# Cepheus API — production template (copy to .env, never commit secrets) # HF_TOKEN — local only for CLI/API; set GitHub secret HF_TOKEN for CI deploy CEPHEUS_CLOUD=1 # Local dev face recognition (browser camera + search): keep CI stub OFF # CEPHEUS_CI_STUB_VISION=0 # CEPHEUS_GOSSIP_ROOT=MK # Cloud Run + L4 GPU: set CEPHEUS_GPU_VISION=1 to load YOLO/InsightFace (not the stub). # CEPHEUS_GPU_VISION=1 # Cloud CPU deploys (for example Hugging Face Spaces): force the full vision engine. # CEPHEUS_FORCE_FULL_VISION=1 # InsightFace model pack (must match enrollment embeddings; HF uses buffalo_sc) # FACE_MODEL_PACK=buffalo_sc # FACE_MODEL_ROOT=/app/model_cache # FACE_MATCH_THRESHOLD=0.22 # Force CPU inference even when CUDA is present (local debug): # CEPHEUS_FORCE_CPU=1 CEPHEUS_API_KEY=rotate-me-long-random-key # Optional: document automation key purpose (audit only) # CEPHEUS_API_KEY_SCOPE=guest-sos-automation # Optional: read-only automation key (role readonly on GET routes) # CEPHEUS_READONLY_API_KEY= # Guest mobile app SOS scope (POST /sos/guest) # CEPHEUS_GUEST_API_KEY= # Disable gossip auto-start on API boot (default on for local dev) # CEPHEUS_GOSSIP_AUTO_START=0 # Do not auto-switch gossip root on face detection (manual /gossip/set_root only) GOSSIP_AUTO_ROOT_SWITCH=0 # HF Spaces: anonymous vision/WS (no JWT refresh interruptions) ALLOW_PUBLIC_VISION=1 CEPHEUS_PUBLIC_VISION=1 CEPHEUS_WS_OPEN=1 CEPHEUS_EMBEDDINGS_STARTUP_ONLY=1 CEPHEUS_WS_RECEIVE_TIMEOUT=300 CEPHEUS_JWT_SECRET=rotate-me-jwt-signing-secret-min-32-chars CEPHEUS_AUTH_USERS=[{"username":"admin","password_hash":"$2b$12$...","role":"admin"}] # Local dev only (set matching VITE_API_KEY in cepheus/.env.local): # CEPHEUS_AUTH_DEV_MODE=1 # CEPHEUS_DEV_API_KEY=local-dev-only-key # CEPHEUS_DEV_JWT_SECRET=local-dev-jwt-secret-min-32-chars # CEPHEUS_DEV_AUTH_USERS=[{"username":"admin","password":"admin","role":"admin"},{"username":"staff","password":"staff","role":"staff"}] GEMINI_API_KEY= # Recommended core models (see backend/gemini_config.py) GEMINI_MODEL=gemini-3.5-flash GEMINI_MODEL_PRO=gemini-3.1-pro GEMINI_MODEL_LITE=gemini-3.1-flash-lite CORS_ORIGINS=https://community-security-and-emergency-ma.vercel.app,https://rapid-eec43.web.app,https://rapid-eec43.firebaseapp.com,http://localhost:5173,http://127.0.0.1:5173,http://localhost:5174,http://127.0.0.1:5174 CEPHEUS_ACCESS_TOKEN_TTL=900 CEPHEUS_WS_TICKET_TTL=900 CEPHEUS_REFRESH_TOKEN_TTL=604800 CEPHEUS_PRODUCTION=0 # Demo simulations (issue auto-progress) — dev only, never in production # CEPHEUS_DEMO_MODE=1 # Staff portal dev auto-accept (port 5174) — dev only # VITE_STAFF_AUTO_ACCEPT=1 # Multi-instance Cloud Run: shared refresh token store # REDIS_URL=redis://:password@host:6379/0