atom/.env.personal at main · rush86999/atom · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
# ==============================================================================
# Atom Personal Edition - Environment Configuration
# ==============================================================================
# Quick Start:
#   1. Copy this file to .env: cp .env.personal .env
#   2. Edit .env with your API keys and preferences
#   3. Start: docker-compose -f docker-compose-personal.yml up -d
#   4. Access: http://localhost:8000 (API) or http://localhost:3000 (frontend)
#
# Minimum Required:
#   - One AI provider key (OpenAI, Anthropic, or DeepSeek)
#   - Encryption keys (generate with: openssl rand -base64 32)
#
# Optional Integrations (see below):
#   - Media: Spotify
#   - Smart Home: Philips Hue, Home Assistant
#   - Productivity: Notion
# ==============================================================================

# ==============================================================================
# AI PROVIDER API KEYS (REQUIRED - at least one)
# ==============================================================================
# Get your free API keys from these providers:
# OpenAI: https://platform.openai.com/api-keys (GPT-4, GPT-3.5)
# Anthropic: https://console.anthropic.com/ (Claude 3.5 Sonnet)
# DeepSeek: https://platform.deepseek.com/ (affordable alternative)

OPENAI_API_KEY=sk-your-openai-key-here
ANTHROPIC_API_KEY=sk-ant-your-anthropic-key-here
DEEPSEEK_API_KEY=your-deepseek-key-here

# ==============================================================================
# ENCRYPTION KEYS (REQUIRED - generate secure keys)
# ==============================================================================
# Generate with: openssl rand -base64 32
# These encrypt your API keys and sensitive data

BYOK_ENCRYPTION_KEY=change-this-to-a-secure-key-generate-with-openssl
JWT_SECRET_KEY=change-this-to-another-secure-key-generate-with-openssl

# ==============================================================================
# DATABASE (Personal Edition uses SQLite)
# ==============================================================================
# Data will be stored in: ./data/atom.db
# No PostgreSQL required for personal use

SQLITE_PATH=./data/atom.db
LANCEDB_PATH=./data/lancedb

# ==============================================================================
# EMBEDDINGS & VECTOR SEARCH (Personal Edition defaults)
# ==============================================================================
# Embedding provider (fastembed, openai, cohere)
# Default: fastembed (local, fast, free, privacy-focused)
EMBEDDING_PROVIDER=fastembed

# FastEmbed model (BAAI/bge-small-en-v1.5 is recommended for personal use)
# - bge-small-en-v1.5: 384 dims, ~10ms, good quality (default)
# - bge-base-en-v1.5: 768 dims, ~15ms, better quality
FASTEMBED_MODEL=BAAI/bge-small-en-v1.5

# Vector database storage (LanceDB)
# All embeddings stored locally in ./data/lancedb/
LANCEDB_PATH=./data/lancedb
ENABLE_LANCEDB=true

# ==============================================================================
# REDIS-ENABLED AGENT COMMUNICATION (Personal Edition includes Valkey)
# ==============================================================================
# Valkey (Redis-compatible) runs via Docker Compose
# No external Redis required - comes with Personal Edition
REDIS_URL=redis://valkey:6379

# ==============================================================================
# LOCAL-ONLY MODE (Privacy Feature)
# ==============================================================================
# When enabled, blocks all cloud-based services (Spotify, Notion, etc.)
# Local services continue to work: Sonos, Hue, Home Assistant, FFmpeg
# Set to 'true' for complete privacy, 'false' to enable cloud integrations
ATOM_LOCAL_ONLY=false

# ==============================================================================
# MEDIA INTEGRATIONS (Optional)
# ==============================================================================
# Spotify - Get credentials from: https://developer.spotify.com/dashboard
# 1. Create an app
# 2. Set Redirect URI to: http://localhost:8000/integrations/spotify/callback
# 3. Copy Client ID and Secret
SPOTIFY_CLIENT_ID=your-spotify-client-id
SPOTIFY_CLIENT_SECRET=your-spotify-client-secret

# Sonos - No credentials required (local network discovery)
# Sonos speakers are auto-discovered via mDNS/SSDP

# ==============================================================================
# SMART HOME INTEGRATIONS (Local - Work in Local-Only Mode)
# ==============================================================================
# Philips Hue Bridge
# 1. Find bridge IP: Check router admin or use Hue app
# 2. Generate API key: Hue app -> Settings -> Hue Bridge -> Local API -> Create
# 3. Optional: Leave HUE_BRIDGE_IP empty for auto-discovery
HUE_BRIDGE_IP=192.168.1.100
HUE_API_KEY=your-hue-api-key-from-app

# Home Assistant
# 1. Create long-lived token: HA Settings -> Profile -> Long-Lived Access Tokens
# 2. Set URL (use http://host.docker.internal:8123 for Docker)
HOME_ASSISTANT_URL=http://host.docker.internal:8123
HOME_ASSISTANT_TOKEN=your-ha-long-lived-token

# ==============================================================================
# PRODUCTIVITY INTEGRATIONS (Optional - Blocked in Local-Only Mode)
# ==============================================================================
# Notion - Two setup options:
#
# Option 1: OAuth (Recommended for multi-user)
# 1. Create integration: https://www.notion.so/my-integrations
# 2. Copy Client ID and Secret
# 3. Set Redirect URI to: http://localhost:8000/integrations/notion/callback
NOTION_CLIENT_ID=your-notion-client-id
NOTION_CLIENT_SECRET=your-notion-client-secret
#
# Option 2: API Key (Simpler for Personal Edition)
# 1. Create integration: https://www.notion.so/my-integrations
# 2. Copy "Internal Integration Token"
# 3. Set NOTION_API_KEY (no OAuth required)
NOTION_API_KEY=your-notion-internal-integration-token

# ==============================================================================
# CREATIVE TOOLS (Local - Work in Local-Only Mode)
# ==============================================================================
# FFmpeg - Pre-installed in Docker image
# Define allowed directories for video/audio processing
FFMPEG_ALLOWED_DIRS=/app/data/media,/app/data/exports

# ==============================================================================
# SECURITY & AUDIT
# ==============================================================================
# Piece Engine API Key (CRITICAL - prevents command injection)
# Generate with: openssl rand -base64 32
PIECE_ENGINE_API_KEY=change-this-to-a-secure-random-key-generate-with-openssl

# Audit logging for device/media/smarthome/creative actions

# Audit log file path (relative to backend directory)
AUDIT_LOG_PATH=logs/audit.log

# Retention period for audit logs (days)
AUDIT_LOG_RETENTION_DAYS=90

# ==============================================================================
# OPTIONAL INTEGRATIONS (only if you use these services)
# ==============================================================================
# Slack (for messaging integration)
SLACK_BOT_TOKEN=xoxb-your-slack-bot-token
SLACK_CLIENT_ID=your-slack-client-id
SLACK_CLIENT_SECRET=your-slack-client-secret

# Gmail (for email integration)
GOOGLE_CLIENT_ID=your-google-client-id
GOOGLE_CLIENT_SECRET=your-google-client-secret
GOOGLE_REDIRECT_URI=http://localhost:3000/api/integrations/google/callback

# Tavily (for web search - optional, get free tier at https://tavily.com/)
TAVILY_API_KEY=your-tavily-key-here

# Brave Search (alternative web search - optional)
BRAVE_SEARCH_API_KEY=your-brave-search-key-here

# ==============================================================================
# PERSONAL EDITION SETTINGS
# ==============================================================================
ENVIRONMENT=development
LOG_LEVEL=INFO
NODE_ENV=development

# Frontend URL
NEXT_PUBLIC_API_URL=http://localhost:8000

# ==============================================================================
# PRIVACY & SECURITY NOTES
# ==============================================================================
# Personal Edition Privacy Guarantees:
#   - All credentials encrypted with BYOK_ENCRYPTION_KEY (Fernet symmetric)
#   - Local-only mode (ATOM_LOCAL_ONLY=true) blocks all cloud services
#   - Local services (Sonos, Hue, Home Assistant, FFmpeg) always work
#   - Audit logs track all device/media/smarthome/creative actions
#   - No telemetry or metrics sent to external servers
#   - Data never leaves your local network in local-only mode
#
# Local-Only Mode:
#   - Set ATOM_LOCAL_ONLY=true to block all cloud services
#   - Blocked: Spotify, Notion, OpenAI, Anthropic, DeepSeek, Tavily, etc.
#   - Allowed: Sonos, Hue, Home Assistant, FFmpeg (local services only)
#   - No data leaves your local network
#
# Token Encryption:
#   - All OAuth tokens and API keys encrypted at rest
#   - Uses BYOK_ENCRYPTION_KEY (Fernet symmetric encryption)
#   - Generate key: openssl rand -base64 32
#   - Store encrypted tokens in SQLite database
#
# Audit Logging:
#   - All device/media/smarthome actions logged to logs/audit.log
#   - JSON format with timestamp, user_id, agent_id, action, service
#   - Retention: 90 days (configurable via AUDIT_LOG_RETENTION_DAYS)
#   - Logs rotated daily and compressed with gzip
#
# Smart Home Discovery:
#   - Hue bridges and Sonos speakers use mDNS for discovery
#   - Docker networking may block mDNS - use host IPs if needed
#   - Home Assistant must be accessible from container
#
# File Processing:
#   - Upload files to ./data/media/input/
#   - Processed files saved to ./data/media/output/
#   - FFmpeg operations restricted to FFMPEG_ALLOWED_DIRS

# ==============================================================================
# ADVANCED (usually don't need to change these)
# ==============================================================================
# Maximum concurrent agents
MAX_CONCURRENT_AGENTS=5

# Agent execution timeout (seconds)
AGENT_EXECUTION_TIMEOUT=300

# Enable agent-to-agent execution
ENABLE_AGENT_TO_AGENT_EXECUTION=true

# Host mount for shell access (DANGEROUS - only enable if you understand risks)
# ATOM_HOST_MOUNT_ENABLED=false