dow-prod-tracker/.env.example

# ─── Database ────────────────────────────────────────────
DATABASE_URL="postgresql://postgres:postgres@localhost:5432/dow_prod_tracker?schema=public"
DB_PASSWORD=postgres  # Change in production

# ─── Auth (Microsoft Entra ID SSO — SPA registration) ───
AUTH_SECRET=""                             # Generate with: openssl rand -base64 32
# Azure AD Application (Client) ID
AZURE_CLIENT_ID=""
# Azure AD Directory (Tenant) ID
AZURE_TENANT_ID=""
# Redirect URI registered in Azure portal (SPA platform) — must be the login page URL
# e.g. https://your-domain.com/your-app/login
AZURE_REDIRECT_URI=""
# No client secret — SPA registrations use PKCE in the browser (no AUTH_URL needed)

# ─── Dev Auth Bypass (local development only) ───────────
# Set to "true" to skip SSO and auto-login as dev admin user.
# Ignored when NODE_ENV=production.
DEV_BYPASS_AUTH="true"
DEV_USER_ID="dev-user-001"

# ─── App ─────────────────────────────────────────────────
NEXT_PUBLIC_APP_URL="http://localhost:3000"

# ─── Claude AI (chat assistant — primary provider) ──────
ANTHROPIC_API_KEY=""
# ANTHROPIC_MODEL="claude-haiku-4-5-20251001"

# ─── Cron / Scheduler ───────────────────────────────────
CRON_SECRET=""                             # Generate with: openssl rand -hex 32

# ─── Ollama (AI — embeddings, search, chat fallback) ────
OLLAMA_HOST="http://localhost:11434"
OLLAMA_EMBED_MODEL="nomic-embed-text"
OLLAMA_LLM_MODEL="qwen3:1.7b"

# ─── OMG Webhook (Shashank pending — stub until payload confirmed) ──
# Shared HMAC secret OMG signs requests with (X-OMG-Signature: sha256=...)
OMG_WEBHOOK_SECRET=""
# Set to "true" ONLY for local/stub testing — skips signature verification
OMG_WEBHOOK_ALLOW_INSECURE="false"

# ─── Auth Feature Flags ─────────────────────────────────
# MVP: false. Flip to "true" post-MVP once Entra redirect URI is live in Oliver's tenant.
# When false, login page shows only the local email+password form.
NEXT_PUBLIC_AUTH_ENTRA_ENABLED="false"