# Kiwi — environment variables
# Copy to .env and fill in values

# API
API_PREFIX=/api/v1
CORS_ORIGINS=http://localhost:5173,http://localhost:8509

# Storage
DATA_DIR=./data

# Database (defaults to DATA_DIR/kiwi.db)
# DB_PATH=./data/kiwi.db

# Pipeline data directory for downloaded parquets (used by download_datasets.py)
# Override to store large datasets on a separate drive or NAS
# KIWI_PIPELINE_DATA_DIR=./data/pipeline

# CF-core resource coordinator (VRAM lease management)
# Set to the coordinator URL when running alongside cf-core orchestration
# COORDINATOR_URL=http://localhost:7700
# IP this machine advertises to the coordinator (must be reachable from coordinator host)
# CF_ORCH_ADVERTISE_HOST=10.1.10.71

# Processing
USE_GPU=true
GPU_MEMORY_LIMIT=6144
MAX_CONCURRENT_JOBS=4
MIN_QUALITY_SCORE=50.0

# Feature flags
ENABLE_OCR=false

# Runtime
DEBUG=false
CLOUD_MODE=false
DEMO_MODE=false

# Cloud mode (set in compose.cloud.yml; also set here for reference)
# CLOUD_DATA_ROOT=/devl/kiwi-cloud-data
# KIWI_DB=data/kiwi.db   # local-mode DB path override
# DEV ONLY: bypass JWT auth for these IPs/CIDRs (LAN testing without Caddy in the path).
# NEVER set in production.
# IMPORTANT: Docker port mapping NATs source IPs to the bridge gateway. When hitting
# localhost:8515 (host → Docker → nginx → API), nginx sees 192.168.80.1, not 127.0.0.1.
# Include the Docker bridge CIDR to allow localhost and LAN access through nginx.
# Run: docker network inspect kiwi-cloud_kiwi-cloud-net | grep Subnet
# Example: CLOUD_AUTH_BYPASS_IPS=10.1.10.0/24,127.0.0.1,::1,192.168.80.0/20
# CLOUD_AUTH_BYPASS_IPS=

# Heimdall license server (required for cloud tier resolution)
# HEIMDALL_URL=https://license.circuitforge.tech
# HEIMDALL_ADMIN_TOKEN=

# Directus JWT (must match cf-directus SECRET env var)
# DIRECTUS_JWT_SECRET=