# Hugging Face Secrets Configuration - Phase 3 Backend ## ๐Ÿ” Current Status **Backend URL**: https://asma-yaseen-evolution-chatbot.hf.space **Status**: โœ… Running (API responds with version 1.0.0) **Git Remote**: `hf https://huggingface.co/spaces/Asma-yaseen/evolution-chatbot` --- ## ๐Ÿ”‘ Required Secrets (MUST be set in HF Space Settings) Go to: https://huggingface.co/spaces/Asma-yaseen/evolution-chatbot/settings Click **"Repository secrets"** tab and add these: ### 1. Database Connection ``` Name: DATABASE_URL Value: postgresql://neondb_owner:npg_9o7LbiyKpwrN@ep-divine-union-ahlsszpq-pooler.c-3.us-east-1.aws.neon.tech/neondb?sslmode=require&channel_binding=require ``` **Why**: Connects to Neon PostgreSQL database for storing tasks, users, conversations --- ### 2. JWT Authentication ``` Name: JWT_SECRET Value: 5Uk7VYMMiWOxhfeU1LCCWey2qQcpp1PX4sxFMQzKhGk= ``` **Why**: Signs and verifies JWT tokens for user authentication ``` Name: JWT_ALGORITHM Value: HS256 ``` **Why**: Algorithm used for JWT signing ``` Name: JWT_EXPIRE_MINUTES Value: 1440 ``` **Why**: JWT token expiration time (1440 = 24 hours) --- ### 3. CORS Configuration ``` Name: CORS_ORIGINS Value: http://localhost:3000,http://localhost:3002,http://127.0.0.1:3000,http://127.0.0.1:3002,https://frontend-qnzzeug89-asma-yaseens-projects.vercel.app,https://frontend-umber-nine-80.vercel.app ``` **Why**: Allows frontend URLs to access backend API (prevents CORS errors) **CRITICAL**: Make sure both Vercel URLs are included: - `https://frontend-qnzzeug89-asma-yaseens-projects.vercel.app` - `https://frontend-umber-nine-80.vercel.app` โœ… (This is your Phase 3 frontend) --- ### 4. AI Configuration (Groq API) ``` Name: GROQ_API_KEY Value: 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 ``` **Why**: FREE API for AI chatbot (GPT-compatible) and voice transcription ``` Name: GROQ_BASE_URL Value: https://api.groq.com/openai/v1 ``` **Why**: Groq API endpoint (OpenAI-compatible) ``` Name: AI_MODEL Value: openai/gpt-oss-20b ``` **Why**: AI model to use for chatbot responses (FREE on Groq) --- ## ๐Ÿ“‹ Secrets Checklist Copy this checklist to verify all secrets are set: - [ ] **DATABASE_URL** - PostgreSQL connection string with Neon - [ ] **JWT_SECRET** - 32+ character random string - [ ] **JWT_ALGORITHM** - HS256 - [ ] **JWT_EXPIRE_MINUTES** - 1440 (24 hours) - [ ] **CORS_ORIGINS** - Includes `frontend-umber-nine-80.vercel.app` - [ ] **GROQ_API_KEY** - Your Groq API key (starts with `gsk_`) - [ ] **GROQ_BASE_URL** - `https://api.groq.com/openai/v1` - [ ] **AI_MODEL** - `openai/gpt-oss-20b` --- ## ๐Ÿงช Testing After Setting Secrets ### 1. Restart Space After adding/updating secrets: 1. Go to Space settings 2. Click **"Factory reboot"** to restart with new secrets ### 2. Test Backend Health ```bash curl https://asma-yaseen-evolution-chatbot.hf.space/ ``` **Expected Response:** ```json { "message": "Evolution Todo API", "status": "running", "version": "1.0.0" } ``` ### 3. Test AI Chat Endpoint ```bash curl -X POST https://asma-yaseen-evolution-chatbot.hf.space/api/YOUR_USER_ID/chat \ -H "Content-Type: application/json" \ -H "Authorization: Bearer YOUR_JWT_TOKEN" \ -d '{ "message": "Add a task to buy milk", "conversation_id": null }' ``` **Expected**: Should return AI response with task creation ### 4. Test from Frontend 1. Go to: https://frontend-umber-nine-80.vercel.app/ 2. Sign in or sign up 3. Go to: https://frontend-umber-nine-80.vercel.app/chat 4. Type: "Add a task to buy groceries tomorrow" 5. Should get AI response --- ## โš ๏ธ Common Issues ### Issue 1: CORS Error in Frontend **Symptom**: Browser console shows CORS policy error **Fix**: Verify `CORS_ORIGINS` includes your exact Vercel URL (including `https://`) ### Issue 2: "Database connection failed" **Symptom**: API returns 500 error or "database error" **Fix**: - Check `DATABASE_URL` is correct - Verify Neon database is running - Ensure `?sslmode=require` is in connection string ### Issue 3: "Invalid token" errors **Symptom**: API returns 401 Unauthorized **Fix**: - Check `JWT_SECRET` is set - Verify `JWT_ALGORITHM` is `HS256` - Frontend may need to re-login to get new token ### Issue 4: AI Chat not working **Symptom**: Chat returns "Error" or "I'm having trouble..." **Fix**: - Verify `GROQ_API_KEY` is set - Check `GROQ_BASE_URL` is correct - Ensure `AI_MODEL` is `openai/gpt-oss-20b` - Check Groq API quota/limits --- ## ๐Ÿ”’ Security Notes 1. **Never commit secrets to git** - `.env` is in `.gitignore` - Only commit `.env.example` with placeholder values 2. **Rotate secrets regularly** - JWT_SECRET: Every 90 days - GROQ_API_KEY: If exposed - DATABASE_URL: If credentials compromised 3. **Use strong JWT secrets** - Minimum 32 characters - Random, not guessable - Generated with: `python -c "import secrets; print(secrets.token_urlsafe(32))"` --- ## ๐Ÿ“ Quick Setup Commands If secrets are missing, add them via HF CLI: ```bash # Install HF CLI (if not already) pip install huggingface-hub # Login huggingface-cli login # Add secret huggingface-cli repo secret add \ Asma-yaseen/evolution-chatbot \ DATABASE_URL \ --value "postgresql://..." # Repeat for each secret... ``` Or manually through web UI (recommended): https://huggingface.co/spaces/Asma-yaseen/evolution-chatbot/settings --- ## โœ… Verification Steps After setting all secrets: 1. **Backend Running**: โœ… (Verified: API responds) 2. **Database Connected**: Test by creating a user via signup 3. **CORS Configured**: Test from frontend (no CORS errors) 4. **AI Working**: Test chat endpoint returns responses 5. **Voice Working**: Test transcription endpoint with audio --- **Last Updated**: 2026-01-12 **Backend Version**: 1.0.0 **Status**: Deployed and Running