移除旧 OIDC_* 与 VITE_OIDC_* 业务配置读取,统一使用数据库 Revision 和 SecretStore 引用构建运行时。同步更新 Compose、示例配置、接入文档及集成测试,并保留数据库、SecretStore 和安全事件健康窗口等部署级参数。\n\n验证:go test ./...;go test -race ./...;go vet ./...;pnpm test;pnpm lint;pnpm build;docker compose config -q
61 lines
2.9 KiB
Plaintext
61 lines
2.9 KiB
Plaintext
APP_ENV=development
|
|
HTTP_ADDR=:8088
|
|
|
|
# Reuse the same PostgreSQL 18 instance as Agent memory, but use an independent
|
|
# database. When running from the host, use the externally reachable host/port.
|
|
AI_GATEWAY_DATABASE_NAME=easyai_ai_gateway
|
|
AI_GATEWAY_DATABASE_URL=postgresql://easyai:easyai2025@localhost:5432/easyai_ai_gateway?sslmode=disable
|
|
|
|
# When running inside the EasyAI docker network, use the container DNS name:
|
|
# AI_GATEWAY_DATABASE_URL=postgresql://easyai:easyai2025@easyai-pgvector:5432/easyai_ai_gateway?schema=public
|
|
#
|
|
# If AI_GATEWAY_DATABASE_URL is omitted, the service can derive host/user/pass
|
|
# from MEMORY_DATABASE_URL but will still replace the database with
|
|
# AI_GATEWAY_DATABASE_NAME.
|
|
# MEMORY_DATABASE_URL=postgresql://easyai:easyai2025@easyai-pgvector:5432/easyai_memory?schema=public
|
|
|
|
# Keep this aligned with easyai-server-main CONFIG_JWT_SECRET in the first migration phase.
|
|
CONFIG_JWT_SECRET=this is a very secret secret
|
|
|
|
# Identity mode:
|
|
# - standalone: Gateway owns users, groups, login/API keys, wallet, recharge, and local billing.
|
|
# - server-main: server-main owns users/API keys/billing; Gateway stores synced users/groups for policy execution.
|
|
# - hybrid: both sources are accepted and separated by gateway_users.source.
|
|
IDENTITY_MODE=hybrid
|
|
|
|
# Unified identity business settings are managed in System Settings > Unified
|
|
# Identity. Deployment only supplies the SecretStore and infrastructure timing.
|
|
AI_GATEWAY_PUBLIC_BASE_URL=http://localhost:8088
|
|
IDENTITY_SECRET_STORE=file
|
|
IDENTITY_SECRET_DIR=.local-secrets/identity
|
|
# Kubernetes uses one pre-provisioned empty Secret and narrowly scoped RBAC.
|
|
# IDENTITY_SECRET_STORE=kubernetes
|
|
# IDENTITY_KUBERNETES_NAMESPACE=easyai
|
|
# IDENTITY_KUBERNETES_SECRET_NAME=easyai-gateway-identity
|
|
# IDENTITY_KUBERNETES_API_SERVER=https://kubernetes.default.svc
|
|
IDENTITY_SECURITY_EVENTS_HEARTBEAT_INTERVAL_SECONDS=60
|
|
IDENTITY_SECURITY_EVENTS_STALE_AFTER_SECONDS=180
|
|
IDENTITY_SECURITY_EVENTS_CLOCK_SKEW_SECONDS=60
|
|
AI_GATEWAY_WEB_BASE_URL=http://localhost:5178
|
|
AI_GATEWAY_WEB_BASE_PATH=/
|
|
AI_GATEWAY_GO_BUILD_IMAGE=golang:1.26.3-alpine
|
|
AI_GATEWAY_API_RUNTIME_IMAGE=alpine:3.22
|
|
AI_GATEWAY_NODE_BUILD_IMAGE=node:22-alpine
|
|
AI_GATEWAY_WEB_RUNTIME_IMAGE=nginx:1.27-alpine
|
|
|
|
# Used when the gateway delegates OpenAPI sk-* validation, user/group sync, file upload, and settlement callbacks.
|
|
SERVER_MAIN_BASE_URL=http://localhost:3000
|
|
SERVER_MAIN_INTERNAL_TOKEN=change-me
|
|
SERVER_MAIN_INTERNAL_KEY=gateway
|
|
SERVER_MAIN_INTERNAL_SECRET=change-me
|
|
|
|
# Gateway writes progress events locally, then calls this server-main endpoint.
|
|
# server-main receives the callback and pushes it through the existing WebSocket gateway.
|
|
TASK_PROGRESS_CALLBACK_ENABLED=true
|
|
TASK_PROGRESS_CALLBACK_URL=http://localhost:3000/internal/platform/task-progress-callbacks
|
|
TASK_PROGRESS_CALLBACK_TIMEOUT_MS=5000
|
|
TASK_PROGRESS_CALLBACK_MAX_ATTEMPTS=10
|
|
|
|
CORS_ALLOWED_ORIGIN=http://localhost:5178,http://127.0.0.1:5178
|
|
VITE_GATEWAY_API_BASE_URL=http://localhost:8088
|