ThreatHunt/.env.example

# ── ThreatHunt Configuration ──────────────────────────────────────────
# All backend env vars are prefixed with TH_ and match AppConfig field names.
# Copy this file to .env and adjust values.

# ── General ───────────────────────────────────────────────────────────
TH_DEBUG=false

# ── Database ──────────────────────────────────────────────────────────
# SQLite for local dev (zero-config):
TH_DATABASE_URL=sqlite+aiosqlite:///./threathunt.db
# PostgreSQL for production:
# TH_DATABASE_URL=postgresql+asyncpg://threathunt:password@localhost:5432/threathunt

# ── CORS ──────────────────────────────────────────────────────────────
TH_ALLOWED_ORIGINS=http://localhost:3000,http://localhost:8000

# ── File uploads ──────────────────────────────────────────────────────
TH_MAX_UPLOAD_SIZE_MB=500

# ── LLM Cluster (Wile & Roadrunner) ──────────────────────────────────
TH_OPENWEBUI_URL=https://ai.guapo613.beer
TH_OPENWEBUI_API_KEY=
TH_WILE_HOST=100.110.190.12
TH_WILE_OLLAMA_PORT=11434
TH_ROADRUNNER_HOST=100.110.190.11
TH_ROADRUNNER_OLLAMA_PORT=11434

# ── Default models (auto-selected by TaskRouter) ─────────────────────
TH_DEFAULT_FAST_MODEL=llama3.1:latest
TH_DEFAULT_HEAVY_MODEL=llama3.1:70b-instruct-q4_K_M
TH_DEFAULT_CODE_MODEL=qwen2.5-coder:32b
TH_DEFAULT_VISION_MODEL=llama3.2-vision:11b
TH_DEFAULT_EMBEDDING_MODEL=bge-m3:latest

# ── Agent behaviour ──────────────────────────────────────────────────
TH_AGENT_MAX_TOKENS=2048
TH_AGENT_TEMPERATURE=0.3
TH_AGENT_HISTORY_LENGTH=10
TH_FILTER_SENSITIVE_DATA=true

# ── Enrichment API keys (optional) ───────────────────────────────────
TH_VIRUSTOTAL_API_KEY=
TH_ABUSEIPDB_API_KEY=
TH_SHODAN_API_KEY=

# ── Auth ─────────────────────────────────────────────────────────────
TH_JWT_SECRET=CHANGE-ME-IN-PRODUCTION-USE-A-REAL-SECRET
TH_JWT_ACCESS_TOKEN_MINUTES=60
TH_JWT_REFRESH_TOKEN_DAYS=7

# ── Frontend ─────────────────────────────────────────────────────────
REACT_APP_API_URL=http://localhost:8000