your-storage-account
|
||
AZURE_STORAGE_ACCOUNT_KEY=your-storage-account-key
|
||
AZURE_STORAGE_CONTAINER=memoro-batch-audio
|
||
|
||
# Azure OpenAI (headline/Q&A generation fallback)
|
||
AZURE_OPENAI_KEY=your-azure-openai-key
|
||
AZURE_OPENAI_ENDPOINT=https://memoroseopenai.openai.azure.com/
|
||
AZURE_OPENAI_DEPLOYMENT=gpt-4o
|
||
|
||
# GPU Server (Windows PC with RTX 3090)
|
||
GPU_API_KEY=sk-gpu-cf483ede1e05e28fba5e56c94cd3c24e7c245e57816d3e86
|
||
GPU_SERVER_URL=https://gpu.mana.how
|
||
GPU_SERVER_LAN_URL=http://192.168.178.11
|
||
|
||
# ============================================
|
||
# MANA-MAIL SERVICE (Port 3042)
|
||
# ============================================
|
||
# Stalwart + Broadcast (Newsletter) config. Stalwart settings come from
|
||
# the Stalwart admin panel; these are the Mana-side knobs.
|
||
|
||
# mana-mail DB uses mana_platform (shared). Dev fallback in code is fine;
|
||
# override here for staging/prod.
|
||
MANA_MAIL_DATABASE_URL=postgresql://mana:devpassword@localhost:5432/mana_platform
|
||
|
||
# Stalwart JMAP/admin — align with your local Stalwart container
|
||
STALWART_JMAP_URL=http://localhost:8080
|
||
STALWART_ADMIN_USER=admin
|
||
STALWART_ADMIN_PASSWORD=ChangeMe123!
|
||
MAIL_DOMAIN=mana.how
|
||
|
||
# ─── Broadcast (Newsletter) ────────────────────────────────
|
||
# HMAC secret for tracking-token signing. Tokens appear in public URLs
|
||
# (open pixel, click redirect, unsubscribe link). CHANGE IN PROD.
|
||
# Use `openssl rand -hex 32` or similar for a real secret.
|
||
BROADCAST_TRACKING_SECRET=dev-broadcast-tracking-secret-NOT-for-prod
|
||
|
||
# How many recipients a single campaign may have. Hard cap.
|
||
BROADCAST_MAX_RECIPIENTS_PER_CAMPAIGN=5000
|
||
|
||
# Per-user rate limit — not currently enforced, reserved for M-Phase2.
|
||
BROADCAST_MAX_RECIPIENTS_PER_HOUR=500
|
||
|
||
# Milliseconds to sleep between JMAP submits during bulk-send.
|
||
# 150ms ≈ 6/sec ≈ 360/min. Protects Stalwart + downstream relays.
|
||
BROADCAST_SEND_THROTTLE_MS=150
|