APP_ENV=development HTTP_ADDR=:8088 # Reuse the same PostgreSQL 18 instance as Agent memory, but use an independent # database. When running from the host, use the externally reachable host/port. AI_GATEWAY_DATABASE_NAME=easyai_ai_gateway AI_GATEWAY_DATABASE_URL=postgresql://easyai:easyai2025@localhost:5432/easyai_ai_gateway?sslmode=disable # When running inside the EasyAI docker network, use the container DNS name: # AI_GATEWAY_DATABASE_URL=postgresql://easyai:easyai2025@easyai-pgvector:5432/easyai_ai_gateway?schema=public # # If AI_GATEWAY_DATABASE_URL is omitted, the service can derive host/user/pass # from MEMORY_DATABASE_URL but will still replace the database with # AI_GATEWAY_DATABASE_NAME. # MEMORY_DATABASE_URL=postgresql://easyai:easyai2025@easyai-pgvector:5432/easyai_memory?schema=public # Keep this aligned with easyai-server-main CONFIG_JWT_SECRET in the first migration phase. CONFIG_JWT_SECRET=this is a very secret secret # Identity mode: # - standalone: Gateway owns users, groups, login/API keys, wallet, recharge, and local billing. # - server-main: server-main owns users/API keys/billing; Gateway stores synced users/groups for policy execution. # - hybrid: both sources are accepted and separated by gateway_users.source. IDENTITY_MODE=hybrid # Auth Center stable OIDC verification. Keep legacy HS256 during the staged rollout. OIDC_ENABLED=false OIDC_ISSUER=https://auth.51easyai.com/issuer/shared OIDC_AUDIENCE=https://api.51easyai.com/gateway OIDC_TENANT_ID= OIDC_ROLE_PREFIX=gateway. OIDC_REQUIRED_SCOPES=gateway.access OIDC_JWKS_CACHE_TTL_SECONDS=300 OIDC_ACCEPT_LEGACY_HS256=true OIDC_INTROSPECTION_ENABLED=false OIDC_INTROSPECTION_CLIENT_ID= OIDC_INTROSPECTION_CLIENT_SECRET= # Controlled JIT is opt-in. When enabled, bind the validated Auth Center tid to # one existing active Gateway tenant; tokens never create Gateway tenants. OIDC_JIT_PROVISIONING_ENABLED=false OIDC_GATEWAY_TENANT_KEY= OIDC_BROWSER_SESSION_ENABLED=true # Staging/production must use true. Local HTTP development may use false. OIDC_SESSION_COOKIE_SECURE=false # Public Client ID generated by Auth Center Control Plane. No Client Secret is used. OIDC_CLIENT_ID= OIDC_REDIRECT_URI=http://localhost:8088/api/v1/auth/oidc/callback OIDC_POST_LOGOUT_REDIRECT_URI=http://localhost:5178/ # Generate a dedicated value with: openssl rand -base64 32 # Keep the real value only in a Git-ignored local file or Secret Manager. OIDC_SESSION_ENCRYPTION_KEY= OIDC_SESSION_IDLE_TTL_SECONDS=1800 OIDC_SESSION_ABSOLUTE_TTL_SECONDS=28800 OIDC_SESSION_REFRESH_BEFORE_SECONDS=60 VITE_OIDC_BROWSER_SESSION_ENABLED=true VITE_OIDC_ENABLED=false AI_GATEWAY_WEB_BASE_URL=http://localhost:5178 AI_GATEWAY_WEB_BASE_PATH=/ AI_GATEWAY_GO_BUILD_IMAGE=golang:1.26.3-alpine AI_GATEWAY_API_RUNTIME_IMAGE=alpine:3.22 AI_GATEWAY_NODE_BUILD_IMAGE=node:22-alpine AI_GATEWAY_WEB_RUNTIME_IMAGE=nginx:1.27-alpine # Used when the gateway delegates OpenAPI sk-* validation, user/group sync, file upload, and settlement callbacks. SERVER_MAIN_BASE_URL=http://localhost:3000 SERVER_MAIN_INTERNAL_TOKEN=change-me SERVER_MAIN_INTERNAL_KEY=gateway SERVER_MAIN_INTERNAL_SECRET=change-me # Gateway writes progress events locally, then calls this server-main endpoint. # server-main receives the callback and pushes it through the existing WebSocket gateway. TASK_PROGRESS_CALLBACK_ENABLED=true TASK_PROGRESS_CALLBACK_URL=http://localhost:3000/internal/platform/task-progress-callbacks TASK_PROGRESS_CALLBACK_TIMEOUT_MS=5000 TASK_PROGRESS_CALLBACK_MAX_ATTEMPTS=10 CORS_ALLOWED_ORIGIN=http://localhost:5178,http://127.0.0.1:5178 VITE_GATEWAY_API_BASE_URL=http://localhost:8088