Oliver/dow-prod-tracker
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
dow-prod-tracker/.env.example
DJP 958de5f3a9 Add Briefs intake + all three upstream webhooks 
Briefs are pre-project requests. Three intake paths land in one place:
  1. Manual  — "New Brief" dialog on /briefs
  2. REST    — POST /api/briefs (auth'd)
  3. Webhook — POST /api/webhooks/briefs (HMAC-signed)

Once triaged, "Promote to Project" flips Brief.status → CONVERTED,
creates the Project, and links them via convertedProjectId so the
audit trail stays intact.

Schema:
- New BriefStatus enum + Brief model, indexed on org/status/team
- Unique on (organizationId, externalId) so webhook replays are
  idempotent — same upstream id = update, not insert
- Migration 20260422000000_briefs, hand-written SQL

Webhooks — now three total, each with its own secret and header:
- /api/webhooks/omg           (projects — existing, unchanged)
- /api/webhooks/deliverables  (NEW — keyed on project OMG # + name)
- /api/webhooks/briefs        (NEW — keyed on externalId)

Extracted a shared HMAC verifier at src/lib/webhooks/hmac.ts so the
two new routes don't copy-paste the crypto code from the OMG route.
Deliverables webhook looks up the parent project by OMG job number
(the canonical key from the projects webhook); returns 404 with a
hint if the project hasn't been created yet. Brief webhook source
records "webhook:<system>" so we can tell where briefs come from.

UI:
- /briefs page: filterable/searchable table, inline status dropdown
  per row, New Brief dialog, Promote to Project dialog
- Sidebar nav entry for Briefs above Projects

Env: added DELIVERABLE_WEBHOOK_SECRET / ALLOW_INSECURE and
BRIEF_WEBHOOK_SECRET / ALLOW_INSECURE alongside the existing OMG
pair in .env.example.
2026-04-21 12:05:47 -04:00

66 lines
3.3 KiB
Text
Raw Blame History

# ─── Database ────────────────────────────────────────────
DATABASE_URL="postgresql://postgres:postgres@localhost:5432/dow_prod_tracker?schema=public"
DB_PASSWORD=postgres # Change in production
# ─── Auth (Microsoft Entra ID SSO — SPA registration) ───
AUTH_SECRET="" # Generate with: openssl rand -base64 32
# Azure AD Application (Client) ID
AZURE_CLIENT_ID=""
# Azure AD Directory (Tenant) ID
AZURE_TENANT_ID=""
# Redirect URI registered in Azure portal (SPA platform) — must be the login page URL
# e.g. https://your-domain.com/your-app/login
AZURE_REDIRECT_URI=""
# No client secret — SPA registrations use PKCE in the browser (no AUTH_URL needed)
# ─── Dev Auth Bypass (local development only) ───────────
# Set to "true" to skip all auth and auto-login as the DEV_USER_ID user.
# DANGEROUS — leaves the app wide open. Ignored in production.
# Default is "false" so the real local-auth flow is exercised on first
# run (log in as the seed admin — see DEPLOY.md / seed-dow.ts).
DEV_BYPASS_AUTH="false"
DEV_USER_ID="dev-user-001"
# ─── App ─────────────────────────────────────────────────
NEXT_PUBLIC_APP_URL="http://localhost:3000"
# ─── Claude AI (chat assistant — primary provider) ──────
ANTHROPIC_API_KEY=""
# ANTHROPIC_MODEL="claude-haiku-4-5-20251001"
# ─── Cron / Scheduler ───────────────────────────────────
CRON_SECRET="" # Generate with: openssl rand -hex 32
# ─── Ollama (AI — embeddings, search, chat fallback) ────
OLLAMA_HOST="http://localhost:11434"
OLLAMA_EMBED_MODEL="nomic-embed-text"
OLLAMA_LLM_MODEL="qwen3:1.7b"
# ─── Upstream Webhooks ──────────────────────────────────
# Three separate HMAC-signed intake endpoints — each has its own secret
# so compromising one doesn't give an attacker the others.
# POST /api/webhooks/omg — projects (canonical key: omgJobNumber)
# POST /api/webhooks/deliverables — deliverables (keyed by project+name)
# POST /api/webhooks/briefs — pre-project briefs (keyed by externalId)
#
# Signature header format is `sha256=<hex>` across all three:
# X-OMG-Signature — projects webhook
# X-Deliverable-Signature — deliverables webhook
# X-Brief-Signature — briefs webhook
#
# Set the matching *_ALLOW_INSECURE flag to "true" ONLY for local/stub
# testing — it short-circuits signature verification.
OMG_WEBHOOK_SECRET=""
OMG_WEBHOOK_ALLOW_INSECURE="false"
DELIVERABLE_WEBHOOK_SECRET=""
DELIVERABLE_WEBHOOK_ALLOW_INSECURE="false"
BRIEF_WEBHOOK_SECRET=""
BRIEF_WEBHOOK_ALLOW_INSECURE="false"
# ─── Auth Feature Flags ─────────────────────────────────
# MVP: false. Flip to "true" post-MVP once Entra redirect URI is live in Oliver's tenant.
# When false, login page shows only the local email+password form.
NEXT_PUBLIC_AUTH_ENTRA_ENABLED="false"
Reference in a new issue View git blame Copy permalink