scripts/README.md

# Setup Scripts

Utilities for initial setup and configuration validation.

## Environment Configuration

### `check_env_config.py` ⭐
**Validate your entire environment configuration before running the app.**

```bash
# Check configuration and show warnings
python scripts/setup/check_env_config.py

# Strict mode - exit with error if any issues found
python scripts/setup/check_env_config.py --strict
```

**What it checks:**
- ✅ Required variables (JWT_SECRET, CORS_ORIGINS, Google OAuth)
- ⚠️ Recommended variables (Gemini API, Razorpay, etc.)
- ⚙️ Configuration values (token expiry, rate limits)
- 🔒 Security issues (production CORS, HTTPS)

**Run this before:**
- First time setup
- Deploying to production
- After changing .env file

---

## Secret Generation

### `generate_jwt_secret.py`
Generate cryptographically secure JWT secret keys.

```bash
# Basic usage
python scripts/setup/generate_jwt_secret.py

# Custom length
python scripts/setup/generate_jwt_secret.py --length 128

# Different output formats
python scripts/setup/generate_jwt_secret.py --format docker
python scripts/setup/generate_jwt_secret.py --format export
python scripts/setup/generate_jwt_secret.py --format raw
```

Add the generated secret to your `.env` file as `JWT_SECRET`.

---

## OAuth Setup

### `get_google_token.py`
Generate Google OAuth refresh tokens for Gmail and Drive services.

```bash
python scripts/setup/get_google_token.py
```

**Prerequisites:**
1. Download OAuth 2.0 credentials from [Google Cloud Console](https://console.cloud.google.com/apis/credentials)
2. Save as `client_secret.json` in project root
3. Run the script and follow browser authentication flow

**Outputs:**
- `GOOGLE_CLIENT_ID`
- `GOOGLE_CLIENT_SECRET`
- `GOOGLE_REFRESH_TOKEN`

Add these to your `.env` file.