benstull/rfc-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
46049d296b9327c807c971ab325de39b040cc538
rfc-app/backend/.env.example
T
Ben Stull 36635049c7 Slice 8: v1 ships — integration coverage, runbook, spec corrections 
- Five new integration test files raise the suite from 75 to 96 green:
  test_hygiene_vertical (7), test_branch_path_routing (4),
  test_metadata_pr_merge (3), test_cache_bootstrap (4), test_e2e_smoke
  (3). The smoke test walks propose → super-draft → edit branch →
  body-edit PR → graduate → active-RFC PR → merge → notification →
  hygiene-sweep deletion end-to-end.
- deploy/RUNBOOK.md replaces the prior DEPLOY.md stub as a real
  runbook: prerequisites, first-time bring-up, day-2 ops (logs, DB
  backup, secret rotation, the §12 hygiene cadence), rollback shape,
  troubleshooting table.
- backend/.env.example grows the SMTP block, HYGIENE_TICK_SECONDS,
  and WEBHOOK_EMAIL_BOUNCE_SECRET with inline commentary.
- README points to RUNBOOK.md; the "what the build lets you do"
  section adds Slices 7 and 8.
- docs/DEV.md gets a Slice 8 — shipped section; the "Next slice"
  footer becomes the v1-complete epitaph.
- SPEC corrections per the §19.3 working agreement: §10.7 names the
  shared §12 sweep; §12 names the bot as actuator and the per-user
  branch_chat_seen preservation contract; §19.1 marks v1 complete
  and records Slice 8; the five §19.2 candidates Slice 8 folded in
  are marked settled with pointers at the resolution.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-25 04:14:50 -07:00

84 lines
3.0 KiB
Bash
Raw Blame History

# --- Gitea ---
# Base URL of the Gitea instance the app speaks to.
GITEA_URL=http://localhost:3000
# The bot service account that performs every Git operation per §1.
# Provision a real Gitea user, generate a personal access token with
# repo and admin (or at minimum: repo, write:repository) scopes, and
# put the token here. The bot is the only Git writer.
GITEA_BOT_USER=rfc-bot
GITEA_BOT_TOKEN=
# The Gitea org or user that owns the meta repo and every RFC repo
# the bot will create on graduation.
GITEA_ORG=wiggleverse
META_REPO=meta
# --- OAuth (Gitea) ---
# In Gitea: Site Administration → Applications → Add OAuth2 Application.
# Redirect URI: {APP_URL}/auth/callback
OAUTH_CLIENT_ID=
OAUTH_CLIENT_SECRET=
# --- App ---
APP_URL=http://localhost:8000
SECRET_KEY=change-me-to-a-long-random-string
DATABASE_PATH=data/rfc-app.db
# Per §1: owner zero. The Gitea login that gets the owner role on
# first sign-in.
OWNER_GITEA_LOGIN=ben
# Webhook signature secret. Gitea sends X-Gitea-Signature as the
# HMAC-SHA256 of the body using this secret. Per §4.1 the webhook is
# one of two cache writers; signing keeps spurious writes out.
GITEA_WEBHOOK_SECRET=change-me-to-a-shared-secret
# --- LLM providers (carryover §18) ---
# Comma-separated list of provider keys to enable. Per the §19.2
# per-RFC-model topic, this is app-wide until that topic lands.
ENABLED_MODELS=claude
ANTHROPIC_API_KEY=
GOOGLE_API_KEY=
OPENAI_API_KEY=
# --- Email (§15.4) ---
# Leave SMTP_HOST unset to use the stdout fallback — the integration
# tests rely on it, and a dev environment without a real SMTP provider
# still sees envelope traces in the logs. Set the rest to wire a real
# provider (Postmark, Mailgun, SES, etc.).
SMTP_HOST=
SMTP_PORT=587
SMTP_USER=
SMTP_PASSWORD=
SMTP_STARTTLS=1
# Single non-spoofing envelope identity per §15.9 — every notification
# email goes out from the same address regardless of which user's
# gesture produced it. Configure both the SPF and DKIM records for
# this address with the chosen SMTP provider.
EMAIL_FROM=notifications@wiggleverse.local
EMAIL_FROM_NAME=Wiggleverse
# §15.4 bundle threshold: when a user's quiet-hours release queue is
# at least this big, the flush goes out as one bundled "Activity while
# you were away" email instead of individual sends.
EMAIL_BUNDLE_THRESHOLD=5
# Set to 0 to suppress every outbound email (the inbox and SSE still
# work — only the email channel turns off).
EMAIL_ENABLED=1
# --- Email-bounce webhook (§15.4 + §19.2-settled) ---
# When set, `/api/webhooks/email-bounce` requires the same value in
# the `X-Webhook-Secret` header. Pick a long random string and
# configure the SMTP provider's webhook to inject it. When unset,
# the webhook stays unauthenticated for dev — the v1 contract.
WEBHOOK_EMAIL_BOUNCE_SECRET=
# --- §12 hygiene cadence (Slice 8) ---
# How often the hygiene scheduler sweeps for the 30/90-day boundaries.
# Production default is hourly; tests override to seconds via the same
# env var.
HYGIENE_TICK_SECONDS=3600
Reference in New Issue View Git Blame Copy Permalink