github-actions
Deploy to Hugging Face
c794b6b
Raw
History Blame Contribute Delete
2.75 kB
# Cepheus API β€” production template (copy to .env, never commit secrets)
# HF_TOKEN β€” local only for CLI/API; set GitHub secret HF_TOKEN for CI deploy
CEPHEUS_CLOUD=1
# Local dev face recognition (browser camera + search): keep CI stub OFF
# CEPHEUS_CI_STUB_VISION=0
# CEPHEUS_GOSSIP_ROOT=MK
# Cloud Run + L4 GPU: set CEPHEUS_GPU_VISION=1 to load YOLO/InsightFace (not the stub).
# CEPHEUS_GPU_VISION=1
# Cloud CPU deploys (for example Hugging Face Spaces): force the full vision engine.
# CEPHEUS_FORCE_FULL_VISION=1
# InsightFace model pack (must match enrollment embeddings; HF uses buffalo_sc)
# FACE_MODEL_PACK=buffalo_sc
# FACE_MODEL_ROOT=/app/model_cache
# FACE_MATCH_THRESHOLD=0.22
# Force CPU inference even when CUDA is present (local debug):
# CEPHEUS_FORCE_CPU=1
CEPHEUS_API_KEY=rotate-me-long-random-key
# Optional: document automation key purpose (audit only)
# CEPHEUS_API_KEY_SCOPE=guest-sos-automation
# Optional: read-only automation key (role readonly on GET routes)
# CEPHEUS_READONLY_API_KEY=
# Guest mobile app SOS scope (POST /sos/guest)
# CEPHEUS_GUEST_API_KEY=
# Disable gossip auto-start on API boot (default on for local dev)
# CEPHEUS_GOSSIP_AUTO_START=0
# Do not auto-switch gossip root on face detection (manual /gossip/set_root only)
GOSSIP_AUTO_ROOT_SWITCH=0
# HF Spaces: anonymous vision/WS (no JWT refresh interruptions)
ALLOW_PUBLIC_VISION=1
CEPHEUS_PUBLIC_VISION=1
CEPHEUS_WS_OPEN=1
CEPHEUS_EMBEDDINGS_STARTUP_ONLY=1
CEPHEUS_WS_RECEIVE_TIMEOUT=300
CEPHEUS_JWT_SECRET=rotate-me-jwt-signing-secret-min-32-chars
CEPHEUS_AUTH_USERS=[{"username":"admin","password_hash":"$2b$12$...","role":"admin"}]
# Local dev only (set matching VITE_API_KEY in cepheus/.env.local):
# CEPHEUS_AUTH_DEV_MODE=1
# CEPHEUS_DEV_API_KEY=local-dev-only-key
# CEPHEUS_DEV_JWT_SECRET=local-dev-jwt-secret-min-32-chars
# CEPHEUS_DEV_AUTH_USERS=[{"username":"admin","password":"admin","role":"admin"},{"username":"staff","password":"staff","role":"staff"}]
GEMINI_API_KEY=
# Recommended core models (see backend/gemini_config.py)
GEMINI_MODEL=gemini-3.5-flash
GEMINI_MODEL_PRO=gemini-3.1-pro
GEMINI_MODEL_LITE=gemini-3.1-flash-lite
CORS_ORIGINS=https://community-security-and-emergency-ma.vercel.app,https://rapid-eec43.web.app,https://rapid-eec43.firebaseapp.com,http://localhost:5173,http://127.0.0.1:5173,http://localhost:5174,http://127.0.0.1:5174
CEPHEUS_ACCESS_TOKEN_TTL=900
CEPHEUS_WS_TICKET_TTL=900
CEPHEUS_REFRESH_TOKEN_TTL=604800
CEPHEUS_PRODUCTION=0
# Demo simulations (issue auto-progress) β€” dev only, never in production
# CEPHEUS_DEMO_MODE=1
# Staff portal dev auto-accept (port 5174) β€” dev only
# VITE_STAFF_AUTO_ACCEPT=1
# Multi-instance Cloud Run: shared refresh token store
# REDIS_URL=redis://:password@host:6379/0