๐Ÿ“ฆ EqualifyEverything / equalify-reflow

equalify-reflow / .env.example
๐Ÿ“„ .env.example ยท 227 lines 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227# Equalify Reflow - Environment Variables Template
# Copy this file to .env.dev or .env.prod and fill in the values

# ============================================================================
# AI Model Backend
# ============================================================================
# The pipeline routes all agent calls through a single backend. You can use
# either Anthropic direct (simplest for contributors โ€” just an API key) or
# AWS Bedrock (current production backend โ€” needs AWS credentials).
#
# Leave AI_PROVIDER unset for auto-detect: if ANTHROPIC_API_KEY is set below,
# the pipeline uses Anthropic direct; otherwise it falls back to Bedrock.
#
# AI_PROVIDER=anthropic    # Force Anthropic direct (requires ANTHROPIC_API_KEY)
# AI_PROVIDER=bedrock      # Force AWS Bedrock (requires AWS credentials)
#
# Get an Anthropic API key at: https://console.anthropic.com/settings/keys
ANTHROPIC_API_KEY=

# ============================================================================
# AWS Configuration
# ============================================================================
# Note: AWS_ENDPOINT_URL, AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY are set
# in docker-compose.yml for containers only (not in .env to avoid conflicts
# with host AWS CLI which uses profiles)

# AWS Profile for HOST operations (deployment scripts, aws-* make commands)
# This is NOT used by Docker containers (they use Floci for S3 emulation)
# Set this to your AWS SSO profile name from ~/.aws/config.
# Only required if you're using Bedrock (AI_PROVIDER=bedrock or auto-detect
# with no ANTHROPIC_API_KEY set above).
AWS_PROFILE=default

AWS_DEFAULT_REGION=us-east-1

# ============================================================================
# S3 Bucket Configuration
# ============================================================================
# Temporary storage for uploaded PDFs (dev: equalify-pdf-temp, prod: equalify-pdf-temp)
S3_TEMP_BUCKET=

# Storage for processed HTML results (dev: equalify-pdf-results, prod: equalify-pdf-results)
S3_RESULTS_BUCKET=

# ============================================================================
# Redis Configuration
# ============================================================================
# Redis connection URL
REDIS_URL=redis://redis:6379

# Redis queue names (using eq-pdf: prefix)
REDIS_QUEUE_PII=eq-pdf:queue:pii
REDIS_QUEUE_APPROVAL=eq-pdf:queue:approval
REDIS_QUEUE_PROCESSING=eq-pdf:queue:processing

# Redis timeout tracking
REDIS_TIMEOUT_SET=eq-pdf:timeouts:approval

# Redis memory limits (production only)
REDIS_MAXMEMORY=2gb
REDIS_MAXMEMORY_POLICY=allkeys-lru

# ============================================================================
# Application Configuration
# ============================================================================
# Environment name (development/production)
ENVIRONMENT=

# Logging level (DEBUG/INFO/WARNING/ERROR)
LOG_LEVEL=

# ============================================================================
# API Gateway Configuration
# ============================================================================
# API Gateway port
API_PORT=8080

# API Gateway host
API_HOST=0.0.0.0

# ============================================================================
# API Authentication Configuration
# ============================================================================
# Enable API key authentication for API endpoints
ENABLE_API_KEY_AUTH=true

# Header name for API key authentication
API_KEY_HEADER_NAME=X-API-Key

# Comma-separated list of valid API keys
# Generate secure keys: python -c "import uuid; print(f'uic-{uuid.uuid4()}')"
API_KEYS=your-secret-key-here

# ============================================================================
# PII Detection Configuration (Microsoft Presidio)
# ============================================================================
# Enable/disable PII detection
PII_DETECTION_ENABLED=true

# PII confidence threshold (0.0-1.0)
PII_CONFIDENCE_THRESHOLD=0.7

# ============================================================================
# Processing Configuration
# ============================================================================
# Maximum document size in MB
MAX_DOCUMENT_SIZE_MB=50

# Maximum pages per document
MAX_PAGES=40

# Processing timeout in seconds
PROCESSING_TIMEOUT=480

# PDF Image Processing
# Scale factor for PDF page image generation (1.0-3.0)
# 1.5x (108 DPI) is optimal for Claude vision API
# 2.0x (144 DPI) may be needed for complex diagrams
PDF_IMAGES_SCALE=1.5

# ============================================================================
# Approval Workflow Configuration
# ============================================================================
# Approval timeout in seconds (default: 7 days)
APPROVAL_TIMEOUT=604800

# Auto-approve high confidence documents (>85%)
AUTO_APPROVE_HIGH_CONFIDENCE=false

# ============================================================================
# AI Processing Configuration (AWS Bedrock)
# ============================================================================
# AI Provider (only "bedrock" is supported)
AI_PROVIDER=bedrock

# AWS region for Bedrock service
BEDROCK_REGION=us-east-1

# Model Selection
# Note: Model selection is hardcoded in src/agents/model_tiers.py
# Uses Claude 4.5 inference profiles for cross-region routing:
# - REASONING tier: Claude Sonnet 4.5 (analysis, consolidation)
# - EFFICIENT tier: Claude Haiku 4.5 (transcription, bulk work)

# Claude model settings
# Maximum tokens for AI responses
CLAUDE_MAX_TOKENS=4096

# Temperature for AI responses (0.0-2.0, lower = more focused)
CLAUDE_TEMPERATURE=0.2

# --- AI Processing Settings ---
# Maximum concurrent pages to process
MAX_CONCURRENT_PAGES=5

# Retry attempts for failed pages
PAGE_RETRY_ATTEMPTS=3

# Confidence thresholds for quality scoring
CONFIDENCE_THRESHOLD_HIGH=0.85
CONFIDENCE_THRESHOLD_MEDIUM=0.60

# ============================================================================
# Canvas LMS / LTI 1.3 Integration
# ============================================================================
# Enable LTI 1.3 integration endpoints
LTI_ENABLED=false

# Canvas LMS instance URL (issuer for LTI)
# Example: https://canvas.instructure.com or https://yourschool.instructure.com
LTI_ISSUER=

# Canvas Developer Key client ID
# Get this from Canvas Admin โ†’ Developer Keys โ†’ New LTI Key
LTI_CLIENT_ID=

# Canvas deployment ID (usually same as client_id, or found in deployment settings)
LTI_DEPLOYMENT_ID=

# Canvas OIDC/OAuth URLs (replace canvas.instructure.com with your Canvas instance)
LTI_AUTH_LOGIN_URL=https://canvas.instructure.com/api/lti/authorize_redirect
LTI_AUTH_TOKEN_URL=https://canvas.instructure.com/login/oauth2/token
LTI_JWKS_URL=https://canvas.instructure.com/api/lti/security/jwks

# Tool RSA key paths (for signing JWTs)
# Generate keys with: python -m src.lti.keys generate
LTI_PRIVATE_KEY_PATH=/app/keys/lti_private.pem
LTI_PUBLIC_KEY_PATH=/app/keys/lti_public.pem

# Canvas API URL (for file downloads, optional)
CANVAS_API_URL=

# LTI state TTL in seconds (default: 600 = 10 minutes)
LTI_STATE_TTL_SECONDS=600

# ============================================================================
# Equalify Platform Integration
# ============================================================================
# Equalify webhook secret for authentication
EQUALIFY_WEBHOOK_SECRET=

# Equalify API URL
EQUALIFY_API_URL=

# ============================================================================
# Floci Configuration (Development Only)
# ============================================================================
# Quarkus debug mode for the floci container
DEBUG=0

# ============================================================================
# Monitoring and Metrics
# ============================================================================
# Enable CloudWatch logging
CLOUDWATCH_ENABLED=false

# CloudWatch log group
CLOUDWATCH_LOG_GROUP=/equalify-reflow

# Metrics collection interval in seconds
METRICS_INTERVAL=60

# Feedback Service (optional - set URL and enabled=true to activate)
FEEDBACK_ENABLED=false
FEEDBACK_SERVICE_URL=
FEEDBACK_SERVICE_API_KEY=