| # Cepheus API β production template (copy to .env, never commit secrets) | |
| # HF_TOKEN β local only for CLI/API; set GitHub secret HF_TOKEN for CI deploy | |
| CEPHEUS_CLOUD=1 | |
| # Local dev face recognition (browser camera + search): keep CI stub OFF | |
| # CEPHEUS_CI_STUB_VISION=0 | |
| # CEPHEUS_GOSSIP_ROOT=MK | |
| # Cloud Run + L4 GPU: set CEPHEUS_GPU_VISION=1 to load YOLO/InsightFace (not the stub). | |
| # CEPHEUS_GPU_VISION=1 | |
| # Cloud CPU deploys (for example Hugging Face Spaces): force the full vision engine. | |
| # CEPHEUS_FORCE_FULL_VISION=1 | |
| # InsightFace model pack (must match enrollment embeddings; HF uses buffalo_sc) | |
| # FACE_MODEL_PACK=buffalo_sc | |
| # FACE_MODEL_ROOT=/app/model_cache | |
| # FACE_MATCH_THRESHOLD=0.22 | |
| # Force CPU inference even when CUDA is present (local debug): | |
| # CEPHEUS_FORCE_CPU=1 | |
| CEPHEUS_API_KEY=rotate-me-long-random-key | |
| # Optional: document automation key purpose (audit only) | |
| # CEPHEUS_API_KEY_SCOPE=guest-sos-automation | |
| # Optional: read-only automation key (role readonly on GET routes) | |
| # CEPHEUS_READONLY_API_KEY= | |
| # Guest mobile app SOS scope (POST /sos/guest) | |
| # CEPHEUS_GUEST_API_KEY= | |
| # Disable gossip auto-start on API boot (default on for local dev) | |
| # CEPHEUS_GOSSIP_AUTO_START=0 | |
| # Do not auto-switch gossip root on face detection (manual /gossip/set_root only) | |
| GOSSIP_AUTO_ROOT_SWITCH=0 | |
| # HF Spaces: anonymous vision/WS (no JWT refresh interruptions) | |
| ALLOW_PUBLIC_VISION=1 | |
| CEPHEUS_PUBLIC_VISION=1 | |
| CEPHEUS_WS_OPEN=1 | |
| CEPHEUS_EMBEDDINGS_STARTUP_ONLY=1 | |
| CEPHEUS_WS_RECEIVE_TIMEOUT=300 | |
| CEPHEUS_JWT_SECRET=rotate-me-jwt-signing-secret-min-32-chars | |
| CEPHEUS_AUTH_USERS=[{"username":"admin","password_hash":"$2b$12$...","role":"admin"}] | |
| # Local dev only (set matching VITE_API_KEY in cepheus/.env.local): | |
| # CEPHEUS_AUTH_DEV_MODE=1 | |
| # CEPHEUS_DEV_API_KEY=local-dev-only-key | |
| # CEPHEUS_DEV_JWT_SECRET=local-dev-jwt-secret-min-32-chars | |
| # CEPHEUS_DEV_AUTH_USERS=[{"username":"admin","password":"admin","role":"admin"},{"username":"staff","password":"staff","role":"staff"}] | |
| GEMINI_API_KEY= | |
| # Recommended core models (see backend/gemini_config.py) | |
| GEMINI_MODEL=gemini-3.5-flash | |
| GEMINI_MODEL_PRO=gemini-3.1-pro | |
| GEMINI_MODEL_LITE=gemini-3.1-flash-lite | |
| CORS_ORIGINS=https://community-security-and-emergency-ma.vercel.app,https://rapid-eec43.web.app,https://rapid-eec43.firebaseapp.com,http://localhost:5173,http://127.0.0.1:5173,http://localhost:5174,http://127.0.0.1:5174 | |
| CEPHEUS_ACCESS_TOKEN_TTL=900 | |
| CEPHEUS_WS_TICKET_TTL=900 | |
| CEPHEUS_REFRESH_TOKEN_TTL=604800 | |
| CEPHEUS_PRODUCTION=0 | |
| # Demo simulations (issue auto-progress) β dev only, never in production | |
| # CEPHEUS_DEMO_MODE=1 | |
| # Staff portal dev auto-accept (port 5174) β dev only | |
| # VITE_STAFF_AUTO_ACCEPT=1 | |
| # Multi-instance Cloud Run: shared refresh token store | |
| # REDIS_URL=redis://:password@host:6379/0 | |