forked from koala73/worldmonitor
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
310 lines (220 loc) · 10 KB
/
.env.example
File metadata and controls
310 lines (220 loc) · 10 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
# ============================================
# World Monitor — Environment Variables
# ============================================
# Copy this file to .env.local and fill in the values you need.
# All keys are optional — the dashboard works without them,
# but the corresponding features will be disabled.
#
# cp .env.example .env.local
#
# For self-hosted Docker deployments, see SELF_HOSTING.md.
# Use docker-compose.override.yml (gitignored) for local secrets.
# ============================================
# ------ AI Summarization (Vercel) ------
# Groq API (primary — 14,400 req/day on free tier)
# Get yours at: https://console.groq.com/
GROQ_API_KEY=
# OpenRouter API (fallback — 50 req/day on free tier)
# Get yours at: https://openrouter.ai/
OPENROUTER_API_KEY=
# Optional: forecast enrichment model routing
# Defaults stay unchanged unless you set these.
# Precedence:
# combined-stage override -> critical-signal override -> global forecast override -> built-in defaults.
# Examples:
# FORECAST_LLM_COMBINED_PROVIDER_ORDER=openrouter
# FORECAST_LLM_COMBINED_MODEL_OPENROUTER=google/gemini-2.5-pro
# FORECAST_LLM_CRITICAL_PROVIDER_ORDER=openrouter
# FORECAST_LLM_CRITICAL_MODEL_OPENROUTER=anthropic/claude-3.5-haiku
FORECAST_LLM_PROVIDER_ORDER=
FORECAST_LLM_MODEL_OPENROUTER=
FORECAST_LLM_COMBINED_PROVIDER_ORDER=
FORECAST_LLM_COMBINED_MODEL_OPENROUTER=
FORECAST_LLM_CRITICAL_PROVIDER_ORDER=
FORECAST_LLM_CRITICAL_MODEL_OPENROUTER=
FORECAST_LLM_MARKET_IMPLICATIONS_PROVIDER_ORDER=
FORECAST_LLM_MARKET_IMPLICATIONS_MODEL_OPENROUTER=
# ------ Cross-User Cache (Vercel — Upstash Redis) ------
# Used to deduplicate AI calls and cache risk scores across visitors.
# Create a free Redis database at: https://upstash.com/
UPSTASH_REDIS_REST_URL=
UPSTASH_REDIS_REST_TOKEN=
# ------ Market Data (Vercel) ------
# Finnhub (primary stock quotes — free tier available)
# Register at: https://finnhub.io/
FINNHUB_API_KEY=
# ------ Energy Data (Vercel) ------
# U.S. Energy Information Administration (oil prices, production, inventory)
# Register at: https://www.eia.gov/opendata/
EIA_API_KEY=
# ------ Economic Data (Vercel) ------
# FRED (Federal Reserve Economic Data)
# Register at: https://fred.stlouisfed.org/docs/api/api_key.html
FRED_API_KEY=
# ------ Aviation Intelligence (Vercel) ------
# AviationStack (live flight data, airport flights, carrier ops)
# Register at: https://aviationstack.com/
AVIATIONSTACK_API=
# ICAO API (NOTAM airport closures — optional, MENA region)
# Register at: https://applications.icao.int/
ICAO_API_KEY=
# Travelpayouts (flight price search — optional, demo only)
# Register at: https://www.travelpayouts.com/
TRAVELPAYOUTS_API_TOKEN=
# ------ Aircraft Tracking (Vercel) ------
# Wingbits aircraft enrichment (owner, operator, type)
# Contact: https://wingbits.com/
WINGBITS_API_KEY=
# ------ Conflict & Protest Data (Vercel) ------
# ACLED (Armed Conflict Location & Event Data — free for researchers)
# Register at: https://acleddata.com/
#
# RECOMMENDED: Set email + password for automatic OAuth token refresh.
# ACLED access tokens expire every 24 hours; with these credentials,
# the server will automatically exchange them for a fresh token.
#
# SECURITY NOTE: These credentials are stored in plaintext in .env.local.
# This is an acceptable trade-off for a self-hosted dashboard because:
# (a) .env.local is gitignored and never committed,
# (b) ACLED accounts are free and grant read-only API access,
# (c) the alternative (manual token rotation every 24 h) is impractical.
# If this is a concern for your deployment, use ACLED_ACCESS_TOKEN instead
# and manually refresh the token daily.
ACLED_EMAIL=
ACLED_PASSWORD=
#
# LEGACY: Static access token (optional fallback — expires after 24 h).
# Only needed if you prefer not to store email/password above.
# Generate at: https://acleddata.com/ → My Account → API Access
ACLED_ACCESS_TOKEN=
# UCDP (Uppsala Conflict Data Program — access token required since 2025)
# Register at: https://ucdp.uu.se/apidocs/
UCDP_ACCESS_TOKEN=
# ------ Internet Outages (Vercel) ------
# Cloudflare Radar API (requires free Cloudflare account with Radar access)
CLOUDFLARE_API_TOKEN=
# Cloudflare R2 account id for seed scripts that read or write R2 objects
CLOUDFLARE_R2_ACCOUNT_ID=
# Cloudflare R2 trace storage for forecast seed review artifacts
# Create R2 access keys in Cloudflare and target the bucket you want to use for forecast traces.
CLOUDFLARE_R2_BUCKET=
CLOUDFLARE_R2_TRACE_BUCKET=
CLOUDFLARE_R2_ACCESS_KEY_ID=
CLOUDFLARE_R2_SECRET_ACCESS_KEY=
CLOUDFLARE_R2_REGION=auto
CLOUDFLARE_R2_TRACE_PREFIX=seed-data/forecast-traces
# ------ Satellite Fire Detection (Vercel) ------
# NASA FIRMS (Fire Information for Resource Management System)
# Register at: https://firms.modaps.eosdis.nasa.gov/
NASA_FIRMS_API_KEY=
# ------ Railway Relay (scripts/ais-relay.cjs) ------
# The relay server handles AIS vessel tracking + OpenSky aircraft data + RSS proxy.
# It can also run the Telegram OSINT poller (stateful MTProto) when configured.
# Deploy on Railway with: node scripts/ais-relay.cjs
# AISStream API key for live vessel positions
# Get yours at: https://aisstream.io/
AISSTREAM_API_KEY=
# OpenSky Network OAuth2 credentials (higher rate limits for cloud IPs)
# Register at: https://opensky-network.org/
OPENSKY_CLIENT_ID=
OPENSKY_CLIENT_SECRET=
# ------ Telegram OSINT (Railway relay) ------
# Telegram MTProto keys (free): https://my.telegram.org/apps
TELEGRAM_API_ID=
TELEGRAM_API_HASH=
# GramJS StringSession generated locally (see: scripts/telegram/session-auth.mjs)
TELEGRAM_SESSION=
# Which curated list bucket to ingest: full | tech | finance
TELEGRAM_CHANNEL_SET=full
# ------ Self-Hosted LLM (Docker — any OpenAI-compatible endpoint) ------
# Point to your own LLM server (Ollama, vLLM, llama.cpp, etc.)
# Used for intelligence assessments in the correlation engine.
LLM_API_URL=
LLM_API_KEY=
LLM_MODEL=
# Alternative: Ollama-specific URL (used if LLM_API_URL is not set)
OLLAMA_API_URL=
OLLAMA_MODEL=
# ------ Railway Relay Connection (Vercel → Railway) ------
# Server-side URL (https://) — used by Vercel edge functions to reach the relay
WS_RELAY_URL=
# Optional client-side URL (wss://) — local/dev fallback only
VITE_WS_RELAY_URL=
# Shared secret between Vercel and Railway relay.
# Must be set to the SAME value on both platforms in production.
RELAY_SHARED_SECRET=
# Header name used to send the relay secret (must match on both platforms)
RELAY_AUTH_HEADER=x-relay-key
# Emergency production override to allow unauthenticated relay traffic.
# Leave unset/false in production.
ALLOW_UNAUTHENTICATED_RELAY=false
# Rolling window size (seconds) used by relay /metrics endpoint.
RELAY_METRICS_WINDOW_SECONDS=60
# ------ Supply Chain Intelligence (Vercel / Railway relay) ------
# CorridorRisk API (maritime corridor risk scoring — optional)
# Register at: https://corridorrisk.io/
CORRIDOR_RISK_API_KEY=
# ------ Public Data Sources (no keys required) ------
# UNHCR (UN Refugee Agency) — public API, no auth (CC BY 4.0)
# Open-Meteo — public API, no auth (processes Copernicus ERA5)
# WorldPop — public API, no auth needed
# ------ Site Configuration ------
# Site variant: "full" (worldmonitor.app) or "tech" (tech.worldmonitor.app)
VITE_VARIANT=full
# API base URL for web redirect. When set, browser fetch calls to /api/*
# are redirected to this URL. Leave empty for same-domain API (local installs).
# Production: https://api.worldmonitor.app
VITE_WS_API_URL=
# Client-side Sentry DSN (optional). Leave empty to disable error reporting.
VITE_SENTRY_DSN=
# Map interaction mode:
# - "flat" keeps pitch/rotation disabled (2D interaction)
# - "3d" enables pitch/rotation interactions (default)
VITE_MAP_INTERACTION_MODE=3d
# Self-hosted map tiles (optional — PMTiles on Cloudflare R2 or any HTTP server)
# Leave empty to use free OpenFreeMap tiles. Set to your own PMTiles URL for self-hosted tiles.
# See: https://protomaps.com/docs/pmtiles for how to generate PMTiles files.
VITE_PMTILES_URL=
# Public CORS-enabled URL for the same PMTiles file (used by Tauri desktop app).
# If your VITE_PMTILES_URL is behind a reverse proxy without CORS, set this to the
# direct R2/S3 public URL. The desktop app uses this URL; the web app uses VITE_PMTILES_URL.
VITE_PMTILES_URL_PUBLIC=
# ------ Desktop Cloud Fallback (Vercel) ------
# Comma-separated list of valid API keys for desktop cloud fallback.
# Generate with: openssl rand -hex 24 | sed 's/^/wm_/'
WORLDMONITOR_VALID_KEYS=
# ------ Registration DB (Convex) ------
# Convex deployment URL for email registration storage.
# Set up at: https://dashboard.convex.dev/
CONVEX_URL=
# ------ Auth (Clerk) ------
# Clerk publishable key (browser-side, safe to expose)
# Get from: Clerk Dashboard -> API Keys
VITE_CLERK_PUBLISHABLE_KEY=
# Clerk secret key (server-side only, never expose to browser)
# Get from: Clerk Dashboard -> API Keys
CLERK_SECRET_KEY=
# Clerk JWT issuer domain (for Convex auth config)
# Format: https://your-clerk-app.clerk.accounts.dev
CLERK_JWT_ISSUER_DOMAIN=
# ------ Cloud Preferences Sync ------
# Set to 'true' to enable server-side preferences sync for signed-in users.
# Keep false until Phase 2 is QA-verified in staging.
VITE_CLOUD_PREFS_ENABLED=false
# Telegram bot username for deep link generation (without @)
VITE_TELEGRAM_BOT_USERNAME=WorldMonitorBot
# ------ Notification Delivery (Railway notification-relay service) ------
# @WorldMonitorBot token from BotFather. SEPARATE from TELEGRAM_API_ID/HASH/SESSION (MTProto).
TELEGRAM_BOT_TOKEN=
# Random 256-char secret for X-Telegram-Bot-Api-Secret-Token webhook verification.
# Generate: openssl rand -hex 128
TELEGRAM_WEBHOOK_SECRET=
# 32-byte base64 AES-256-GCM key for encrypting Slack webhook URLs at rest.
# Generate: openssl rand -base64 32
# Railway env ONLY — never add to Convex dashboard.
NOTIFICATION_ENCRYPTION_KEY=
# Resend API key for email notification delivery.
# Get from: resend.com/api-keys
RESEND_API_KEY=
# "From" address for email notifications (must be a verified Resend sender domain)
RESEND_FROM_EMAIL=WorldMonitor <alerts@worldmonitor.app>