5ce95dd829
- fix(chatCore): stream defaults to false per OpenAI spec (body.stream === true) closes #89 - fix(models): custom OpenAI-compatible providers now appear in /v1/models Added raw providerId check against activeAliases closes #90 - fix(OAuthModal): Google OAuth providers force localhost redirect URI Targeted amber warning + redirect_uri_mismatch error guidance for remote deployments closes #91 - docs: Add 'OAuth em Servidor Remoto' tutorial in README with 7-step Google Cloud guide - docs: .env.example prominent warning block for Google OAuth remote setup - chore: bump version 1.0.6 → 1.0.7 - docs: CHANGELOG entry for v1.0.7
156 lines
5.9 KiB
Bash
156 lines
5.9 KiB
Bash
# OmniRoute environment contract
|
|
# This file reflects actual runtime usage in the current codebase.
|
|
|
|
# ═══════════════════════════════════════════════════
|
|
# REQUIRED SECRETS — Generate strong values!
|
|
# ═══════════════════════════════════════════════════
|
|
# Generate with: openssl rand -base64 48
|
|
JWT_SECRET=
|
|
# Generate with: openssl rand -hex 32
|
|
API_KEY_SECRET=
|
|
|
|
# Initial admin password — CHANGE THIS before first use!
|
|
INITIAL_PASSWORD=CHANGEME
|
|
DATA_DIR=/var/lib/omniroute
|
|
|
|
# Storage (SQLite)
|
|
STORAGE_DRIVER=sqlite
|
|
# Generate with: openssl rand -hex 32
|
|
STORAGE_ENCRYPTION_KEY=
|
|
STORAGE_ENCRYPTION_KEY_VERSION=v1
|
|
LOG_RETENTION_DAYS=90
|
|
SQLITE_MAX_SIZE_MB=2048
|
|
SQLITE_CLEAN_LEGACY_FILES=true
|
|
|
|
# Recommended runtime variables
|
|
PORT=20128
|
|
NODE_ENV=production
|
|
INSTANCE_NAME=omniroute
|
|
|
|
# Recommended security and ops variables
|
|
MACHINE_ID_SALT=endpoint-proxy-salt
|
|
ENABLE_REQUEST_LOGS=false
|
|
AUTH_COOKIE_SECURE=false
|
|
REQUIRE_API_KEY=false
|
|
|
|
# Input Sanitizer (FASE-01 — prompt injection & PII protection)
|
|
# INPUT_SANITIZER_ENABLED=true
|
|
# INPUT_SANITIZER_MODE=warn # warn | block | redact
|
|
# PII_REDACTION_ENABLED=false
|
|
|
|
# Cloud sync variables
|
|
# Must point to this running instance so internal sync jobs can call /api/sync/cloud.
|
|
# Server-side preferred variables:
|
|
BASE_URL=http://localhost:20128
|
|
CLOUD_URL=
|
|
# Backward-compatible/public variables:
|
|
# NEXT_PUBLIC_BASE_URL is also used as the OAuth redirect_uri origin when running behind a
|
|
# reverse proxy (e.g., nginx). Set this to your public-facing URL so OAuth callbacks work.
|
|
# Example: NEXT_PUBLIC_BASE_URL=https://omniroute.example.com
|
|
NEXT_PUBLIC_BASE_URL=http://localhost:20128
|
|
NEXT_PUBLIC_CLOUD_URL=
|
|
|
|
# Optional outbound proxy variables for upstream provider calls
|
|
# Lowercase variants are also supported: http_proxy, https_proxy, all_proxy, no_proxy
|
|
# SOCKS5 proxy support
|
|
ENABLE_SOCKS5_PROXY=true
|
|
NEXT_PUBLIC_ENABLE_SOCKS5_PROXY=true
|
|
# HTTP_PROXY=http://127.0.0.1:7890
|
|
# HTTPS_PROXY=http://127.0.0.1:7890
|
|
# ALL_PROXY=socks5://127.0.0.1:7890
|
|
# NO_PROXY=localhost,127.0.0.1
|
|
|
|
# TLS fingerprint spoofing (opt-in) — mimics Chrome 124 TLS handshake via wreq-js
|
|
# Reduces risk of JA3/JA4 fingerprint-based blocking by providers (e.g., Google)
|
|
# Requires wreq-js to be installed (included in dependencies)
|
|
# ENABLE_TLS_FINGERPRINT=true
|
|
|
|
# Optional CLI runtime overrides (Docker/host integration)
|
|
# CLI_MODE=auto
|
|
# CLI_EXTRA_PATHS=/host-cli/bin
|
|
# CLI_CONFIG_HOME=/root
|
|
# CLI_ALLOW_CONFIG_WRITES=true
|
|
# CLI_CLAUDE_BIN=claude
|
|
# CLI_CODEX_BIN=codex
|
|
# CLI_DROID_BIN=droid
|
|
# CLI_OPENCLAW_BIN=openclaw
|
|
# CLI_CURSOR_BIN=agent
|
|
# CLI_CLINE_BIN=cline
|
|
# CLI_ROO_BIN=roo
|
|
# CLI_CONTINUE_BIN=cn
|
|
|
|
# Provider OAuth Credentials (optional — override hardcoded defaults)
|
|
# These can also be set via data/provider-credentials.json
|
|
# CLAUDE_OAUTH_CLIENT_ID=
|
|
|
|
# ─────────────────────────────────────────────────────────────────────────────
|
|
# ⚠️ GOOGLE OAUTH (Antigravity, Gemini CLI) — IMPORTANT FOR REMOTE SERVERS
|
|
# ─────────────────────────────────────────────────────────────────────────────
|
|
# The built-in Google OAuth credentials ONLY work when OmniRoute runs on
|
|
# localhost (127.0.0.1 / local network). They are registered with
|
|
# redirect_uri = http://localhost:PORT/callback and Google will reject any
|
|
# other redirect URI with: redirect_uri_mismatch.
|
|
#
|
|
# If you are hosting OmniRoute on a remote server (VPS, Docker, cloud), you
|
|
# MUST register your own Google Cloud OAuth 2.0 credentials:
|
|
#
|
|
# 1. Go to https://console.cloud.google.com/apis/credentials
|
|
# 2. Create an OAuth 2.0 Client ID (type: "Web application")
|
|
# 3. Add your server URL as Authorized redirect URI:
|
|
# https://your-server.com/callback
|
|
# 4. Copy the Client ID and Client Secret below.
|
|
#
|
|
# See the full tutorial in README.md → "OAuth em Servidor Remoto" section.
|
|
#
|
|
# Antigravity (Google Gemini Code Assist):
|
|
# ANTIGRAVITY_OAUTH_CLIENT_ID=your-client-id.apps.googleusercontent.com
|
|
# ANTIGRAVITY_OAUTH_CLIENT_SECRET=GOCSPX-your-secret
|
|
ANTIGRAVITY_OAUTH_CLIENT_SECRET=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
|
|
|
|
# Gemini CLI (Google AI):
|
|
# GEMINI_OAUTH_CLIENT_ID=your-client-id.apps.googleusercontent.com
|
|
# GEMINI_OAUTH_CLIENT_SECRET=GOCSPX-your-secret
|
|
# GEMINI_CLI_OAUTH_CLIENT_ID=
|
|
GEMINI_OAUTH_CLIENT_SECRET=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
|
|
GEMINI_CLI_OAUTH_CLIENT_SECRET=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
|
|
# ─────────────────────────────────────────────────────────────────────────────
|
|
|
|
# CLAUDE_OAUTH_CLIENT_ID=
|
|
# CODEX_OAUTH_CLIENT_ID=
|
|
# CODEX_OAUTH_CLIENT_SECRET=
|
|
# QWEN_OAUTH_CLIENT_ID=
|
|
# IFLOW_OAUTH_CLIENT_ID=
|
|
IFLOW_OAUTH_CLIENT_SECRET=4Z3YjXycVsQvyGF1etiNlIBB4RsqSDtW
|
|
|
|
# API Key Providers (Phase 1 + Phase 4)
|
|
# Add via Dashboard → Providers → Add API Key, or set here
|
|
# DEEPSEEK_API_KEY=
|
|
# GROQ_API_KEY=
|
|
# XAI_API_KEY=
|
|
# MISTRAL_API_KEY=
|
|
# PERPLEXITY_API_KEY=
|
|
# TOGETHER_API_KEY=
|
|
# FIREWORKS_API_KEY=
|
|
# CEREBRAS_API_KEY=
|
|
# COHERE_API_KEY=
|
|
# NVIDIA_API_KEY=
|
|
|
|
# Embedding Providers (optional — used by /v1/embeddings)
|
|
# NEBIUS_API_KEY=
|
|
# Provider keys above (openai, mistral, together, fireworks, nvidia) also work for embeddings
|
|
|
|
# Timeout settings
|
|
# FETCH_TIMEOUT_MS=120000
|
|
# STREAM_IDLE_TIMEOUT_MS=60000
|
|
|
|
# CORS configuration (default: * allows all origins)
|
|
# CORS_ORIGINS=*
|
|
|
|
# Logging
|
|
# LOG_LEVEL=info
|
|
# LOG_FORMAT=text
|
|
LOG_TO_FILE=true
|
|
# LOG_FILE_PATH=logs/application/app.log
|
|
# LOG_MAX_FILE_SIZE=50M
|
|
# LOG_RETENTION_DAYS=7
|